Scammers pretending to have hacked and shot video of people watching porn is not exactly news. However, from time to time the scheme gets a new twist. Last time, it was alleged CIA involvement to heighten the threat — the supposedly watched adult video was of an illegal sort. The purpose of these tales is to panic the user so they’ll send money without thinking too hard about the false claims.
Most often, cybercriminals demand a ransom in cryptocurrency; such transactions are anonymous and extremely hard to trace. The wallet address for transferring the money is usually specified in the text of the e-mail. Lately, however, we’ve been seeing sextortion messages with no such address. The scammers ask to be contacted in a more traditional way — by e-mail — and demand a different sort of ransom.
Prepaid ransom cards
Having delivered the bad news to the victim, the scammers ask them to go to a store from a list (in this case, Walmart, Lojas Americanas, Extra, Pão de Açucar, or Casas Bahia) and purchase some prepaid debit cards there. These cards need to be topped up to a certain amount and photographed on both sides, and the pictures sent to the specified e-mail address.
Generally speaking, the main difference between prepaid debit cards and the usual kind is that there is no need to go to a bank to get them — you can buy and top them up right in the store. At the same time, such cards are connected to the major global payment systems, such as Visa and Mastercard, and are accepted anywhere those systems operate.
The debit cards in this particular sextortion scheme — Acesso cards — are sold in Brazil and work with the Mastercard system. One of the features of these cards is that they are usable not only in Brazil, but internationally as well. Perhaps that’s the feature that the cybercriminals in question are particularly interested in. Acesso cards are sold in supermarkets and hypermarkets of the abovementioned chains for some 15 reals (a bit more than $3.50) and can be topped up with any amount of money right there and then.
So, having been fed the prepaid card details (hence the requirement to photograph both sides), the scammers can immediately use it to withdraw money.
A particular e-mail that caught our eye targeted users in Brazil. Brazilian extorters had previously demanded prepaid cards from victims, but only the telephone variety. In some ways the demand for prepaid debit cards could actually be described as innovative.
Note that although the message text in the example is indeed in Portuguese, it’s simply the output from an online translator. By all appearances, the scammers are not local. That said, they seem well-versed in the day-to-day realities of the target country. For example, they know that such cards can be bought in Brazil, and where.
E-mails like this one are typically crafted using more or less the same templates, automatically translated into different languages (for the target audience), and dispatched to millions of e-mail addresses from spam databases.
Goodbye to bitcoin?
It is still too early to say if prepaid debit cards will supplant bitcoin as the new ransom currency of choice, or whether such messages are the exception rather than the rule.
In any event, it is worth remembering that such e-mails are not the work of genius hackers, but a social engineering shot in the dark. Such messages are not targeted; they’re sent in bulk using spam databases. The scammer did not hack anyone and has no compromising information on you at all. Their only goal is to scare the victim into obeying the instructions as quickly as possible.
To rest easy about such threats, use a reliable security solution with up-to-date databases that will block fake messages before they wind up in your mailbox.