Exclusive: Scammed Porn Watchers Have Paid Nearly $1 Million in Bitcoin Blackmail

It was after midnight when Oren Falkowitz received the frantic text messages. It was a plea from a client to help a friend who owns shares in a Silicon Valley company set to go public–and who had received a very frightening email.

“They said they have videos of him looking at porn through his webcam,” the client wrote, adding the senders had targeted his friend in a crafty blackmail scheme.

Falkowitz, who runs an anti-phishing company called Area 1, had some useful advice: “It’s fake. Tell him to delete [the email] and go to sleep.”

Crisis resolved. Unfortunately, thousands of others have fallen prey to the same email scam, which instructs the victims to send Bitcoin or else see intimate photos from their webcam–and screenshots of the porn they watched–sent to all of their contacts.

Unfortunately the blackmail scheme has become the latest example that crime sometimes pays. According to an investigation by Area 1, the scammers have sent millions of emails and earned $949,000 from the racket. The average payout is $593.56, or 0.073 Bitcoin, at the today’s rate.

Area 1 came up with the figure by examining the Bitcoin blockchain, which contains a permanent record of all transactions, including those associated with a digital wallet address tied to the crooks.

The porn threats are one of three variations of email blackmail used by these criminals. The others rely on threats to destroy data on the victim’s computer, or to carry out a form of physical violence at the victim’s workplace.

The scam has also been going on for a while. As my colleague Robert Hackett explained last August, it has proved effective at frightening people because the scammers will include a real computer password the victim has used in the past:

[you should] check to see whether any accounts tied to that password appear in Have I Been Pwned, a searchable database that identifies what personal information of yours may have leaked as a result of various online breaches. If any accounts that once used that password pop up, then the extortionist likely scraped all of the information from one of these data dumps. Translation: The crook has not been monitoring your every keyboard touch, screenshot, and webcam image. Rather, the delinquent is bluffing–frightening unsuspecting victims into forking over cryptocurrency.

The current porn email scam, which one expert suggests is tied to a Moroccan marketing company, has also been successful because the blackmailers are good at evading spam filters set up by Microsoft and Google. According to Area 1’s report, one tactic they use to avoid detection is to paste lines from Shakespeare or Jane Austen in invisible text in the email–a signal to the filters that there is mostly “good language” in the email, helping it land in recipients’ in-boxes, rather than being blocked.

Still, it’s not so much a technical loophole they’re exploiting, as it’s human failings they’re taking advantage of. Falkowitz argues that people will always fall prey to phishing, in part because humans are naturally curious.

“Training employees doesn’t work,” he says. “They’re too subject to emotional responses in response to phrases like ‘account compromised.’”

Instead, anti-phishing technology designed to stop bad emails from getting through in the first place is the best solution, he adds.

That’s one way to solve this problem, but it may not be the most economical approach. You can also invest in a webcam cover–the sliding stickers currently come in a six-pack from Amazon for $7.99, or just 0.00098 Bitcoin, for comparison’s sake.