National Cyber Security Centre
NCSC’s advice in response to the increase in sextortion scams
Advice from the National Cyber Security Centre in response to the increase in sextortion scams.
Sextortion scams are a type of phishing attack whereby people are coerced to pay a BitCoin ransom because they have been threatened with sharing video of themselves visiting adult websites. These scams are made to appear all the more credible because they provide seemingly plausible technical details about how this was achieved, and the phish can sometimes also include the individual’s password.
Phishes are designed to play on people’s emotions so that they will behave in a way which is out of character, and scams such as this are no different. The phisher is gambling that enough people will respond so that their scam is profitable; they do not know if you have a webcam, have been visiting adult websites, or the means by which you communicate with people – in short, they are guessing. The phisher hopes to emotionally trigger people so that they will ‘take the bait’ and pay the ransom – a typical modus operandi.
What to do
- As with other phishes, our advice is not to engage with the phisher, delete the email and report it to Action Fraud: https://www.actionfraud.police.uk/report-phishing.
- Do not be tempted to pay the BitCoin ransom, doing so will likely encourage more scams as the phisher will know they have a ‘willing’ customer.
- Do not worry if the phish includes your password; in all likelihood this has been obtained from historic breaches of personal data. You can check if your account has been compromised and get future notifications by visiting: https://haveibeenpwned.com/
- If the phish includes a password you still use then change it immediately, advice on how to create suitable passwords and enable other factors of authentication is available from Cyber Aware: https://www.cyberaware.gov.uk/passwords
- If you have been a victim of a sextortion scam and have paid the BitCoin ransom, then report it to your local police force by calling 101.
- If you need emotional support this is available from charities such as Victim Support by calling 0808 168 9111 or visiting: https://www.victimsupport.org.uk/
Want to know more?
Action Fraud has also published some useful guidance in response to sextortion scams: https://www.actionfraud.police.uk/alert/alert-cyber-criminals-send-victims-their-own-passwords-in-new-sextortion-scam
Latest News from
National Cyber Security Centre
Ciaran Martin's speech at the Annual Review 2018 launch17/10/2018 11:42:00
Ciaran Martin speaking at the launch event for the 2018 Annual Review (16th October)
NCSC deals with 1,100 cyber attacks in first two years17/10/2018 09:15:00
On its second anniversary, the NCSC has revealed it has defended the UK from an average of more than 10 attacks per week.
Annual Review 201816/10/2018 13:15:00
The Annual Review 2018 – the story of the second year of operations at the National Cyber Security Centre.
Gloucester children to benefit from groundbreaking cyber hub15/10/2018 15:05:00
Children in Gloucester will benefit from an innovative cyber environment in one of the NCSC's latest Cyber School Hubs.
Top cyber diplomat celebrated as “trailblazing”11/10/2018 13:22:00
Cyber expert Sarah Taylor given Marie Claire Future Shaper Award.
Reckless campaign of cyber attacks by Russian military intelligence service exposed04/10/2018 14:15:00
Today, the UK and its allies can expose a campaign by the GRU, the Russian military intelligence service, of indiscriminate and reckless cyber attacks targeting political institutions, businesses, media and sport.
NCSC response and advice following Facebook cyber incident01/10/2018 13:20:00
An official statement from the National Cyber Security Centre after Facebook announced a security issue affecting almost 50 million accounts.
NCSC releases core questions to help Britain's biggest boards understand their cyber risk13/09/2018 16:15:00
Speaking at the annual CBI Cyber Security: Business Insight Conference 2018, Ciaran Martin offered boards five questions that will help them to prepare for a cyber attack.