"Sextortion" Scam Warning

Another warning regarding “sextortion” scams.


This one has been around for a while.


Another article warning about “sextortion” scams.


Another article regarding sextortion scams.


And the warning from Scamwatch.



I have had a few of these over the last few years. But with a twist.
The first one I received freaked me out.

In the email were the words ‘I know your password’. And there it was.
And that was the password I used for a number of logons including Facebook and my Internet banking.
So I took it seriously and immediately found and changed every password using a computer I knew could not be compromised.
A day later Facebook emailed me that a number of unsuccessful attempts had been made to log on to my account. FB is one that uses your email address as logonid.
As does Choice online.

So, be aware. Some of these scams need you to act, and not just ignore them.


Quite so in some cases but by no means all.

I suspect the “I have photos from your web camera” scam is often, maybe always, a bluff that doesn’t have any images and just assumes you have a functional camera. I have received one of these and I am very sure my web camera is dysfunctional until I enable it, not to mention I don’t get up to anything very interesting in that room anyway. Images of my body have zero resale value I can assure you. Like many types of scams this one plays on the probability that many people have a guilty secret or (as in the Nigerian scam) are prepared to do something not quite kosher if they think they can get away with it.

Do we have any members who have received this attack who do not have a web camera at all?

This is like the callers who claim your computer is ‘malfunctioning and getting accessed by bad people on the internet’ whose script assumes you have Windows. They just plough on even if you have a Mac or some other OS and write off the failures. The reality is that they do not have access to your computer but are showing you benign but obscure standard features of Windows (error logs) to look like they do. Everybody has warnings on their log but to the uninitiated to be shown such things, if you are not aware of them, looks like they know something real about your machine.

All the internet scams to obtain money by deception rely on elements of:

  • sufficiently probable success (eg most have Windows) to seem omniscient or to hit as many targets as possible firing blind,
  • assessing human behaviour (eg many targets have something to hide, almost all will listen to be polite for a while)
  • and bluff which requires acting as if they are more powerful than they are to get some leverage. A minority are not bluffing which helps the scare tactics of the others.

Yes, we have had the webcam scam…and don’t have a webcam. Like all scams, if they spray their emails far and wide, invariably it will land in the inbox of someone who gets sucked in.

1 Like

This is badness. Low tech users will only have one email address and therefore the email address should never be used as the username. That is the starting point for cybercriminals (and others) to tie disparate accounts together, and hence spread a compromise of your login at one site to a compromise of your login at other sites.

This seems to be a choice by Choice i.e. is not an unavoidable feature of the Discourse forum software.



I guess I don’t have to tell you that that is so wrong.

I recommend using an external webcam that can be unplugged when not in use.

If you can’t or don’t use an external webcam then you ought to use a computer where the built-in webcam has a kill switch - so that it can be electrically disabled when not in use (which means that even if the extortionist does have complete remote control over your computer, photos and videos cannot be captured).

If you don’t have a kill switch on your built-in webcam then a cardboard flap is the low tech solution.

1 Like

As I said @person, when I saw my password compromised, I set about fixing my lazy ways of userid and password management. Immediately.

I make sure that any logon I have that is an email address has a unique password now.
If I get pwned again, I will know exactly which site leaked.

1 Like

Unique email address too, where possible.

I have one but it is only plugged in for Video Conferencing and then unplugged. It is never used other than those very specific times and the feed is encrypted during that use. They can sell all the pics they like of my face to whomever wishes to have it but I assure you it would appeal to only my partner and very very few others.

I use a very sophisticated method of disabling my camera. A piece of cardboard over the forward facing camera on all my devices. Flipped only when I need to use it.

Mine has an integrated Mic so I unplug rather than try to block possible sound recording that could still occur with the lens blocked.

1 Like

Not that easy when you have an RSP that only allows a few email addresses. Mine allows a max of 5.
Much better would be the Internet site to assign you a unique logonid, and not use an email address at all.

OK but you can get unlimited “free” email addresses from any number of other sites.

Yes (that or let you choose a unique logon id, which you will probably have more luck remembering).

Hence why I queried Choice’s choice in this matter!

1 Like