Hackers blackmailing porn viewers by claiming they’ve got videos of them watching adult content have reportedly managed to make nearly $1 million worth of bitcoin thanks to victims who pay up.
According to a reportpublished by cybersecurity firm Area 1, scammers sending victims a threatening email telling them they’ve caught them watching pornography and will leak the video to their contacts unless they pay a bitcoin ransom, have been having success.
In an email shared by Cornell University professor Emin Gün Sirer the hackers claim to know users’ passwords, and claim to have made a “double-screen video” that shows the video the person was watching, along with them watching it thanks to a recording of their webcam.
Here's a new form of cryptoblackmail. A friend received this out of the blue. Presumably, it's getting sent to everyone on the haveibeenpwnd list.
Be careful out there, never pay, never negotiate. pic.twitter.com/VFl5s1duCe
— Emin Gün Sirer (@el33th4xor) July 11, 2018
In reality, security experts claim the hackers don’t have videos of the victims they target, but are merely trying to scare them into paying up. So far the scam appears to be working, as Area 1’s report reveals they’ve made $949,000 worth of bitcoin through it, with the average payout being of $593.
To get their messages past email filters, scammers are reportedly pasting “lines from Shakespeare or Jane Austen in invisible text” in their emails. As Gün Sirer noted in his tweet, victims shouldn’t pay the BTC ransom, as the hackers are contacting those who have had their email accounts breached in the past.
On the haveibeenpwnd website, users can look into whether their data has been leaked in large-scale security breaches. To get to their victims, scammers use this type of leaked data, which includes their email accounts and the passwords they’ve used on the services that suffered the breach.
Then, they tell victims their password, hoping they are indeed reusing passwords. Fortune reports the porn-related threats are one of three variations of email blackmail scammers have been using. Other forms reportedly include claiming they’ll destroy the data on victims’ computers, or they’ll attack them at their workplace. A security researcher has tied the attacks to a seasoned cybercriminal who was behind large security breaches in the past.