We are now partnered with Aura and Guardio! Check out our scam analytics dashboard ScamSight

The Selfie Scam

ScamHub

Selfie Scam Overview

At ScamHub, we encounter and investigate a wide range of scams, but every so often, one stands out due to its complexity and impact. One such scheme is what we’ve termed “The Selfie Scam”.

The original report that was submitted to us mentioned specific people, groups, channels, and websites by name. However, it's crucial to understand that these names can be easily changed, and the scammers’ tactics - including their scripts - can be shared, copied, or modified. At ScamHub, we prioritize the privacy and safety of our community. For that reason, we’ve removed all references to the specific names, websites, and tools used by these scammers. Our goal is to raise awareness and protect users without giving unnecessary attention, visibility, or ideas to harmful entities.

How The Selfie Scam Operates

This scam is highly organized and designed to be effective, even though it hasn’t yet reached mainstream awareness. Here's how it unfolds:

Malicious Link: The scam starts when a user embeds a harmful URL into an innocent-looking message, like “Check out my new website!”, and then posts the message on their social media.
Webcam Access: When someone clicks on the link, they are taken to a malicious site that requests access to their device’s webcam. If they allow it, the site captures a photo using the webcam.
Photo Upload: The captured image is then uploaded to a server where the user who clicked the link has no control over its removal or deletion.
Extortion: The user who embedded the malicious link automatically receives access to the photo. The victim is then redirected to a Telegram group where they are blackmailed and demanded to pay a cryptocurrency ransom to see the photo or have it deleted.

While this entire scheme is referred to as a “prank” by its creators, we prefer to call it what it actually is, blackmail. As you can probably imagine, this type of scheme results in rather unflattering pictures and potentially embarrassing circumstances.

What to Do if You're Targeted

The success of this scam relies on one key action: the victim granting the website permission to access their webcam. To protect yourself, NEVER give device permissions to unknown websites, especially for your camera, microphone, or other sensitive features.

If you’ve already fallen victim to this scam, it's important to understand that paying the scammer does not guarantee your photo will be deleted. Once the image is viewed or downloaded by the scammer, even removing it from their server may not fully protect you. Additionally, seeking help from so-called hacking services or "recovery" solutions can lead to further exploitation through Recovery Scams, where victims are tricked into paying again in hopes of regaining control over their data. You can read more about Recovery Scams in our dedicated article.

Conclusion

This scam serves as a stark reminder that harmful tactics can be disguised as innocent pranks, putting unsuspecting users’ privacy and finances at serious risk. Those engaging with these types of services may unknowingly be dragging others into vulnerable and compromising situations. Always stay vigilant and cautious when online, especially when dealing with unfamiliar links or websites.