Social Engineering, Photos and Extortion

Warning: Some of the terminology in this article may be considered distasteful to some readers, but the intention is to educate on an important issue, not to cause any offense. If you feel that you may be offended the terminology discussed in this article, please stop reading now.

Social Engineering: E-Whoring and Sextortion

The world we live in today is an interesting one; threat vectors are ever expanding and becoming more complicated and dangerous. The topics of Sextortion and E-Whoring probably don’t come up as a potential issue for a company’s security, but this couldn’t be further from the truth.

What is E-Whoring?

E-Whoring is the act of pretending to be someone you are not using various lewd images (most likely stolen through a data theft campaign) to coax the target into purchasing/joining a service or to have the target exchange photos.

What is Sextortion?

Sextortion is the act of threatening someone to distribute private or sensitive material if they don’t provide you something in return.

How are these two connected?

Typically most threat actors will leverage image packs (a package of lewd photographs/videos), to start their E-Whoring campaign. These image packs are usually the byproduct of another data theft campaign in which the threat actor either hacked into a cellphone’s photo library or by breaking into someone’s computer.

From there, the threat actor has a few choices to make. One, hold these images hostage from the person who owned them. Two, reach out to random people via various social media outlets to coax them into joining a paid-for service to see more. Three, use these images to trick another person into exchanging their private photos to hold them then hostage. Four, all of the above.

That seems only to affect one or two people, how could this harm my (Read more...)

*** This is a Security Bloggers Network syndicated blog from Cylance Blog authored by Chris Stephen. Read the original post at: