Switching to personal: how scammers use adult product themes
Fraudsters can blackmail and harass users of adult products, experts have warned about this. Leaks from manufacturers and sellers of "18+" products, as well as the carelessness of users of such products, can provide attackers with ample opportunities for criminal activity. For more information about how scammers use adult products, how dangerous such schemes are and how to protect themselves from them, read the Izvestia article.
How data from users of adult products leaks online
At the end of July, Lovense, a major manufacturer of adult gadgets, was at the center of a major scandal: a vulnerability in its application turned into a serious data leak. An independent security specialist with the nickname BobDaHacker found out that every user of the Lovense application could be deanonymized: a critical breach allowed his e-mail to be recognized by his nickname (login).
Since nicknames are often published openly — for example, on social networks and forums — attackers could easily match them with real e-mails, and then use this data to harass potential victims or doxing (disclosing a person's personal data online without his consent for the sake of profit), blackmail or harassment. Doxing can be a blow to your reputation, result in job loss, and sometimes become a threat to your physical safety.
BobDaHacker learned about the vulnerability in the Lovense application last March, after which he informed the company about it, but it did not take any action. Further investigation revealed that, knowing the potential victim's e-mail and a certain token, the attackers could gain full control over her account. In the end, Lovense released an update that supposedly solved the problem — but full user security will be ensured only after it is installed.
Why are users of adult products interesting to scammers
The topic of sexual relations is taboo, so information about it can be used in a variety of criminal schemes, Maxim Mostovoy, an analyst at Serchinform, says in an interview with Izvestia. According to the expert, in everyday life, the user of "18+" products may be a businessman or a family man, whose image does not fit in with such practices. If the opposite turns out, then attackers can use it.
—Today, the 18+ industry remains one of the most vulnerable in terms of privacy," adds Pavel Karasev, Business Partner at Computer Technologies. — Users are afraid of publicity, they are in no hurry to contact the police or write complaints. And this is exactly what most fraudulent schemes are based on: shame, fear, and unwillingness to defend their rights.
According to the expert, webcam models and streamers are of particular interest to scammers. They are public, vulnerable, and work with an audience among whom compromising material can spread quickly. But ordinary users often become victims, especially those who do not realize the consequences of using untested applications. Fraudulent schemes that use intimate topics are aimed at those who are caught and who can be attacked: find personal data, other accounts, place of work, and so on, but the main thing is to get some kind of benefit, most often money. As Maxim Mostovoy notes, such a scheme can also be part of targeted attacks on top management of companies or business owners.
— The more significant and richer the target of the attack, the higher the stakes, because the details of personal life can destroy not only marriage, but also career and financial well—being, - the expert emphasizes.
What schemes on the subject of adult products can scammers use?
Fraudulent schemes that raise the topic of "18+" regularly pop up in the top of the most dangerous, Maxim Mostovoy says in an interview with Izvestia. The main resource for such schemes is leaks from manufacturers and sellers of adult products, as well as data from users themselves, which they inadvertently indicated online.
— For example, a potential victim may be extorted from a monthly fee for not disclosing juicy details to close associates or colleagues, — says the expert. — At the same time, blackmail can be different. For example, if a conditional adult toy measures certain human parameters, then intruders may threaten to spread them over the Network.
In some cases, attackers can attempt blackmail through mass mailings, even without having real compromising material in their hands, but at the same time achieving a psychological effect, Pavel Karasev notes. However, sometimes this turns into a real harassment when scammers use real information from leaks.
At the same time, according to the expert, in the future, attackers may find new ways to use schemes with adult products. In particular, we can talk about remote control of sex gadgets for the sake of digital violence or covert video recording activated through firmware vulnerabilities. Such risks are especially high for devices controlled via the Internet and integrated with non-certified applications.
How to protect yourself from fraud schemes involving adult products
Today, the adult products industry is a market with millions of users and a huge turnover, which, like any digital market, requires thoughtful personal cybersecurity, says Pavel Karasev. According to the expert, first of all it is necessary to separate your "adult" online activity from the main digital life, using a separate e-mail, logins and passwords for it.
— Use only separate accounts for "18+" applications and services, — advises Maxim Mostovoy. — Such accounts should not indicate your identity in any way or be linked to other applications and services.
Even if a hacker somehow manages to obtain account data, he will not be able to compare them with previously leaked information and identify the user, the Izvestia interlocutor notes. At the same time, it is important not to publish credentials from "adult" services in the public domain, and also use two-factor authentication to protect your accounts wherever possible.
Attackers often speculate on "juicy" topics, as such stories can attract the attention of potential victims, adds Olga Altukhova, senior content analyst at Kaspersky Lab. Using baits with "spicy" themes, scammers may try to extort money or user credentials on behalf of a particular service.
"Therefore, it is important not to follow links from suspicious messages in messengers or social networks, not to enter confidential data on questionable resources, and also to use security solutions that will notify you of an attempt to go to a phishing or scam page," the specialist emphasizes.
If you have already received a suspicious message or threat, do not enter into a dialogue with the senders. Instead, take screenshots, save your correspondence and contact law enforcement agencies — after all, there are already cases in Russia where attackers could be found on a digital trail, concludes Pavel Karasev.
Переведено сервисом «Яндекс Переводчик»
