A new scam has begun targeting porn viewers in an attempt to blackmail victims and extort $1,900 — and they only take bitcoin.
Via malware, the scammers claim to have compromising footage of viewers taken from the would-be victim’s webcam while pornographic videos were playing. The scam email sent to victims begins by revealing to them their own password — presumably obtained from a company data breach — as “proof” that their computer has been hacked, although it’s unclear whether the footage exists.
The scam email states that an RDP (remote control desktop program) has been installed on the victim’s computer enabling the scammer to remotely access and record video footage along with accessing the victim’s entire contact database, with the threat being that the video will be sent to the contact list.
However, the email is vague and does not include the names of any specific porn sites. The email also offers to show “proof” by sending the footage to nine contacts — because the scammers are offering to display the email only by potentially embarrassing the victim, it’s likely that the scam is a bluff.
The scam email goes on to state that $1,900 is the price for secrecy, forwarding a BTC address. While bitcoin is more traceable than cash, the pseudonymous nature of the currency and the ease with which it can be transferred into a private currency like zcash or monero and then laundered makes it a more viable method of online extortion than accepting a wire transfer or PayPal payment. However, other fiat currency methods like transferring fiat into gift card payments from e-commerce marketplaces are also widely used by scammers.
Professor Emin Gün Sirer of Cornell University tweeted one example of the scam email sent to a friend of his, referring to the practice as “cryptoblackmail” and urging targeted people not to pay the scammers or attempt to negotiate with them. The professor states his belief that the message was sent to everyone on the haveibeenpwned list, an online service purporting to allow users to verify if their email has been breached by hackers.
This is simply the most recent iteration of a scam involving cryptocurrency as the only method of payment, with previous examples including the snail mail scam in which the scammers claim to have knowledge of an extramarital affair and demand bitcoin in exchange for their silence. In that case, the scam was a bluff, and while the letters were personalized, they were sent out in a blanket-area strategy in the hopes that unfaithful spouses would believe that they had been caught out.
Bitcoin ransomware attacks are also well-documented in the space. As cryptocurrency adoption grows, more and more valid uses and use cases are discovered, and it’s no surprise that the criminal underworld has also discovered the benefits of the new technology.
However, the positive use cases far outweigh the negative, and as Professor Sirer suggests, the best thing to do in the case of being targeted by scammers is to simply ignore the message, which was likely sent to hundreds — if not thousands — of people in the hopes that a handful would respond.