A new sex-related email scam scheme has been identified recently, and while those are not anything new, this one includes a crypto element: asking for bitcoins as a ransom for your data. The email has been pretty popular lately, with at least three known sources reporting that they had been affected by this scam, as reported by KrebsOnSecurity earlier today.
The scam is a twist on the classical ransom of personal information, but this time with porn: the email that the victim get claims that the attacker got access to his computer through malware, and was able to record video of the victim doing “nasty things” using the webcam of his computer/laptop watching porn. To make this more credible, the attacker throws in a password that supposedly was captured by a keylogger (a program that logs keystrokes) embedded in the malware.
The problem is that the password used is most times an old password that the victim used more than ten years ago. So security experts believe that the peoples behind this are using data from old hacked registries available online, being sold at a low price on dark markets.
The scammer asks for a hefty amount of money (between $1,900 and $3,900) to be transferred in bitcoin and gives a specific wallet address to transfer the funds. Luckily, most of the people that have received this email disregarded it quickly; but some did not, and according to another source that monitored the different wallet addresses, some payments have indeed been sent.
This means that social engineering has won in some cases and that embedding these old passwords has really served the purpose that they needed to serve: make the victim afraid and psychologically condition him to pay the ransom for the supposed video captured. However, to ask for bitcoin as ransom could be a great mistake because bitcoin is not as anonymous as some people think; and one way or another it could be traced back to the attacker.