Welcome to Hard Fork Basics, a collection of informative guides to keep you up to date with the personal finance and investment world. This one is Bitcoin-themed.
There’s a “sextortion” email scam going around that demands Bitcoin BTC to keep steamy videos of you masturbating to pornography off the internet. It’s fake. Relax.
It’s also very old. While there are many variants, recent reports show an email that suggests a crafty hacker has “placed malware on the porn website” that you enjoy, which allowed them to record your screen and webcam feed.
The email then requests $1,900 worth of Bitcoin or else your Messenger, Facebook, and email contacts will receive a video of you jerking (or jilling) it, placed artfully alongside your kinky content of choice — a shoddy attempt at blackmail.
Bitcoin Sextortionists 2: Magic Pixel Evolved
It’s a preposterous premise, but the real hook is a recipients’ actual password, which is starred out in the screenshot below. Hard Fork reported on some of the first instances of the Bitcoin sextortion email in 2018.
Back then, fraudsters were warning their marks that a “magic pixel” had recorded their every move. More recently, emails have come with an embedded JPG image of the blackmail message in a bid to avoid spam detection.
Indeed, if you receive this email, it’s likely to reference a password that you might regularly use, or may have regularly used in the past. Don’t freak out: They probably found it in a PasteBin doc — not by hacking your machine.
BitcoinAbuse reports surge in April
It’s almost entirely likely that the phishers obtained your email and password from one of the thousands of data breaches that have occurred, and not by hacking your computer (or your porn website, for that matter).
Have I Been Pwned? is a handy tool to figure out where they might’ve found your password. Simply plug in your email address to see if this relates to you.
Bitcoin Abuse, a website that tracks these kinds of Bitcoin scams, has fielded almost 50,000 reports this year. April has seen a massive influx of submissions — over 41,000 — and while not all of them are specific to the sextortion scam, many are, and they’re coming in multiple languages.
As for the success of these horny phishers: It seems they randomly generate fresh Bitcoin addresses for each recipient, which makes tracking them significantly harder.
Just do what the nice lady did
So, security researchers at Sophos advise you to do two things. First: Delete the email and move on.
The second is change the password referenced in the email, as it’s likely that other phishers also have access to it. Even if they’re old accounts, you should change them to protect your current ones.
Apart from that, it’s important to never send any money in response to any emails like these, Bitcoin or otherwise, and not to play into to the fraudsters’ hands by engaging any further.
They also emphasised that instructions in an email should not be followed “just because the message is insistent or because you’re frightened.”
In other words, do what this 84-year-old lady did when she was targeted by Bitcoin sextortionists: Ignore them, and eat a bagel.
Published April 20, 2020 — 16:12 UTC