Scams demanding bitcoin on pain of infecting you with the coronavirus gain their fair share of shine among schemes with a thin veneer of plausibility
We’ve already warned you about all manner of spammers and scammers using strategies based on interest in, or fear and concern about, coronavirus and its associated disease, COVID-19.
Not to be outdone, some of the various ransomware gangs have suddenly developed a semblance of conscience, publicly announcing that they will avoid targeting healthcare providers for the duration of the pandemic, though whether or not their promises can be trusted is a subject for a separate discussion.
Many weeks into the outbreak, coronavirus and the world’s response to its pandemic disease still enjoy wall-to-wall coverage on cable news. The global crisis leads, even dominates, most other news bulletins, being a topic for which many have an apparently unquenchable thirst. Hence, even the most unimaginative and slothful wannabe cybercriminals are repackaging their own or others’ scams and shysterism in COVID-19 wrappers.
Herein we document a couple more coronavirus-related cyber-scams that you shouldn’t be shocked to see in your inbox…
Shut up and dance (coronavirus cut)
We have previously documented contemporary sextortion scams, in which a threat is received that typically indicates someone has hacked the recipient’s computer, recorded (via the webcam) them watching pornography and made a side-by-side video of the porn and the webcam recording. This purported hacker also claims to have all the contacts from the recipient’s email and social media, and threatens to send them all a link to that video if the recipient doesn’t cough up some bitcoin. However, if a payment is made, supposedly this pillar of society is to be trusted to not distribute the video at all and to delete it (rather than to threaten the victim again, unless they pay again, ad nauseam…).
So, what happens when a global pandemic strays into a sextortion scammer’s purview? The example in Figure 1, perhaps?
Aside from the usual twist on the plot of the Black Mirror episode referenced in this section’s subheading, you get a side serving of threatened criminal transmission of a disease. This scam email is also interesting as it continues the tactic of pairing passwords found in publicly leaked account compromises to the recipients’ email addresses in the hope that makes its extortion messages more convincing. It is also interesting for randomly replacing characters in the message with Unicode homoglyphs (characters that are similar to, if not indistinguishable from, the originals). A few characters in Figure 1 should seem a bit odd, but the full extent of this replacement (and how convincing carefully chosen homoglyphs can be) is illustrated in Figure 2, where all these replacements are highlighted.