How Do People Become A Victim Of Sextortion?

sextortion

This is a blog post by Selcen King, Marketing Director of PlatformDating.

We will show you how easy it is to get someone’s personal information from their online dating account.

  • You don’t need to be a hacker. Any one can do this.
  • We recommend you try to hack your own data to assess your own level of risk

Sextortion : A cybersex crime

Sex and extortion make the word sextortion, so I think that gives you a good idea what it means? It’s not something good, it’s not something sexy, it’s organised criminal gangs that want to blackmail you as a result of your online dating activity.

The blackmail material

The basic process the criminals use is to get pictures or video of you naked or performing sexual acts and then blackmail you with the threat of sharing the data to your friends, family and work colleagues. Online dating users are often too willing to share intimate material with someone they hardly know.

How to they get the sexual material

If you upload a naked picture then it’s really simple for the blackmailer to download and store it. A dating site may provide the exchange of private pictures so the blackmailer will try and befriend you in the hope that you grant access. A webcam session is also another route the blackmailer can use to get the material. The scammer will use screen recording software to make a video from your private cam session.

In all of these examples you are willingly giving away the material. The scammer may try to hack the database of the dating site or try and locate a protected area of the site that stores images. This is harder to do and requires a lot more skill but some of the largest dating sites in the world have been victims of these types of attacks.

How they get your contacts

Having the images or video is only half of the process. The criminal now needs to get details of your friends, co-workers and family. An advanced method is to get you to install an app which steals your contacts directly from your smart phone. They will claim the app helps improve video or sound quality when they talk with you. A similar process can be done with desktop computers via email attachments. The scammer could email you an infected file. At this stage they will not care about talking more, they want your contacts so they can start the blackmail process.

However, a much simpler and more frighting method is mining data that you have given away to other sites. Anyone can do this with almost no computer skills at all. A scammer can connect up information you share with them and the data you have posted on social networks. This is very simple to do. Many people use the same sets of photos on their dating profiles, Facebook page, Twitter account, LinkedIn page etc. Facebook, Twitter and LinkedIn are indexed within Google publicly and Google also provides an image search option. All a blackmailer needs to do is drag and drop your image into a Google image search and see what comes up. If Google returns any of your social network accounts then they now have your compromising images and access to your friends and work colleagues.

A real-life example

To stress how exposed you may be, we will connect a dating profile and a public social network account as an example. We have hidden the identity of the user but this is a real example.

Step 1:
On the dating site perform an image search and drag a drop images into Google until you get a hit. It took about 4 minutes to find a good candidate.

drag and drop images

Images within dating site (obscured for data protection). This example used the image highlighted in yellow.
Step 2:
Visit the pages returned by Google and look for useful information. In this case we didn’t find a Facebook page, but we did find a network called ink361.com which allows you to share Instagram pictures. The user had given their real name on the ink361 page (and why wouldn’t you).Google image search results

Results from a Google image search. Even though we have pixilated the images for privacy you can see that the image in step 1 matches the images in step 2.

ink361 search results

One of the user’s social networking pages. This included their real name.

Step 4:
Search Google for the users real name and see what additional results are returned. In this particular case the user had a very unique name which made the process incredibly easy. Within 60 seconds we had thier Facebook, Vimeo, Twitter, Youtube and Pinterest accounts.

users facebook account

The user’s Facebook account and details of over 800 friends.

Step 4:
Collect the data. In this case the user had 828 Facebook friends and 154 Twitter followers. Facebook also told us the user’s job, home town, birth town and fact that they studied abroad in 2013.

Step 5:
We stopped there but this is what would happen next. Contact the user on the dating site with a fake profile. Ideally an attractive girl in the same/local city with similar interests.

Step 6:
Ask to swap sexy pictures or have a live cam session.

Step 7:
Blackmail the user.

If you get blackmailed

If you end up in the unfortunate position of being blackmailed then maybe you should not pay any money. If you pay you have no guarantee that the scammer will delete the data. They are more likely to wait a few weeks and then ask you for more money. You should also report this to your local police station and dating/social networking sites.

How to minimise the risk

We hope that in reading this you feel worried and concerned? If you do, then we have done our job in warning you of the dangers. So what can do to protect yourself. It’s not too late so act now.

The main risk is the relationship between your dating site profile and your social networking accounts. It may not be practical to mask the data on your social networking accounts, as it’s likely you have been giving away your personal information for years and may be on sites that you don’t remember or use any more. Therefore, break the connection between your dating profile and social pages by being anonymous on your dating profile. Here are some suggestions:

  • Pick a username that doesn’t have any personal data, for example, coolguy86.
  • Use a different set of pictures for you social network accounts and your online dating accounts.
  • Only share images you’re happy for the world to see.
  • Share naked images that don’t have your head / face.
  • Use a dating site that doesn’t require any personal information.
  • Refrain from video cybersex, use text only.

Summary

Social networking sites are the main risk to this type of attack. Do you really need to use them? Do you really need to share so much personal information? Be careful what you expose to other members of dating sites!

The future

Google image search at the moment works mainly on identical pairs of images rather than true facial recognition. Other companies such as Facebook have discussed options of true facial recognition being embedded within their systems. This would potentially allow a cyber criminal to upload your picture into their own account and use tags to find your account. It would no longer need an exact image pair. If / when this becomes part of the internet you will really need to consider if you should share any intimate pictures at all. Act now and clean up your social network and dating profiles to reduce your risk before your privacy is truly gone forever.

Consider sharing this with anyone you know who uses online dating and social networks.