publishing date icon
October 29, 2021
read time icon
5 min. read

Porn scams, Ooh la la

Author image
Eetu Lehto
Junior Threat Analyst
facebook iconLinkedin iconTwitter icon
Post hero image

Let’s talk about porn scams, also known as sextortion attacks

People do all kinds of things in the privacy of their own homes. Some activities, like cooking, they are willing to share; and others... less so. Viewing adult websites falls firmly into the “not keen on sharing” category. And Oh la la, imagine the fear and humiliation of being threatened in an email message with: “I know what you looked at last night. And I recorded you doing it.”

But whenever there is a ripe opportunity to manipulate people's emotions, you can be sure that it will fuel a phishing campaign. This article tells you what you need to know about porn scams / sextortion attacks, and shows you how to stay Off the Hook!

What are we seeing?

Porn scams, also called sextortion emails, follow a common thread from phishing hook to payout. Often the threat of exposing the user’s colorful browsing history is in the email body itself, but it is not uncommon to see the threat text in an attachment or behind a link. The text itself usually looks pretty much the same from email to email: The user is told they have a virus installed on their computer that has been:

  • Following everything they do on their computer
  • Recording their internet browsing and messaging history
  • Reading their emails
  • And, most disturbing (but still false), filming the user--er, “watching” porn--via their webcam

Sometimes, the attacker includes seemingly sensitive information in the threat, such as an old password connected to the user’s email (which was likely purchased on the dark web following a mass breach). The attacker instructs the user to send money to a bitcoin wallet address to prevent the posting of humiliating search history and videos to the user’s contacts and social media. The message also claims the “virus” is so well-made that it cannot be detected by any antivirus software, so when the user runs an antivirus scan on their computer nothing shows up.

Oh la la! Of course all of this is just a pack of lies. In reality, there is no such virus on the user’s machine. That’s why antivirus programs won’t raise any alarms. There is nothing to be alarmed about.

We lack statistics on how many people have fallen victim to this campaign but what has been interesting to see is how much the extortion payment demands have risen. The first of these types of attacks we saw were asking for something between $200 to $300. Rising bit by bit, demands now are hanging around $1200 - $2000.

This attack is not very targeted. Sent out in vast campaigns, it relies on very common facts such as web cameras and email addresses. Many people have a web camera integrated in their laptops and this might be seen as a risk by some users. The porn attack relies on the fact that statistically there is a high probability it will reach a consumer of pornography. Thinking the sextortion threat is real and targeted to them, someone will pay the demanded amount.

Because this is such a touchy subject, many can feel too ashamed to speak up and seek help. Desperate and alone, they will just pay the attacker instead of asking for assistance from their IT department or the authorities, and risking public humiliation. This is exactly what the attacker wants. While this is an obvious scam for some, others might not be willing to discuss a sextortion email with anyone; particularly if they happened to receive it not long after surfing porn.

What does a porn sam / sextortion email look like?

The example below includes the user’s email address in the message. This doesn’t mean that it is targeted to the user directly, as it is very simple to have a bot send out these messages with the email address pasted in the right section.

Porn scams sextortion 1

Some messages have more complicated text with more technical stuff, like here:

Porn scams sextortion 2

A more techno-savvy porn scam message

These types of messages can be more convincing because that technical knowledge lends a sense of authority to the attacker. It sounds like they know what they’re doing. For some users, this message might represent how a “hacker” could operate.

Useful tips

First off, you should use your work computer only for work; reserve personal browsing--especially on adult sites--for your own computer. However, if you think you might have fallen victim to some kind of virus or attack after browsing potentially malicious adult sites, you should always inform whoever handles device security in your company. They are there to help, not to judge. If a virus was downloaded an has been spying on you, it could possibly spread through your network, whereupon it becomes highly dangerous for the whole company. The leaking of customer and other company data is one of the worst things to happen in a company.

Next, remember that porn scams and sextortion threats are not to be taken seriously. If someone anonymously blackmails you on the internet about your browsing history, it’s a hoax with which you should never engage, and certainly do not pay them anything. Once they have you on the hook, you may ultimately become their golden goose to whom they’ll keep returning.

If you are going to visit an adult site and you want a little peace of mind, think about approaching it the way you would practice safe sex on a one-night-stand. Use the digital version of strong prophylactics and some common sense safe choices:

  • Use a VPN to more efficiently hide your transferred data
  • Use anti-virus software (especially when visiting porn sites, which are notoriously dodgy)
  • Make sure your browser is updated to the most recent version; otherwise it’s like using an expired condom full of holes
  • Cover your web camera. There are a lot of different ways to do it, from plastic sliders to post-it notes
  • Do not click on weird links
  • Do not download anything you are not sure of what it is
  • One should not visit any sites that seem suspicious even for the porn industry; keep it with the big names
  • While visiting trustworthy porn sites, the user should never click any links from 3rd parties, i.e. comments, user bios, ad pop-ups, etc.
  • Again, never download something unless you are CERTAIN that it is safe. Porn-related file names are good bait for spreading malware

Many are already a little red-faced about having visited a porn site, and are thus emotionally triggered by a porn scam. But most times, if not every time, sextortion threats are only that: threats. Relax and think about your clicks. Be safe and stay off the hook!

Hoxhunt response

Our Threat Analysis Team examines tens of thousands of reported phishing emails, including ones like these, a week–and have captured tens of millions of threats to date. Working together with our powerful machine learning model, they cluster the threats, rate them, and incorporate the nasty ones into our training simulations in real time to ensure our training stays at the cutting edge of the constantly-evolving threat landscape. Hoxhunt users are thus drilled on spotting and reporting the latest actual threats making the rounds, removing potentially catastrophic threats from your system with every push of the Hoxhunt reporting button. Read more to learn how to equip your employees with the awareness training that will protect your company from phishing scams.

Subscribe to our newsletter