Introduction

E-whoring is surely becoming one of the most common methods for beginning cybercriminals to gain easy money. E-whoring is a practice of selling pornographic content, while pretending to be the person, usually a girl, photographed. It is considered a form of social engineering in which the victim is misled into believing that he is interacting with a girl who is sending him nude photos and video clips of herself. In E-whoring, basically someone pretends to be a girl in a chat room. Then he talks to guys and asks them to sign up for his affiliate program, usually an adult affiliate program and, once they sign up, he gets paid.

E-Whoring is a social engineering technique in which the scammer pretends to be a pretty girl in order to swindle Internet users. It has become a very popular online scamming technique that involves the scammer interacting with the mark online under the pretense of being a girl who sells her body online. The most common way of monetizing this is for the scammer to ask the mark for money in return for pictures, videos, and cam shows. E-whores also use forums to exchange e-whore packages; that is, videos and pictures of girls. Some are given for free and the higher quality ones are for sale.

How does it work?

The principle is as follows:

  • The scammer creates one or more fake profiles of young girl with a hot picture.
  • The scammer tries to lure victims by mail, via a social network, or through dating sites by adding the victims as friends.
  • Then he invites them to join a webcam conversation via a link to an online subscription form, for a third-party service.
  • The scammer receives a commission for each validated form.
  • In some cases, the scammer calls the victim to undress in front of his webcam and finally blackmail him by threatening to publish this video on the internet.

How Do Scammers Start E-Whoring?

Making money through e-whoring does not require great technological sophistication; rather, success depends on social engineering skills. The challenge is to get the victims to believe they are talking to an actual girl. The things they used to begin E-whoring are:

  • VPN

To prevent disclosure of private information, VPN is used. This keeps them safe. VPN hides the real IP address and presents a different one. There are several free VPN’s. Some of them are:

But most of time they use paid VPNs to become more secure because these VPNs either save no logs or they delete logs after a short time period.

  • Fake Identity

First they generate a fake identity. While thinking about the identity they write down the things to make their story consistent.

They use the following sites to generate the fake identity:

With these websites, the scammer generate names, addresses, social security numbers, credit card numbers, occupations, UPS tracking numbers, and more absolutely free.

Want to learn more?? The InfoSec Institute CISSP Training course trains and prepares you to pass the premier security certification, the CISSP. Professionals that hold the CISSP have demonstrated that they have deep knowledge of all 10 Common Body of Knowledge Domains, and have the necessary skills to provide leadership in the creation and operational duties of enterprise wide information security programs.

InfoSec Institute's proprietary CISSP certification courseware materials are always up to date and synchronized with the latest ISC2 exam objectives. Our industry leading course curriculum combined with our award-winning CISSP training provided by expert instructors delivers the platform you need in order to pass the CISSP exam with flying colors. You will leave the InfoSec Institute CISSP Boot Camp with the knowledge and domain expertise to successfully pass the CISSP exam the first time you take it. Some benefits of the CISSP Boot Camp are:

  • Dual Certification - CISSP and ISSEP/ISSMP/ISSAP
  • We have cultivated a strong reputation for getting at the secrets of the CISSP certification exam
  • Our materials are always updated with the latest information on the exam objectives: This is NOT a Common Body of Knowledge review-it is intense, successful preparation for CISSP certification.
  • We focus on preparing you for the CISSP certification exam through drill sessions, review of the entire Common Body of Knowledge, and practical question and answer scenarios, all following a high-energy seminar approach.
  • Setting Up Fake Skype, MSN, and PayPal Accounts, and Email Addresses

They create fake Skype, MSN, and PayPal accounts, and email addresses by finding an address on Google maps in the city where the VPN is located. Then they create fake Facebook profiles with their fake email and non-nude pictures in albums. Now they fill out their info at PayPal, and they are ready to camp.

  • E-Whoring Packages

The attacker creates or downloads some E-Whoring packages, like some photos or videos with pornographic material, and then he can start e-whoring.

  • Make Clients

Scammers have two options in looking for their potential clients. They can either post an ad on sites like Craigslist or go into a chat room.

  • Set Prices

Scammers always know how to set a price: If someone says he’s unemployed, then they start low, if someone says he is a rich businessman, then they start high.

  • Use Tools Like Manycam

Manycam is a tool that E-Whores use to have cam sessions with their marks. It’s an extremely useful program that lets them broadcast their video files over a webcam.

  • Blackmail

<spanIf nothing else works, then scammers start blackmailing the victim. Blackmail is an act in which the grifter threatens to use revealing, damaging, embarrassing, secretive, etc. information in order to get money or another kind of cooperation out of the mark. To do blackmail they start gathering information. Their main aim is to find more and more about the victim; they try to find out the email ids of the person, social networking accounts related to those email ids, location, etc. As they get sufficient information about the victim they send email asking the victim to transfer money, or they will make the chat logs and videos public or publish the video on the Internet.

Recent Incident

Here is a recent incident in which the identity of a law student was stolen by hackers, who started using it to make money in an “e-whoring” scam. Her Facebook account was also hacked and the pictures and information were used to set up fake accounts advertising her as a prostitute.

A Facebook spokesman said about this incident: “We take our Statement of Rights and Responsibilities very seriously and react quickly to remove reported content that violates our policies. The goal of these policies is to strike a very delicate balance between giving people the freedom to express them and maintaining a safe and trusted environment. We encourage people to report anything they feel violates our policies using the report links located throughout the site or by using the reporting tools in our Help Center at facebook.com/report.”

How to Protect Yourself from E-Whoring?

  • Be aware of social engineering attacks.
  • More important data should be locked up so that a hacker is not able to access your personal files.
  • If a girl who does not know you tries to seduce you, be cautious.
  • If a girl is half naked, it’s a scam.

Conclusion

E-whoring has become a very popular online scamming technique that involves the scammer interacting with the mark online under the pretense of being a girl who sells her body online. The most common way of monetizing from this is for the scammer to ask the mark for money in return for pictures, videos, and cam shows. It’s so easy to get trapped in these kind of incidents, as we don’t know about the people around us. We should not trust any person online because we are unaware of the intentions they have. Online scamming can damage your public image or your personal life as well. In this article, whole scenarios are defined which can help you to understand the term as well as its effect.