www.malwarebytes.com Open in urlscan Pro
2600:9000:21f3:9c00:16:26c7:ff80:93a1  Public Scan

Form analysis
2 forms found in the DOM

GET

<form id="search-form" onsubmit="submitSearchBlog(event)" method="get">
  <div class="searchbar-wrap-rightrail">
    <label for="cta-labs-rightrail-search-submit-en" aria-label="cta-labs-rightrail-search-submit-en" aria-labelledby="cta-labs-rightrail-search-submit-en">
      <input type="text" id="st-search-input-rightrail" class="st-search-input-rightrail" placeholder="Search Labs">
    </label>
    <button type="submit" id="cta-labs-rightrail-search-submit-en" aria-label="Submit your search query"><span class=""><img src="/blog/images/search.svg" alt="Magnifying glass"></span>
    </button>
  </div>
</form>

/newsletter/

<form class="newsletter-form form-inline" action="/newsletter/">
  <div class="email-input">
    <label for="cta-footer-newsletter-input-email-en" aria-label="cta-footer-newsletter-input-email-en" aria-labelledby="cta-footer-newsletter-input-email-en">
      <input type="text" class="email-input-field" id="cta-footer-newsletter-input-email-en" name="email" placeholder="Email Address">
    </label>
    <input name="source" type="hidden" value="">
    <input type="submit" class="submit-bttn" id="cta-footer-newsletter-subscribe-email-en" value="">
  </div>
</form>

Text Content

The official Malwarebytes logoThe official Malwarebytes logo in a blue fontB

We research. You level up.

       
Personal
Personal
 * Security & Antivirus
 * Malwarebytes for Windows
 * Malwarebytes for Mac
 * Malwarebytes for Chromebook
 * Malwarebytes for Android
 * Malwarebytes for iOS
 * Malwarebytes AdwCleaner

 * Online Privacy
 * Malwarebytes Privacy VPN
 * Malwarebytes Browser Guard
 *  
 * All-in-one Protection

 * Malwarebytes Premium + Privacy VPN   New

 * Get Started

 * The ultimate guide to privacy protection  New
   
   VISIT PRIVACY HUB  VISIT PRIVACY HUB

 *  

 * Stop infections before they happen

 * GET A FREE TRIAL  GET A FREE TRIAL

 *  

 * Find the right solution for you

 * SEE PERSONAL PRICING  SEE PERSONAL PRICING

Business
Business
 * Solutions
 * BY COMPANY SIZE
 * Small Businesses
 * single figure icon  1-99 Employees  Buy Online
 * Mid-size Businesses
 * two figure icon  100-999 Employees
 * Large Enterprise
 * three figure icon  1000+ Employees
 * BY INDUSTRY
 * Education
 * Finance
 * Healthcare
 * Government

 * Products
 * CLOUD-BASED SECURITY MANAGEMENT AND SERVICES
 * Endpoint Protection
 * Endpoint Protection for Servers
 * Endpoint Detection & Response
 * Endpoint Detection & Response for Servers
 * Incident Response
 * Malware Removal Service
 * Nebula Platform Architecture
 * Cloud Storage Scanning Service  New
 * CLOUD-BASED SECURITY MODULES
 * DNS Filtering
 * Vulnerability & Patch Management
 * Remediation for CrowdStrike®
 * NEXT-GEN ANTIVIRUS FOR SMALL BUSINESS
 * For Teams

 * Get Started
 *  * Find the right solution for your business
    * See business pricing See business pricing
   
   --------------------------------------------------------------------------------
   
    * Don't know where to start?
    * Help me choose a product See business products selector
   
   --------------------------------------------------------------------------------
   
    * See what Malwarebytes can do for you
    * Get a free trial Get a free trial
   
   --------------------------------------------------------------------------------
   
    * Our sales team is ready to help. Call us now
    * Phone icon +49 (800) 723-4800

Pricing
Partners
Partners
 * Partner Icon Explore Partnerships

 * Partner Solutions
 * Resellers
 * Managed Service Providers
 * Computer Repair
 * Technology Partners
 * Buy now Buy Now

 * Partner Success Story
 * Marek Drummond
   Managing Director at Optimus Systems
   
   "Thanks to the Malwarebytes MSP program, we have this high-quality product in
   our stack. It’s a great addition, and I have confidence that customers’
   systems are protected."

 * See full story See full story

Resources
Resources
 * Learn About Cybersecurity
 * Antivirus
 * Malware
 * Ransomware
 * Malwarebytes Labs – Blog
 * Glossary
 * Threat Center

 * Business Resources
 * Reviews
 * Analyst Reports
 * Case Studies
 * Press & News

 * Events
 * 
   
   
   
   Featured Event: RSA 2021

 * See Event See event

Support
Support
 * Technical Support
 * Personal Support
 * Business Support
 * Premium Services
 * Forums
 * Vulnerability Disclosure

 * Watch Icon Training for Personal Products
 * Watch Icon Training for Business Products

 * Featured Content
 * Privacy Logo
   
   
   
   Activate Malwarebytes Privacy on Windows device.

 * See Content See content

FREE DOWNLOAD
CONTACT US
COMPANY
COMPANY
 * About Malwarebytes
 * Careers
 * News & Press

SIGN IN
SIGN IN
 * My Account
 * Cloud Console
 * Partner Portal

SUBSCRIBE


Hacking


WHEN A SEXTORTION VICTIM FIGHTS BACK

Posted: August 1, 2022 by Jovi Umawing

A college student fell victim to a Snapchat sextortion scheme. With a friend's
help, she 'hacked back' and sent him to jail.

When Katie Yates suddenly started receiving nude photos of her friend, Natalie
Claus, over on Snapchat, she instantly recognized that Claus had just become a
victim of a sextortion attack. She also knew how Claus should respond.

This happened in December 2019 when Claus was a sophomore. Both were students at
the State University of New York.

Yates has a story of her own, too. Months before receiving those messages from
Claus, she was herself a victim of sexual assault. After reporting the abuse,
Yates started receiving abusive messages on social media. Seeing the lack of
support from anyone on campus, she explored ways to identify her harasser.

This vigilanteism—Yates taking the matter into her own hands because she's not
getting any help—proved beneficial for Claus. So when Yates asked Claus if she
wanted to catch her hacker, Claus said, "Yeah."


HACKER POSED AS "SNAPCHAT SECURITY"

The case of Claus's hacker, David Mondore (a chef), actually made headlines
around 2020 and 2021. Claus is not his sole victim, and a press release revealed
that Mondore was involved in a string of Snapchat hijacking activities from July
2018 to August 2020. During this period, the hacker gained unauthorized access
to at least 300 Snapchat accounts, including Claus's.

This Bloomberg article mentioned that Mondore posed as a "security employee" who
warned Claus of an alleged breach of her Snapchat account. The Office of the US
Attorney of New York provided more detail on the ruse that tricked Claus into
handing over her account to Mondore.

According to Claus, whom the press release refers to as Victim 1, she received a
Snapchat message from an acquaintance, whom the press release refers to as
Acquaintance 1. The person messaging Victim 1 is actually Mondore using
Acquaintance 1's account.

Acquaintance 1 asked Victim 1 for her Snapchat credentials, so they can use the
account to check if another user blocked them. In Snapchat, you can't see anyone
who's blocking you even when you search for their username or full name. It
appears the only way to see who's blocking who is using another account. Several
sites use this tactic.

Clearly, Mondore took advantage of this.

After Victim 1 sent her credentials to Acquaintance 1, Mondore sent Victim 1 a
text message via an app anonymizing his actual phone number. The message he sent
purportedly came from Snapchat Security, requesting Victim 1 to send the
passcode for her "My Eyes Only" folder to verify that Victim 1's account has
been legitimately accessed.

"My Eyes Only" is a secure, encrypted, and private folder within Snapchat where
users can save potentially sensitive photos and videos. This can only be
accessed with a passcode.

After gaining access to Victim 1's Snapchat account and her "My Eyes Only"
folder, Mondore rinses and repeats. He contacted Victim 1's contacts using her
account, asking for their credentials under the pretense of checking who blocked
them.

Mondore also used Claus's private photos, which she had taken for herself as she
attempted to recover from a rape, to gather compromising material from her
Snapchat contacts. The message sent out with her nude images says, "Flash me
back if we're besties." It was sent to 116 people, four of whom responded with
explicit photos of themselves.


"GOTCHA"

Claus hatched a plan to trap her hacker with Yates's help. Using her own
Snapchat account, Yates sent a message to Claus's account, which Mondore had
already controlled by then, saying she had nude images to share, with a URL link
made to look like a porn site.

The URL, once clicked, collected the IP address of anyone who accessed it using
the Grabify IP Logger website. Not only that, Yates and Claus set up the URL to
redirect Mondore to the Wikipedia page for the word "gotcha" instead of the porn
site he probably expected.

Mondore, upon seeing the Wikipedia redirect, messaged Yates saying, "What the
hell is this?" She then blocked Claus's account after collecting Mondore's IP:
he was in Manhattan and using an iPhone without a VPN.

Claus sent her police report to the campus police, who then forwarded it to the
New York state police. One of the officers then knew who to contact within the
FBI. The tip eventually led to Mondore's arrest. He received a sentence of 6
months jail time.

"It was him being an idiot that did it," Claus said of her hacker. "When I
passed all that information to the FBI, they said, 'There's a really good chance
that we wouldn't have caught him without this.'"

Despite what happened to her and the "too light" punishment Mondore received,
Claus believes he's not a monster. "He's a human," she told Bloomberg. "That's
what makes it scary."

SHARE THIS ARTICLE

--------------------------------------------------------------------------------

COMMENTS



--------------------------------------------------------------------------------

RELATED ARTICLES

Explained


KMSPICO EXPLAINED: NO, KMS IS NOT "KILL MICROSOFT"

August 8, 2022 - A hack tool called KMSPico is hailed as the go-to tool when it
comes to activiating Windows. But is it safe?

CONTINUE READING 1 Comment

A week in security


A WEEK IN SECURITY (AUGUST 1 - AUGUST 7)

August 7, 2022 - The most important and interesting computer security stories
from the last week.

CONTINUE READING 0 Comments

A week in security


A WEEK IN SECURITY (JULY 25 - JULY 31)

August 1, 2022 - The most important and interesting computer security stories
from the last week.

CONTINUE READING 0 Comments

Privacy


CRIMINALS USING COMPROMISED SOCIAL MEDIA ACCOUNTS TO "POST INDECENT IMAGES OF
CHILDREN" SAYS UK CYBERCRIME ORGANIZATION

July 29, 2022 - UK based Action Fraud is warning of hacked social media accounts
posting indecent images of children. We dig into available information.

CONTINUE READING 0 Comments

Cybercrime


TO SETTLE WITH THE DOJ, UBER MUST CONFESS TO A COVER-UP. AND IT DID.

July 29, 2022 - The 2016 Uber data breach affected the personal information of
57 million people. And then the company covered it all up.

CONTINUE READING 0 Comments

--------------------------------------------------------------------------------

ABOUT THE AUTHOR

Jovi Umawing
Senior Content Writer

Knows a bit about everything and a lot about several somethings. Writes about
those somethings, usually in long-form.


Contributors


Threat Center


Podcast


Glossary


Scams


Write for Labs

Cyberprotection for every one.

twitter
facebook
linkedin
Youtube
instagram

Cybersecurity info you can't do without

Want to stay informed on the latest news in cybersecurity? Sign up for our
newsletter and learn how to protect your computer from threats.



Cyberprotection for every one.

FOR PERSONAL

Windows

Mac

iOS

Android

Privacy VPN

SEE ALL

COMPANY

About Us

Contact Us

Careers

News and Press

Blog

Scholarship

Forums

FOR BUSINESS

Small Businesses

Mid-size Businesses

Large Enterprise

Endpoint Protection

Endpoint Detection & Response

MY ACCOUNT

Sign In

SOLUTIONS

Free Rootkit Scanner

Free Trojan Scanner

Free Virus Scanner

Free Spyware Scanner

Anti Ransomware Protection

SEE ALL

ADDRESS

3979 Freedom Circle
12th Floor
Santa Clara, CA 95054

ADDRESS

One Albert Quay
2nd Floor
Cork T12 X8N6
Ireland

LEARN

Malware

Hacking

Phishing

Ransomware

Computer Virus

Antivirus

COMPANY

About Us

Contact Us

Careers

News and Press

Blog

Scholarship

Forums

MY ACCOUNT

Sign In

ADDRESS

3979 Freedom Circle, 12th Floor
Santa Clara, CA 95054

ADDRESS

One Albert Quay, 2nd Floor
Cork T12 X8N6
Ireland

twitter
facebook
linkedin
Youtube
instagram
   English
Legal
Privacy
Accessibility
Vulnerability Disclosure
Terms of Service


© 2022 All Rights Reserved

Select your language1

 * English
 * Deutsch
 * Español
 * Français
 * Italiano
 * Português (Portugal)
 * Português (Brasil)
 * Nederlands
 * Polski
 * Pусский
 * 日本語
 * Svenska