Cyber criminals trawl LinkedIn to scope out targets in 'sextortion' scams

Anthony Cuthbertson

High net-worth individuals are being found on networking sites like LinkedIn by gangs, who pay criminals more than £250,000 per year to find potential targets for so-called sextortion scams.

A typical example of a sextortion scam can involve forming an online relationship with a married person and then threatening to reveal details of the affair with their partner unless a ransom is paid in bitcoin.

Researchers at cyber security firm Digital Shadows tracked the activity of cybercrime groups over a seven month period between July 2018 and February 2019, revealing the methods used to prey on potential victims.

The gangs are offering annual salaries averaging £276,300 to accomplices who help target high-worth individuals, such as company executives, lawyers and doctors, researchers said. For accomplices with programming skills, these salaries rise to more than £840,000 per year.

“For high net worth individuals specifically, LinkedIn can be a treasure trove of useful information,” Rafael Amado, senior strategy and research analyst at Digital Shadows, told The Independent.

“Using it can help identify a potential victim’s job, likely salary and firms they have worked for. They may also disclose details of family members, marital status and their location. If this is supplemented with breach data such as passwords then it can make an extortion attempt more potent.”

Other extortion campaigns carried out by the cybercrime gangs involve using a known password, usually obtained from a data breach, as “proof” the victim’s devices have been compromised.

One email campaign from 2018 threatened to post video of a person’s most intimate moments on the internet, despite no such footage existing.

“I’m going to cut to the chase,” the message reads. “You don’t know anything about me whereas I now know a lot about you and you are probably thinking why are you receiving this mail, right?”

It goes on to claim that the sender has somehow gained control of the victim’s web cam and used it to record them while they watch pornography. If the victim does not pay a specified sum, the sender claims they will send the video to the person’s friends, family and colleagues.

A more sinister blackmail campaign involved a ‘Hitman’ threat that claimed victims would be killed if a bitcoin ransom was not paid.

The latest research found that extortion sums may have been determined by estimating a victim’s net worth or salary from their online profiles on websites like LinkedIn.

A LinkedIn spokesperson told The Independent​: “If you do encounter any messages or postings on, or referencing, LinkedIn, which you suspect to be part of a scam or criminal activity, you can help us by reporting them to us so we can investigate and take appropriate action."

Over 89,000 unique recipients faced some 792,000 extortion attempts against them, the researchers found. An analysis of bitcoin wallets associated with these scams found that sextortionists reaped an average of $540 per victim.

“The research shows that cybercriminal groups are increasing their targeting of high net worth individuals and / or those that hold positions of power within companies. Many threat actor groups are actively on the recruit for members to collaborate with and to help them scale their operations,” said Rick Holland CISO at Digital Shadows.

“Education and minimizing your personal and professional online exposure are essential for thwarting extortionists goals. Since the lines between our personal and professional lives are so blurred, firms should educate their staff and tell them never to pay out a sextortion request.”