Sometimes it feels as though everyone online is out to get you. A cursory look at any spam folder will reveal a bunch of emails from scammers for any given day, all after a piece of you.
Perhaps they offer free Bitcoin, or the prospect of developing relations with an exotic partner. Maybe it’s a fake tax demand, or a fake PayPal scam… the list goes on and on. And that’s before we even consider those with ransomware attachments, ready to lock the data on your PC until the ransom is paid.
Since late 2017, a new scam has been landing in mailboxes around the world. Coming under the label of extortion phishing, this scam — often with the subject line “You Should Be Ashamed Of Yourself” — invariably attempts to shame the recipient into paying up. Typically, the payment is via Bitcoin, so almost impossible to trace.
The Scam Behind Extortion Phishing
You probably know about “phishing” — a technique that scammers use to extract information from you by deception. Microsoft defines phishing as:
“A type of online identity theft. It uses email and fraudulent websites that are designed to steal your personal data or information such as credit card numbers, passwords, account data, or other information.”
Although there are methods you can use to block phishing, often it comes down to simply learning to recognize a phishing email or message.
Things are developing, however. Over the years, phishing has been evolved to embrace new platforms and attack vectors. Social networks are now targets, as are messaging apps, and the scammers will attempt to convince you that they represent banks, law enforcement, even healthcare providers.
And now, the scammers are pretending that they’re watching you, and what you get up to when you’re alone.
“You Should Be Ashamed Of Yourself”
It’s a very simple approach. Scammers send an email to their list of addresses, advising the recipient that they have captured footage of them visiting (and enjoying) an adult website. This is supposedly done thanks to their use of a “malicious program on a porn site” and plays into fears of adult websites leaking data.
The aim is clear: force you to pay up for their silence, or the footage will be shared with your social networks. Admittedly, the ransom is low ($290 sent via Bitcoin) but must be paid within 24 hours of receipt of the message.
Ultimately this is a typically insidious scam that could easily snare an unsuspecting user.
How Do We Know It’s a Fake?
Well, there are several problems with the email. First of all is the subject line, which reads like a support ticket:
- ?i??et#186980138: <email_address> 29/01/2018 07:09:48 You were not clever
Several variants of this email scam have been recorded online. Other subject lines include:
- Subject: YOU SHOULD BE ASHAMED OF YOURSELF
- Subject: YOUR PRIVACY HAS BEEN COMPROMISED
While it is possible to watch webcams remotely (even without the light being activated), this message has been received by people who don’t use online porn. It’s also been received by users who do, but don’t use connect their email account with that activity.
And then there are the recipients who enjoy such material via other methods (such as a Kodi box).
Additionally, it’s unlikely that scammers would be able to force remote desktop (RDP) or keylogging without attracting the attention of security software. And they almost certainly don’t have enough storage space for so many videos from device webcams around the world.
Perhaps the most obvious, however, is the threat: “I give you exactly 24 hours since you open my message to finish a transaction.”
With no read receipt, and hence no idea when the email is opened, there’s no way this threat can hold any water.
This is a scam! You may have already received it, or a version with different text. Delete it, and move on. Let your friends and family know too, as it can hit literally anyone.
If you want to know more, this blog explores the background, and attempts to trace the perpetrators.
What You Can Do to Stop Extortion Phishing
You have several options to combat this. The first is to avoid adult material on any device with a webcam. Pretty easy. If you don’t want to do that, consider a cover for your webcam. These are inexpensive and can be bought online at Amazon.
You should also disable your microphone, for additional security. And, of course, install a reliable, reputable online security suite. Use its email integration to keep spam and scam emails in check, and employ its scanning software to track for camera-accessing malware.
It’s also worth following the links at the top of this article to discover more about phishing and recognising scams.
Could the Scam Become Real?
Fortunately, this scam isn’t currently practical. But it successfully taps into fear and paranoia about how we use our computers, online surveillance, and what data is being stored.
Unfortunately, it’s not beyond the realms of possibility. Adult websites have been hit by malware in the past. We know that smartphone, tablet, and laptop cameras can be enabled remotely by the security services. And we know that cybercriminals have used techniques used by the NSA and others to scam victims.
So yes, this scam could potentially become “real.” Hackers really could upload malware to sites streaming adult material, identify you based on your site logon, and target you. They wouldn’t have to record you, but if they wanted to, and had the storage space for the videos, they probably could. And if they’ve gone this far, identifying your friends and family on social network wouldn’t take too much effort.
However, all of that requires more time, effort and money than is found in a typical scam — for now, at least.
Don’t Let Them Scam You!
Extortion phishing is nasty. You really don’t want to be battling the feelings of guilt and shame while trying to make a logical decision. This confusion plays into the scammers hands, and leaves your wallet lighter.
Avoid and protect yourself against the “You Should Be Ashamed of Yourself” phishing scam by following these steps:
- Stop, reduce, or modify your use of adult material.
- Use a webcam cover for your phone, tablet, or laptop.
- Disable your PC’s microphone when it is not in use.
- Install a reputable, reliable antivirus suite.
Stay ahead of the game, and you won’t get scammed. You won’t even need cyber insurance.
Worried for your friends? Share this article with them! And let us know if you’ve ever been fooled by cybercriminal scams like this.
Image Credit: stokkete/Depositphotos