Is your spam folder working? Have you been to any suspicious websites that you would prefer to remain private? Such are the questions that you might want to ask yourself in light of new academic studies. Crypto-based extortion is reaching epidemic proportions. This rather lucrative fraud scheme employs an army of robots that send out millions of emails daily in hopes of scoring a few hits. You are then presented with a simple demand for Bitcoin or Litecoin for the problem to go away.
How lucrative is this latest fraud scheme? One crook is known to be clearing $130,000 per month on this clever exercise. According to Coindesk: “An international team comprised of researchers from the Austrian Technology Institute and security provider GoSecure sampled a population of email spam and found that the extortion process was quick, easy, and very lucrative.”
The group focused on one example, where the crook used the popular “Necurs botnet”. From this one focal point, over 80 campaigns delivered 4.3 million spam emails to targeted victims, who had not been pre-screened for any suspicious activity, worthy of extortion. The plot, as it were, is greatly enabled and simplified by the use of cryptos as a payment device. GoSecure’s Masarah Paquet-Clouston noted: “If you look at traditional [product] spam, it’s much more complicated … [crypto] extortion spam is much simpler.”
Imagine receiving an email like this terse example, where the fraudster claims to have been eavesdropping on you via his malware: “Hello! As you may have noticed, I sent you an email from your account. This means that I have full access to your account. I’ve been watching you for a few months now. The fact is that you were infected with malware through an adult site that you visited.”
Researchers also gathered information on how the botnet achieved its tasks. Targets varied by nationality, but the wording in various languages was repetitive and the re-use of the same crypto address for payment allowed investigators to track back in reverse to the actual originator. Surprisingly enough, the extortion amount also varied by nationality. If you spoke English, then the amount was roughly $745. If you happen to speak Spanish, however, you were only hit up for $249.
Even though the crooks chose to use a single crypto address, they chose to “launder” their ill-gotten gains by first sending transfers to known “mixers” or “tumblers”, as they are called. These exchanges scramble the transfers in a random grouping of transactions to deliberately disguise both the source and destination addresses, thereby allowing the bad guys to cover their tracks before they convert to a fiat currency. Researchers had thought that the crooks might have used Monero or Zcash for this purpose, but these two sites that specialize in increased privacy were not heavily used.
Legitimate exchanges, however, are getting better at blocking the receipt of transactions from known gambling and darknet websites. As surveillance software improves, hopefully, the crooks will soon be cornered on the blockchain and brought down.
More about fraud schemes can be found here: