An increasing number of scams involving alleged blackmail and Bitcoin are taking place, according to a new study.
Sextortion on the Rise
Instead of straight ransomware, people are targeted in sextortion schemes. Scammers claim to have sensitive information or pictures about the victim, and demand a payment, usually in Bitcoin, in exchange for their silence.
Typical ransomware attacks have meanwhile reportedly been on the decline.
Nevertheless, a research paper that came out of the study entitled “Spams meet Cryptocurrencies: Sextortion in the Bitcoin Ecosystem” claims that scammers are netting almost $125,000 per month in cryptocurrency, usually BTC.
People eager not to have their secrets revealed eagerly fork over money, while the vast majority ignore the threats or simply don’t care. In many cases, the scammers don’t actually have any data from the victim, nothing more than their name at least. As the report says:
“[A]ll evidences point to the idea that sextortion spammers are using botnets to disseminate their spams, just like traditional spammers. Indeed, two previous articles on sextortion argued that this worldwide campaign was sent by the Necurs botnet. This assumption was based on the geolocations of the IP addresses sending the spams, which were similar to the Necurs’s infected hosts. Our sextortion dataset was also created partly through a filter that selected emails sent from IP addresses that were known to be part of botnets, supporting this hypothesis as well.”
The technique is based on social engineering, which posits that most people can be made to do pretty much anything if spoken to properly.
Scammers Bluff Their Way Into Millions Using Bitcoin
Social engineering can be a vital skill in certain types of scams. It’s at the heart of scams like the Nigerian Prince.
Victims are made to believe that the spammers actually have compromising data about them, and then must choose to pay or not. Apparently, enough of them pay to make it a worthwhile endeavor.
According to the report, most, if not all, of the Bitcoin blackmail spam comes from the same source, which likely hires out the actual spam-mailing portion of the business.
The researchers found that with little actual effort, a single operation is likely to have brought in over $1.3 million over a period of 11 months. Researchers were able to track down a lot of funds using addresses provided in repeated e-mail campaigns that were sent to millions of e-mail addresses.
Plenty of victims had never used Bitcoin before, but were kindly provided instructions on how to acquire it, just as in other schemes like ransomware.