Fraudsters are always looking for new ways to separate you from your money. The way they get it is often the same; they send you something that stops you in your tracks, something that gets your emotions up; something alarming, concerning, or that gets your ire up, even something that brings out our best qualities of compassion and willingness to help. They use our emotions to get past our poise and critical thinking.
Any time you get a message about something that gives you a feeling of the immediate need to react, recheck it; read it carefully to see if there are any indicators that your emotions might be clouding your judgment.
Fraudsters usually begin by trying to trick you into compromising your computer or password, but not every time. In this scam, they claim that they have already accessed your computer. They claim that they found some very personal emails, pictures, videos, or activity online that you would not want others to see, it can be anything. And of course, if you pay them quickly, they will not tell anyone.
The lie they are selling is often supported by them appearing to send the email from your account. Anyone can send an email using another person’s email address (spoofing, or “email forgery”) – they just send the email using the same email address in the “From:” and “To:” field; yours. And they do the same thing to millions of others just like you.
Their aim then is direct and all too straightforward; ransom for a price. They often ask for a payment to a specific crypto-currency address, mostly BitCoin. If you pay them before a clock runs out, they won’t follow up on their threat, but it is always there.
If you look at their scam, the criminals don’t have to do much. They don’t have to; compromise your computer or account, sift through anything or try to organize what they find to use against you later, find out who they could blackmail you to. All they need to do is send millions of emails and sit back, waiting for the money to come in. Their hope is that someone, caught at the right time, already worked up about something or distracted will fall for it- let their emotions carry their judgment away, and believe that the fraudster can cause some trouble – or “just maybe,” and their clock is ticking.
Some people just work on the possibility that the fraudster has what they say so- they are actively skeptical, but fall to the emotional doubt the message has given them; thinking “Better to be sure” and still pay the ransom.
Don’t doubt yourself. If you aren’t sure, think it through. These sorts of schemes are designed to create doubt. It’s a number game to them. They hope you’re one-in-a-million. You don’t want to be that unlucky number.
Email-based fraud is almost always based on social engineering, not technology. Social engineering is the art of convincing you to do something that is not in your best interest, by making you think that it was your idea. Social engineering attacks can be spotted as they contain these three items; and unexpected or sudden change or request, a sense of urgency, and some form of consequence.
Anytime you are presented with something that makes you panic, it might be someone trying to stop you in your tracks and prevent you from thinking it through. If they have compromised your computer, why did they have to email you? Did they give any specific examples of the “dirt” they have on you? Did you really do what they claim that you did?