Payouts Generated From Sextortion Scams End up in Another Round of Frauds, New Study Reveals

  • Millions of sextortion spam messages, sent between September 2019 and January 2020, had generated nearly $500,000 in profit for online scammers.
  • However, the extorted funds were used to support illicit activities such as transacting on dark web marketplaces, gambling, and buying stolen credit card data.

A new study by researchers from Sophos has revealed that millions of sextortion spam messages, sent between September 1, 2019, and January 31, 2020, had generated nearly a half-million US dollars in profit for online scammers. This particular type of fraud attempts to capitalize on the behavior of people watching adult content.

What a sextortion scam looks like?

A usual sextortion scam begins with recipients receiving messages that warn them that their computers have been hacked and that the sender has captured videos of them visiting adult websites. The messages further threaten to share the videos with targets’ friends if they do not pay ransoms - which often are in bitcoins.

During the timeframe observed by researchers, victims were asked to pay up to $800 in BTC to wallet addresses controlled by the fraudsters. The sextortion scams had employed botnets to compromise PCs worldwide to send out spam messages. A majority of these emails were sent in English, while the remaining were sent in Italian, German, French, and Chinese.

How have these scams evolved?

Researchers highlighted that some of these sextortion spam messages used new obfuscation methods to evade detection from anti-spam software. Some of the methods included:
  • Breaking up the words with invisible, random strings;
  • Using encoded non-ASCII characters that looked similar to regular characters;
  • Using invisible white garbage text to break up the message text; and 
  • Concealing the text message in HTML style tags.

In addition to the obfuscated threat, each of these emails cashes in on victims’ fears to siphon off money from them.

What happens to dirty coins generated in scams?

The Sophos’ research team, along with CipherTrace, analyzed around 328 wallet addresses held by scammers to track the flow of money. These wallets were used to pull in an estimated $3,100 a day from victims, which were later cycled every 15 days or so.

During their investigation, the researchers found that the extorted funds were used to support illicit activities such as transacting on dark web marketplaces, gambling, and buying stolen credit card data. Other funds were quickly moved through a series of wallet addresses to be consolidated, put through ‘mixers’ in an attempt to launder the transactions, or convert into hard cash.

It was further disclosed that Cryptocurrency exchanges including Binance, LocalBitcoins, and Coinpayments were used to clean up dirty trails of funds generated from sextortion campaigns.

Final words

The payouts from sextortion campaigns are being used by cybercriminals to fund another round of scams and frauds. A robust approach to prevent such scams is essential. Since the sextortion campaigns are fueled using usernames and passwords leaked from previous data breaches, people should consider changing their credentials frequently. In addition, they should also go through the guidelines recommended by the Federal Bureau of Investigation (FBI) to avoid becoming a victim.