By CCN: Police in the tiny town of Norton, Kansas posted a bulletin to their website yesterday morning urging followers not to fall for a bizarre Bitcoin sextortion scam.
In this version of a classic spear-phishing attack, the scammer sends an e-mail to the victim and tells them they have a recording of the victim pleasuring him or herself – complete with the content they were watching at the time.
They say they’ve compromised the person’s address book and will share the video with everyone they know if they don’t pay $800 in Bitcoin. They instruct the victim to Google the process of buying Bitcoin and encourage them to use the BitPay wallet.
The number of people who watch pornography far dwarfs the number of people who don’t. Porn sites are among the top trafficked in the world. Major sites like xHamster and PornHub are generally free of malvertising, as it doesn’t benefit them to have scandals evolving out of their pages. However, thousands of sites steal the content from these sites, or serve other stolen material, or even serve original content, and don’t mind serving up malicious advertising. Malvertising is a key concern regarding the viewing of private content, and that’s why the scam in this story might be based in reality.
The scammer, in this case, is spear-phishing. They obtained the user’s e-mail address one way or another. They likely have no idea whether the person has ever watched pornography on a particular device or not. The work of compromising a single person and storing all of their details is probably worth more than $800. It requires some degree of focus, determination, and tailoring to the victim.
The e-mail message has all the signs of spear-phishing. For one, it’s vague – you are guilty of visiting a random porn site. For another, it assumes that you have your contacts stored on your computer. It also assumes that you use your computer to visit porn sites, which is less and less common. Computer usage, in general, is declining, while mobile usage is skyrocketing, and the odds are high that the person reading the e-mail received it on their mobile device.
The scam makes these assumptions because the type of person who would do all of the above, and use the internet without some degree of security, is also the kind of person who would likely pay the ransom.
The ideal target for this type of scam is a middle class married man with low information about technology who would prefer his wife and associates not know his pornography habit. This man likely attends church and can afford to lose $800. The ideal victim’s main problem would be acquiring the $800 in Bitcoin.
At this point, there are no metrics as to how many people have been “on-boarded” to Bitcoin against their will through the use of ransomware and scams. It’s the darker side of blockchain that people don’t discuss very often.
But the scam could be a reality, as well, given the prevalence of malvertising and pornography. However, if the hacker had access to someone’s credentials, why not just steal the money from their bank account or PayPal? Why go through the trouble of making them pay by Bitcoin?
The hacker promises to abide by a “hacker code of conduct” – once you pay, they’re done with you since you’re not their only victim. The hacker provides a Bitcoin address of 15bcHG2o9sByaKf9HbdWC8idq4nBocTXSs, an address which has so far received nothing.
We considered sending the address a small number of satoshis to make it populate on WalletExplorer.com, but since that database is not online, it would take too long to update and include in this story. That is one way you might determine other addresses associated with the scammer, for the record.
Last modified (UTC): April 23, 2019 12:46