‘Creepy’ shakedown relies on stolen personal data

An Albuquerque man says he is among those getting hit up with a “very creepy” extortion scheme, especially scary because the scammer’s email correctly cited one of his passwords – likely stolen in an all-too-often data breach.

In the email the man received, the scammer opened by naming the password, which he had used it to get into the man’s computer. He claimed to have recorded the man watching pornographic websites and also said he had gained access to the computer’s webcam.

In this way, the scammer said he was able to make “a two-screen video” showing what the man was watching on his screen and what his reactions were (“it’s you doing inappropriate things,” according to the email.)

The icing on the cake, according to the scammer, was that he also had gleaned the man’s email and Facebook Messenger contact lists and therefore was going to send his homemade video to all of them – unless the man paid him $3,600 in bitcoin.

“We’ll name it my ‘privacy tip,’ ” the scammer wrote. “Now let me tell you what happens if you choose this path. Your secret remains your secret. I will delete the recording immediately. You go on with your routine life as if none of this ever happened.”

The other “path,” the scammer said, was to ignore the email and not pay, which would lead to the “humiliation your family will feel when friends and family learn your dirty videos from me.”

This is called “cryptoblackmail” and other similar scams involve threats like this: “I know you cheated on your wife” or “I’ve got an order to kill you,” as inducements to get you to pay. Scammers want their illicit earnings to be paid in bitcoin or another type of cryptocurrency because it’s hard for authorities to track down the owner of a Bitcoin address.

In the case of the Albuquerque man, he did not watch pornography, he did not have a working webcam on his computer and he did not fall for it.

He did make sure all of his accounts had new passwords and that he was no longer using the old one cited by the scammer.

An unknown number of people elsewhere, though, have already fallen for the scheme; according to How-To Geek, an online tech publisher, victims were bilked out of more than $15,500 earlier this month.

The best response to this, according to several sources, is to not respond. This email is showing up in inboxes nationwide, which means scammers know nothing about you personally. Instead, they have purchased lists of emails and passwords and are using mass mailings in hopes at least a few people will bite.

◊ ◊ ◊

The state auditor has sent out a warning to government agencies after the city of Alamogordo lost $250,000 to a fake vendor this month.

It happened when a city employee got a spoofed email that looked like it came from a representative known to work for the vendor, Cooperative Education Services. CES is a commonly used purchasing cooperative for New Mexico schools and other government entities, according to a news release from State Auditor Wayne Johnson.

City workers agreed to the email request and paid all invoices to the fake CES, using the revised banking information. The money went to the scammers rather than the real vendor. CES has notified its customers that it has not changed any of its banking information.

“In this Snapchat and instant message world, it’s critical to verify information with a real person, either in person or by phone,” Johnson said. “An email seeking to alter banking information should always be a red flag. Talk to your vendors, especially when they do something out of the ordinary, like send a change in banking information.”

He said recovery of the $250,000 was “likely to be difficult if not impossible.”

Ellen Marks is assistant business editor at the Albuquerque Journal. Contact her at emarks@abqjournal.com or 505-823-3842 if you are aware of what sounds like a scam. To report a scam to law enforcement, contact the New Mexico Consumer Protection Division toll-free at 1-844-255-9210.

Loading ...