Cybercriminals are like any other type of criminal—they are sharp at finding loopholes in security systems and websites to quickly make a killing.
It is the vulnerability factor that gives them the room to plant their malware, inflict damage and orchestrate effective scams.
There cannot be any type of website more vulnerable to scams than adult content sites. The hard truth is that these are the most visited and sought-after sites on the internet.
That’s why it’s no wonder, as cybersecurity firm Kaspersky Labs discovered, hackers appear to have stolen the personal information of millions of users on major adult content sites. The hackers behind the scams are selling these details on the dark web.
Chance Discovery Leads to Unearthing the Scams
According to Kaspersky Labs, researchers chanced upon this phenomenon when they were looking for something else.
They were conducting research on what kind of illegal materials are sold on the dark web and they found that adult content website credentials were also being offered for sale along with drugs, weapons and malware.
The Kaspersky researchers further realized that these website credentials were obtained by malware designed to steal important data. In a detailed report, the cybersecurity firm has gone on to describe how the scams are executed.
Hacking Cleverly Carried Out
The basic method employed by these hackers is to mislead the users who are searching for adult content websites that their system is infected by virus and has to be eliminated.
This would generally appear as a pop-up and the message may read as if the user is being directed to a Microsoft technician who will guide the user to clean up the system, and that the service may be offered free of charge.
Once the user clicks to accept the request, they may be connected to a “customer care executive” over the phone.
Even as the user is speaking with this fake customer care person, the hacker would have extracted all personal information, including login details and passwords, stored on the system.
Another method found to be frequently employed in these scams, according to Kaspersky, is to post a message saying the Flash Player installed on the user’s system is outdated and needs to be re-installed to view the video the user intends to watch.
This will invariably lead to the malware being inserted into the user’s computer system.
Names of Adult Sites Revealed
Kaspersky Labs, in its report, has shared further information on the scams targeting adult websites and some of the numbers quoted are indeed mindboggling.
For starters, they could identify 27 items of malware that managed to infiltrate into some 50,000 PCs across the world. The total number of times these hacking incidents took place during 2017 is 307,808.
Some of the adult content sites listed by Kaspersky Labs include Cams.com, Penthouse.com, Stripshow, xHamster and Brazzers. Besides these, the sites from which account credentials of users have been stolen include Naughty America, Mofos and Reality Kings.
And beyond these, there were at least 400 million sets of credentials leaked from the site AdultFriendFinder.
Some sites have been subjected to major hacks before. In 2016, a series of attacks targeted several adult content sites—an xHamster breach exposed 380,000 user accounts, approximately 80,000 Brazzers accounts were hacked and an AdultFriendFinder leak exposed more than 300 million user accounts.
Mobile Phones Not Spared from Hacking Attacks
Kaspersky’s research showed that besides PCs and desktops, the scams also targeted over 1.2 million mobile phones.
Some individual adult content apps on the Android Play Store were also the source of these attacks—some were full of malware, malicious clickers and banking Trojans.
This method is perhaps easier for the hackers behind this attack since the average mobile user may not be as knowledgeable about cybersecurity and they would be quick to trust the apps.
Moreover, only a very small percentage of mobile users may have installed antivirus tools to face the onslaught.
Lastly, it is also true that most people may not come out in the open to make a complaint about such scams, since they may not wish to be identified as someone who views adult content.
The social taboo still exists within communities.
The advice offered by experts is to check the security credentials of adult websites before entering them.
Also, avoid falling prey to the lures hackers leave for unsuspecting users, as described above.