Canadians are receiving “sextortion” emails demanding cryptocurrency and threatening the release of explicit videos, and two victims say more education and outreach is needed.
On February 13, Kiran Bains was sifting through her junk mail when she noticed an email titled “I Know.”
“I know there’s a lot of scams, we get calls and emails, but the first line in this email I saw was my password,” the 37-year-old Brampton, Ont. woman said in an interview.
The email said Bains’ computer was infected with malware, giving the scammer access to her accounts, her computer’s camera, and microphone.
“I can send the video to all your contacts, friends, post it on social network, publish on the whole web!” it read.
The scammer demanded Bains transfer $900 in DASH cryptocurrency.
According to the Canadian Anti-Fraud Centre (CAFC) the cost of mass marketing fraud (fraud by phone, the internet, mass mails, and email) is approaching $130 million, which represents a 30 per cent increase from 2017.
Bains said she called the police first, who advised her to change her passwords immediately and monitor her accounts.
“What really had me shuffling is that it was my real password,” she said. “When you see your password sent to you from somebody, some unknown person, you don’t know who it is, where they’re from, what they’re monitoring… I felt a bit scared.”
Bains said that while she did a quick Google search of the type of scam and did her due diligence, she still felt that there wasn’t enough information to educate her on extortion email scams.
“You hear about the [robocalls] on the news, you hear about it on the radio, but nothing like this where someone tells you what your password is,” she said, adding that a lot of senior citizens or younger Canadians could easily be a victim of these scams.
Robert Rochefort, an intelligence research profiler at the CAFC, explained in an interview it is difficult to definitively know how scammers get information like passwords, but that it can be found from a database breach.
For example, if customers sign up for services or do a survey with a company that later incurs a data breach, that would allow scammers access to personal information.
He added that the CRTC did implement the anti-spam legislation but the difficulty is trying to stop all the emails.
“It only takes five minutes to create a new email account. Once an account is created, especially with different free online email sources, you knock one down, a brand new one starts up and they’re going to continue spamming,” he said.
Rochefort said that to crack down on email scams law enforcement has to get to the root cause and that involves police from many jurisdictions, and sometimes working with law enforcement agencies in…