National Cyber Security Centre
NCSC’s advice in response to the increase in sextortion scams
Advice from the National Cyber Security Centre in response to the increase in sextortion scams.
Sextortion scams are a type of phishing attack whereby people are coerced to pay a BitCoin ransom because they have been threatened with sharing video of themselves visiting adult websites. These scams are made to appear all the more credible because they provide seemingly plausible technical details about how this was achieved, and the phish can sometimes also include the individual’s password.
Phishes are designed to play on people’s emotions so that they will behave in a way which is out of character, and scams such as this are no different. The phisher is gambling that enough people will respond so that their scam is profitable; they do not know if you have a webcam, have been visiting adult websites, or the means by which you communicate with people – in short, they are guessing. The phisher hopes to emotionally trigger people so that they will ‘take the bait’ and pay the ransom – a typical modus operandi.
What to do
- As with other phishes, our advice is not to engage with the phisher, delete the email and report it to Action Fraud: https://www.actionfraud.police.uk/report-phishing.
- Do not be tempted to pay the BitCoin ransom, doing so will likely encourage more scams as the phisher will know they have a ‘willing’ customer.
- Do not worry if the phish includes your password; in all likelihood this has been obtained from historic breaches of personal data. You can check if your account has been compromised and get future notifications by visiting: https://haveibeenpwned.com/
- If the phish includes a password you still use then change it immediately, advice on how to create suitable passwords and enable other factors of authentication is available from Cyber Aware: https://www.cyberaware.gov.uk/passwords
- If you have been a victim of a sextortion scam and have paid the BitCoin ransom, then report it to your local police force by calling 101.
- If you need emotional support this is available from charities such as Victim Support by calling 0808 168 9111 or visiting: https://www.victimsupport.org.uk/
Want to know more?
Action Fraud has also published some useful guidance in response to sextortion scams: https://www.actionfraud.police.uk/alert/alert-cyber-criminals-send-victims-their-own-passwords-in-new-sextortion-scam
Latest News from
National Cyber Security Centre
Next-gen start-ups to partner with National Cyber Security Centre15/04/2019 15:20:00
Security experts are calling on cutting-edge tech entrepreneurs to help develop the next generation of cyber security solutions.
GCHQ cyber courses recognised by qualification board09/04/2019 08:20:00
CyberFirst courses recognised by the Scottish Qualifications Authority (SQA)
Royal Masonic School for Girls crowned winners of biggest cyber competition to date26/03/2019 11:15:00
The winners of the 2019 CyberFirst Girls competition have been crowned.
Security research highlights central role children play25/03/2019 10:20:00
Research highlights the importance of children when it considering online safety
New NCSC beta website launched13/03/2019 09:15:00
New NCSC website aims to become the UK’s homepage for cyber security.
I spy finalists of NCSC's CyberFirst Girls competition11/03/2019 17:11:00
Finalists announced with record numbers of teams participating in the 2019 competition.
UK Boards of biggest firms must do more to be cyber aware06/03/2019 08:12:00
Boards at some of the UK’s biggest companies still don’t fully understand the potential impact of a cyber attack according to a new report.
Ciaran Martin's CyberSec speech in Brussels21/02/2019 13:15:00
Ciaran Martin, CEO of the NCSC, speaking at CyberSec in Brussels (20/02/19).