“I have to share some bad news with you,” the email begins, leading you in with lies. Blackmail scams are back, so how do you determine they’re fake?
It can be all too easy to lose track of the number of scams we all see, and lately, they seem to be everywhere.
Calls for something as innocuous as an Amazon subscription or as aggressive as an arrest warrant, while text and emails scams cover a whole gamut of things. Fake prize draws, tax scams, the increasing number of fake voicemail malware scam messages, and so on and so on.
And then there’s another breed, as scammers turn to extortion attempts to milk money off the general public.
It’s not a new thing, but with more of us at home because of the pandemic and lockdown, scams aiming to blackmail are increasing in number, with criminals sending dodgy messages in the hopes that you’ll believe these attempts and pay up.
Getting emails is easy
It’s nice to feel special, but when it comes to scams and threats, you’re not special at all. You’re just a number, or more specifically, a name attached to an email address. That’s your level of uniqueness applied to a scam, without a second thought.
You are a person’s name and a person’s email address, and you were probably on an email list somewhere that was leaked, because there are plenty of those. It’s not your fault, either. Not at all. You were just unfortunately picked and queued, with some automatic text built and sent that looks a little like this:
"Having gained access to ur device I have recorded a vid with ur domestic hobby. And now I am going to distribute it on the Internet and share it with the contacts from ur email. When u go about the stuff like that, I advise you to stick up ur web camera."
Also called a sextortion email, this type of scam isn’t anything new, but it is one built on the idea of fear. Simply put, it tries to lay claim to the idea that your webcam was activated without you being aware, and a hacker gained access while you were doing things consenting adults do.
“Scammers often capitalise on fear, uncertainty, and doubt (FUD) to emotionally hook you into believing something made-up is true. This approach compels victims to comply with the scammer’s request,” said Aaron Bugal, Global Solutions Engineer at Sophos.
“Typically, there is no substance to the claims being made and these scams are delivered far and wide to as many people as possible,” he told Pickr.
“The scammers are playing the numbers game and any correlation or relevance to a target’s life is coincidental. Ultimately, they want people to make rash decisions under pressure.”
Urgent decisions forced by urgent timelines
Almost every extortion scam we’ve seen follows the same approach: it may include your name, a few lines about how they’ve gained access to something that’s yours — be it personal activities or social media messages — and if you don’t pay up a ransom in Bitcoin, it will be shared. They’re typically as predictable as a scam gets.
But while they’re also easy to gauge, the urgency is what throws people. The risk of release may be what compels people to follow through on the demand, which is exactly what the scammer is working from.
Being aware of what your computer has been doing and your online activity is part of what’s crucial to determining whether these extortion scams are just that: a scam.
“Some people may be on top of their online activity and know there hasn’t been any additional access to their account,” said Bugal.
“On the other hand, it can be easy to think this is a genuine threat and become worried that conversations with recruiters, competitors, customers, prospects, etc. will be exposed.”
So how do you know what you’re looking at?
Look at the ambiguous language
One of the first signs you’re looking at a scam is just how ambiguous the language is.
Your name is mentioned — sure — but that doesn’t mean anything in the grand scheme of things. After all, how many email lists have you subscribed for over the years where the two have been connected? How many times have you filled out a form, both physical and digital, where your name and email have been asked for?
The sheer number of mailing list leaks that have gone on over the years are dizzying, and it’s not very hard to tie a name to an email, so throw this one out of your mind.
Rather, consider the ambiguous language used in the emails, and how it never really points to anything you’ve done.
"I have been observing u for years, you never stop amazing me by your penchant for intimate satisfaction."
Extortion email attempts like the one above imply you’ve done something wrong with a level of ambiguity that’s impossible to ignore. There are no specifics, it’s often just aggressive and manipulative language attempting to force you into acting.
But the general nature of this emails and texts is one of the key takeaways to tell you this is a generic scam not really targeted at you or anyone you know.
It’s almost always about sex
The other deadly obvious sign about blackmail scams is that they’re typically about sex, because leaking a private video of consenting adults doing what consenting adults do in their own home can seem like a serious threat. And these days, with cameras everywhere, gaining access to that can seem legitimate.
However these threats are just that, and there is typically no legitimacy to them in any way whatsoever.
While it’s highly possible you have cameras in your home — on your phone and computer, and maybe from something else like a smart device — criminals aren’t magically gaining access to these to use against you. This is just a threat.
There is a difference between a threat and a scam, but blackmail emails like these tread that line, with a threat that is a scam, hoping you believe the threat well enough to pay up, and providing a Bitcoin address and price tag for the money, as well as the note that they’ll delete the email address to make themselves untraceable.
Scammers send these because they work
The thing is that these emails do make money for scammers, which is why they go out. People genuinely fall for scams about threats and extortion, with the ACCC’s Scamwatch tracker noting Australians had lost almost ten million dollars from these types of scams in 2021 so far, and the number is growing. In June alone, that number hit close to four million, giving you an idea of just how many of these went out, and arriving as some Australians faced another lockdown.
Being locked down adds another level of legitimacy to the scam, because you’re inside more often, and could be why we’re seeing more of these threats now. As it is, we’re seeing scam numbers grow in lockdown, because more people are at home all the time.
However, you might look at these emails and say “these will never work on me”, but the reality is they work on some people, going right through to the keeper with a threat that is only that.
"I give you thirty-six hours to satisfy my requisitions, if you ignore me, within 72 hours I will distribute your compromising data. It’s you to decide, and do not try to get ahold of me, I am gonna delete the email address to ensure my safety."
For some, the threat is the very thing that drives them to pay, and that’s exactly what a scammer is hoping for. However if you’re aware of your activities and know the scammer is telling a porky, it’s pretty easy to determine scams are just that, with no sense of proof at all.
“The fight or flight response kicks in when faced with a threatening situation and given we can’t fight it, we simply want to fly away – that is, comply with demands and make the issue go away,” said Bugal.
“There is always a chance if the moons and planets align that the scammer’s fabricated scenario is a reality for someone and they may catch a victim off guard,” he said. “But for most of these blackmail attempts, they are total fabrications hoping to lure and hook targets into complying.”