August 31, 2025 • 8 mins
This episode delves into the dangers of sextortion, a form of phishing email that blackmails individuals by threatening to reveal compromising material. The host discusses the increasing prevalence of sextortion, especially in the US and UK, and highlights its psychological impact on victims. Listeners are provided with techniques to protect their organizations, including awareness training, email filtering, blocking pornographic sites on work devices, and using camera covers. The episode emphasizes the importance of preparation and proactive measures to mitigate the risk of sextortion attacks.
Mark as Played
Transcript
Episode Transcript
Available transcripts are automatically generated. Complete accuracy is not guaranteed.
(00:00):
Sextortion is today's topic.
We're gonna dive deep a little bit into what is Sextortion, why it's very dangerous, and, I will tell you about some techniques, to protect your organization and its employees from it.
Let's start by defining sextortion.
Sextortion is a form of social engineering.
it comes usually in a form of email, so you can consider it a form of phishing emails.
(00:23):
it aim to target a lot of people.
Not necessarily targeted, but it's very effective.
The email come to the employee.
Basically trying to blackmail them, focusing on the topic of porn.
trying to put them in a situation where they feel, ashamed, and then ask them to take action.
Oftentimes they ask them to pay, an amount to them, maybe in form of Bitcoin, 'cause you can track it.
(00:49):
and in some cases it can actually ask them to leak some internal information.
usually this is in the targeted situation.
They email and say something along these lines.
Hey, I've taken over your laptop, I've taken over your phone.
I've been watching you recently.
I've seen you doing naughty stuff.
I have recordings or pictures of you doing this, implying maybe masturbating or watching porn.
(01:13):
If you would like me.
To stay quiet, not to publish or share them with your colleague.
You need to do the following.
And then the action comes.
Oftentimes, as I mentioned, is, payment in form of, Bitcoin or cryptocurrency.
that's basically sextortion that.
Why it's dangerous.
First of all, in the US and UK since 2022, it has increased over 300%.
(01:38):
this is based on people who reported.
There is a lot of people who haven't reported yet, because maybe of course they are, scared or ashamed the problem here is, if you have somebody who's not aware of this technique and they receive this email, they can immediately freak out.
especially if you have a person who actually have used their laptop and have been doing something that actually like, like masturbating in front of the camera or watching porn or any of these sort of things that could potentially, if it get leaked, it'll impact their life and career.
(02:09):
just some statistics for you to understand why this is dangerous, because they did study on a group of men and women, in the us and results are the following.
Around 70% of men who participated in this survey have masturbated at least once, and watched porn, visited porn site at least once.
(02:33):
In the previous month of the survey, 30% of women who participated said.
That they have done the same, the either masturbated ones or visited a a porn site once.
So.
If you think about it from an attacker point of view, if they send a hundred email to men, there is a 70% chance it'll land in somebody's inbox.
(03:01):
And this person have already done this.
So couple this.
The fact that they did this in the past month plus an email saying that I have seen you doing some stuff.
I have recording for you.
I'm sure you can imagine why this can be a terrifying experience.
Same thing for women around if you send a hundred email, there is a 30% chance it'll land in an inbox of a woman who have done this.
(03:26):
And of course, they'll freak out.
the second problem with this is because it's very sensitive.
Oftentimes people who are in this situation, they're not sure what to do because they're not sure if this person actually have something on them or no.
And because now they are under a lot of emotional pressure and scared, they are less likely to go and speak with somebody.
(03:49):
they are less likely to speak to you or the security team, or report it to IT because they're not sure if it's true or not.
If it's true, they don't want to expose themselves even further.
and if it is not true, they don't know what to do.
So you see here why this is dangerous.
It's increasing.
Statistically it works.
They rely on the fact that people will be scared and ashamed if something happened and don't wanna risk it.
(04:14):
I looked in a lot of samples of the emails that people, received in this form.
oftentimes the payment is small.
They asked literally for less than $500 and they put me in a situation where like, is it really worth it? Is it $300? do I need to risk.
Exposing myself, or just pay the 300 and hopefully they will go away.
(04:35):
it's quite dangerous and effective, right? So now we know what is it, and now we know why it's dangerous.
How can we protect our organizations against it? How can we protect our teams and our employees? The first and most important thing is awareness and preparation.
You need to let them know.
You need to make them aware that this form of phishing emails exist.
(05:00):
This form of phishing emails can land on their inbox.
Either their personal email or their work email.
And if this happened, they shouldn't panic.
They should let you know and let you deal with it.
it might also be beneficial to show them some samples of these emails.
You go to Google, just write extortion email, examples, and you'll see lots of them.
(05:21):
When they are prepared and know what's if they actually have something on me, they will send me a picture or evidence.
there is a higher chance they will deal with the situation in a better way.
They will deal with a situation in a much more calm manner involve you and ask you to help them.
If you have a security awareness program training, I would maybe record a specific video on this.
(05:41):
if not, conduct a presentation to the company, maybe send it in form of comms.
But keep in mind that this is something you need every new hire to know about.
So one time presentation won't cut it.
Second is you can do certain, rules, in your email client that you're using, let's say Google Workspace or, Microsoft to specifically target and capture these, keywords that are likely to be included in these emails, quarantine these emails and let your team filter them out first.
(06:13):
So you can set some rules, like if an email coming, include the word masturbation, include the word porn site, include the form, Maybe word webcam a combination of three Bitcoin, wallet or it's hash, then quarantine it, let your team, review it first, and if it's sextortion, you can block it and the sender across the organization, so you can get started by going online.
(06:36):
Seeing some samples and try to come up with some keywords every time one of your employees report a form of these emails, take it, analyze it, and see what kind of keywords you can listen to.
I wouldn't rely only on blocking the email because oftentimes these people, create multiple emails and maybe use mail generators.
blocking the email only, across the organization is not enough.
(06:57):
The third thing is actually block the porn site.
I don't see why you shouldn't.
this is a work laptop and it should be used, solely for work related matter.
If people wanna use it for some personal stuff, like, open their personal email or maybe, book some traveling or maybe watch Netflix after work, it's, it's okay, but it should be limited and in the space that is safe when you block this.
(07:21):
At least now if I receive the work email and I know my work email, only work on my, my, my work laptop.
And the work email is telling me that I, I've seen you watching porn I know is, is BS because there is no porn can work on this laptop because IT team have restricted it using the, content filtering policies that they have.
So it help a lot, when you do this as well.
(07:43):
Last but not least, also offer people, the privacy, camera door, this little thing you can buy from Amazon.
it was very, very cheap.
I would always issue every new laptop booth, something like this.
not all the s extortion cases will be around something naughty.
Sometimes they just, maybe they would say, ah, I've filmed you in your private time, or whatever.
(08:04):
And at the same time, you account for these cases because every operating system, every application is vulnerable.
we've heard a lot of cases that, the camera got hijacked, So it's always good to have something like this on your phone, on your tablet, on your, on your laptop to close the camera if you're not using it.
I would offer it to people and I would offer even extra if you wanna take one extra for your, personal, laptop take it as well.
(08:25):
So, no problem.
These are very small countermeasure, and very effective.
And all of them together can collectively work on making them better prepared.
And know that this email, and this attempt is likely social engineering, nothing else.
That was the topic, sextortion.
I highly encourage you to think about it, in a context of your personal life, your organization, and try to prepare your organization for such cases, and take this recommendation that I recommended, and evaluate them, and take action on them.
(08:56):
Thank you so much.
Sextortion is today's topic.
We're gonna dive deep a little bit into what is Sextortion, why it's very dangerous, and, I will tell you about some techniques, to protect your organization and its employees from it.
Let's start by defining sextortion.
Sextortion is a form of social engineering.
it comes usually in a form of email, so you can consider it a form of phishing emails.
(00:23):
it aim to target a lot of people.
Not necessarily targeted, but it's very effective.
The email come to the employee.
Basically trying to blackmail them, focusing on the topic of porn.
trying to put them in a situation where they feel, ashamed, and then ask them to take action.
Oftentimes they ask them to pay, an amount to them, maybe in form of Bitcoin, 'cause you can track it.
(00:49):
and in some cases it can actually ask them to leak some internal information.
usually this is in the targeted situation.
They email and say something along these lines.
Hey, I've taken over your laptop, I've taken over your phone.
I've been watching you recently.
I've seen you doing naughty stuff.
I have recordings or pictures of you doing this, implying maybe masturbating or watching porn.
(01:13):
If you would like me.
To stay quiet, not to publish or share them with your colleague.
You need to do the following.
And then the action comes.
Oftentimes, as I mentioned, is, payment in form of, Bitcoin or cryptocurrency.
that's basically sextortion that.
Why it's dangerous.
First of all, in the US and UK since 2022, it has increased over 300%.
(01:38):
this is based on people who reported.
There is a lot of people who haven't reported yet, because maybe of course they are, scared or ashamed the problem here is, if you have somebody who's not aware of this technique and they receive this email, they can immediately freak out.
especially if you have a person who actually have used their laptop and have been doing something that actually like, like masturbating in front of the camera or watching porn or any of these sort of things that could potentially, if it get leaked, it'll impact their life and career.
(02:09):
just some statistics for you to understand why this is dangerous, because they did study on a group of men and women, in the us and results are the following.
Around 70% of men who participated in this survey have masturbated at least once, and watched porn, visited porn site at least once.
(02:33):
In the previous month of the survey, 30% of women who participated said.
That they have done the same, the either masturbated ones or visited a a porn site once.
So.
If you think about it from an attacker point of view, if they send a hundred email to men, there is a 70% chance it'll land in somebody's inbox.
(03:01):
And this person have already done this.
So couple this.
The fact that they did this in the past month plus an email saying that I have seen you doing some stuff.
I have recording for you.
I'm sure you can imagine why this can be a terrifying experience.
Same thing for women around if you send a hundred email, there is a 30% chance it'll land in an inbox of a woman who have done this.
(03:26):
And of course, they'll freak out.
the second problem with this is because it's very sensitive.
Oftentimes people who are in this situation, they're not sure what to do because they're not sure if this person actually have something on them or no.
And because now they are under a lot of emotional pressure and scared, they are less likely to go and speak with somebody.
(03:49):
they are less likely to speak to you or the security team, or report it to IT because they're not sure if it's true or not.
If it's true, they don't want to expose themselves even further.
and if it is not true, they don't know what to do.
So you see here why this is dangerous.
It's increasing.
Statistically it works.
They rely on the fact that people will be scared and ashamed if something happened and don't wanna risk it.
(04:14):
I looked in a lot of samples of the emails that people, received in this form.
oftentimes the payment is small.
They asked literally for less than $500 and they put me in a situation where like, is it really worth it? Is it $300? do I need to risk.
Exposing myself, or just pay the 300 and hopefully they will go away.
(04:35):
it's quite dangerous and effective, right? So now we know what is it, and now we know why it's dangerous.
How can we protect our organizations against it? How can we protect our teams and our employees? The first and most important thing is awareness and preparation.
You need to let them know.
You need to make them aware that this form of phishing emails exist.
(05:00):
This form of phishing emails can land on their inbox.
Either their personal email or their work email.
And if this happened, they shouldn't panic.
They should let you know and let you deal with it.
it might also be beneficial to show them some samples of these emails.
You go to Google, just write extortion email, examples, and you'll see lots of them.
(05:21):
When they are prepared and know what's if they actually have something on me, they will send me a picture or evidence.
there is a higher chance they will deal with the situation in a better way.
They will deal with a situation in a much more calm manner involve you and ask you to help them.
If you have a security awareness program training, I would maybe record a specific video on this.
(05:41):
if not, conduct a presentation to the company, maybe send it in form of comms.
But keep in mind that this is something you need every new hire to know about.
So one time presentation won't cut it.
Second is you can do certain, rules, in your email client that you're using, let's say Google Workspace or, Microsoft to specifically target and capture these, keywords that are likely to be included in these emails, quarantine these emails and let your team filter them out first.
(06:13):
So you can set some rules, like if an email coming, include the word masturbation, include the word porn site, include the form, Maybe word webcam a combination of three Bitcoin, wallet or it's hash, then quarantine it, let your team, review it first, and if it's sextortion, you can block it and the sender across the organization, so you can get started by going online.
(06:36):
Seeing some samples and try to come up with some keywords every time one of your employees report a form of these emails, take it, analyze it, and see what kind of keywords you can listen to.
I wouldn't rely only on blocking the email because oftentimes these people, create multiple emails and maybe use mail generators.
blocking the email only, across the organization is not enough.
(06:57):
The third thing is actually block the porn site.
I don't see why you shouldn't.
this is a work laptop and it should be used, solely for work related matter.
If people wanna use it for some personal stuff, like, open their personal email or maybe, book some traveling or maybe watch Netflix after work, it's, it's okay, but it should be limited and in the space that is safe when you block this.
(07:21):
At least now if I receive the work email and I know my work email, only work on my, my, my work laptop.
And the work email is telling me that I, I've seen you watching porn I know is, is BS because there is no porn can work on this laptop because IT team have restricted it using the, content filtering policies that they have.
So it help a lot, when you do this as well.
(07:43):
Last but not least, also offer people, the privacy, camera door, this little thing you can buy from Amazon.
it was very, very cheap.
I would always issue every new laptop booth, something like this.
not all the s extortion cases will be around something naughty.
Sometimes they just, maybe they would say, ah, I've filmed you in your private time, or whatever.
(08:04):
And at the same time, you account for these cases because every operating system, every application is vulnerable.
we've heard a lot of cases that, the camera got hijacked, So it's always good to have something like this on your phone, on your tablet, on your, on your laptop to close the camera if you're not using it.
I would offer it to people and I would offer even extra if you wanna take one extra for your, personal, laptop take it as well.
(08:25):
So, no problem.
These are very small countermeasure, and very effective.
And all of them together can collectively work on making them better prepared.
And know that this email, and this attempt is likely social engineering, nothing else.
That was the topic, sextortion.
I highly encourage you to think about it, in a context of your personal life, your organization, and try to prepare your organization for such cases, and take this recommendation that I recommended, and evaluate them, and take action on them.
(08:56):
Thank you so much.
Popular Podcasts
Dateline NBC
Current and classic episodes, featuring compelling true-crime mysteries, powerful documentaries and in-depth investigations. Follow now to get the latest episodes of Dateline NBC completely free, or subscribe to Dateline Premium for ad-free listening and exclusive bonus content: DatelinePremium.com
Stuff You Should Know
If you've ever wanted to know about champagne, satanism, the Stonewall Uprising, chaos theory, LSD, El Nino, true crime and Rosa Parks, then look no further. Josh and Chuck have you covered.
The Bobby Bones Show
Listen to 'The Bobby Bones Show' by downloading the daily full replay.