By CCN: Police in the tiny town of Norton, Kansas posted a bulletin to their website yesterday morning urging followers not to fall for a bizarre Bitcoin sextortion scam.
Spear-Phishing Attack Targets Individuals With Secret Porn Habits
In this version of a classic spear-phishing attack, the scammer sends an e-mail to the victim and tells them they have a recording of the victim pleasuring him or herself – complete with the content they were watching at the time.
They say they’ve compromised the person’s address book and will share the video with everyone they know if they don’t pay $800 in Bitcoin. They instruct the victim to Google the process of buying Bitcoin and encourage them to use the BitPay wallet.
The number of people who watch pornography far dwarfs the number of people who don’t. Porn sites are among the top trafficked in the world. Major sites like xHamster and PornHub are generally free of malvertising, as it doesn’t benefit them to have scandals evolving out of their pages. However, thousands of sites steal the content from these sites, or serve other stolen material, or even serve original content, and don’t mind serving up malicious advertising. Malvertising is a key concern regarding the viewing of private content, and that’s why the scam in this story might be based in reality.
Don’t Fall for This Crypto Sextortion Scam
The scammer, in this case, is spear-phishing. They obtained the user’s e-mail address one way or another. They likely have no idea whether the person has ever watched pornography on a particular device or not. The work of compromising a single person and storing all of their details is probably worth more than $800. It requires some degree of focus, determination, and tailoring to the victim.
The e-mail message has all the signs of spear-phishing. For one, it’s vague – you are guilty of visiting a random porn site. For another, it assumes that you have your contacts stored on your computer. It also assumes that you use your computer to visit porn sites, which is less and less common. Computer usage, in general, is declining, while mobile usage is skyrocketing, and the odds are high that the person reading the e-mail received it on their mobile device.