In a “highly organised operation” believed to be based in Nigeria, scammers inundated university-affiliated email addresses in June and July with thousands of emails threatening to release intimate images and videos.

The victims were told – falsely – that their computer webcams and smartphone cameras had been hacked, allowing the scammers to record their victims without their knowledge.

In one email seen by The Daily Telegraph, the victim was told the scammer has “gained access to your internet router and, from there, was able to access every device connected to your network”.

The scammer claimed to have “Private and Dirty Texts” and “Footage (with audio) of you doing some nasty stuff online” that “if exposed, would destroy your reputation and personal life”.

In another scam email, the sender included accurate details like the recipient’s location and claimed “we know what nasty stuff you do online”.

In both instance the cybercriminals ordered their victims to transfer an amount of the cryptocurrency Bitcoin to “remotely remove the hacking from your devices”.

The emails were intercepted by cybersecurity firm Mimecast, which has released details of the scam in order to warn potential victims.

Senior director Garrett O’Hara said cybercriminals use personal information about their victims obtained in other cyber attacks and data leaks to convince their target that the threat is real.

“I would bet large sums of money in any given situation that they’re bluffing, and it is fake,” he said.

“It’s logistically possible, but in reality, it’s much harder to do than people realise.

“It’s way cheaper to convince people that you have the material, than it is to actually go and get the material.”

Students are “particularly vulnerable” targets, he said, because they are not only highly likely to be engaged in explicit activity online, but are also more likely to view the threat as “absolutely catastrophic” to their reputation.

Bluff or not, Mr O’Hara urged recipients of the sextortion scams to report them to the authorities, including police and the ACCC’s Scamwatch.

Scammers are also training each other how to ‘bomb’ their targets on social media, by email and on dating apps, discussing their tactics in disturbingly open forums.

Mimecast investigators have discovered multiple TikTok and YouTube accounts as well as public Telegram channels where scammers provide instructions, scripts and advice for making their threats more convincing.

In one channel viewed by The Daily Telegraph, a cybercriminal boasted his “format” for blackmail including claiming to be a “special agent from the FBI”, then following up by impersonating a Fox News reporter who has obtained “your nudes to be posted online”.

A “tutorial” on TikTok and re-shared on YouTube shorts demonstrated how to use generative AI platform ChatGPT to write scripts, and an app to generate fake newspaper front pages.

The University of Sydney said it was “not aware” of its students being targeted recently, it remains “really concerned” by the risks sextortion scams pose.

“We regularly remind our students of types of activity they should be wary of, and how to protect themselves and get help if they need it,” a spokeswoman said.

Macquarie University had also not received reports of this specific scam targeting its community, but urged students to be vigilant.

“We strongly encourage any student who receives suspicious or threatening messages to report them to the University and relevant authorities,” a spokeswoman said.

Southern Cross University, Western Sydney University and the University of South Australia have also been contacted for comment.

Originally published as ‘Nasty stuff’ and ‘dirty texts’: Inside the sextortion scam targeting Australian university students