Not every internet scam needs sophisticated software to put into action. In fact, one of the most successful ones going on right now is incredibly simple in operation, while being quite sophisticated in its psychological tactics. It is the psychology of it that gets people to send the scammers money.
The concept of the latest scam is simple. The scammers send emails to potential targets telling them that their computer has had malware installed on it and that the malware has recorded them using online pornography. The email includes at least one of the target’s online passwords and tells them they will send the proof of their pornography use to their friends, families, and employers unless they send payment in Bitcoin.
It is the use of the passwords in the emails that makes this scam stand out from previous similar ones. These are passwords the targets have actually used, though may not be currently using. It is the inclusion of the passwords in the emails that make the targets believe they may genuinely have been hacked.
The Truth of the Scam
In truth, of course, no one has been hacked with the supposed malware. Instead, all the scammers have done is to gather passwords obtained in other data breaches, and use them. Many cybercrime experts believe the majority of passwords being used in this scam came from the 2012 LinkedIn data breach, in which 117 million passwords were stolen and sold on the dark web. Those who have been targeted by this scam often point out that the passwords they have been sent are old ones they have not used in a long time, making the proposed origin of these passwords a stronger possibility.
Though most people ignore emails like the ones the scammers have been sending, the addition of passwords the potential targets have actually used makes these emails far more psychologically effective. This is why the scammers have been able to extort so much money out of their targets with this scam.
Other Elements of the Scam that Make it Effective
Scammers are spoofing the intended targets’ email addresses, as well, making it seem as if the emails are coming from the targets’ own accounts. This is an additional psychological tactic that makes the scam quite effective with a lot of people. Thus far, people in 42 countries around the world have reported receiving the scam emails, and scammers have been able to collect around $4 million from their intended targets. Around one-third of the targets have been people in the United States.
It is easy to tell just how much Bitcoin scammers have been able to collect because most of it has been requested to be sent to one Bitcoin address: 1JsACYBoRCYkz7DSgyKurMyibbmHwcHbPd
Since Bitcoin addresses and the amounts in them are all publicly available and listed on the blockchain, it isn’t a mystery where the money is going. However, the anonymity of these Bitcoin addresses makes the owner of the address a mystery. The way the blockchain is set up, there is no sure way to find out the identity of the owner, either.
What to Do if You Receive One of These Emails
If you or someone at your company receives one of these emails, here is what you do:
Do not believe your computer has had malware installed on it.
Do not make any Bitcoin payments to anyone.
If you are still using the password that was sent to you in the email, change it.
Make sure you aren’t using any passwords that may have been exposed in a data breach.
Keep your passwords safe by using a password manager.
Do these things, and you need not to be concerned about becoming another victim of this online scam.