COTTONWOOD HEIGHTS — An extortion email has hit inboxes in Utah and it’s using a clever trick to get people to pay up.
“I was a little concerned, because my password was on the subject line,” said Ruth Hanzlik. She received the email out of the blue. The sender wrote that she was caught watching porn on her hacked computer.
“He was able to look through my computer and turn my camera on,” Hanzlik related.
Not only that, he recorded her, too, and tried to prove he wasn’t bluffing by reminding her that he had her password.
“And, it was a valid password,” Hanzlik said. “When it was in the subject line it made me perk up and look at it.”
The sender gave her two options: Either email recordings of Hanzlik viewing pornography to all her contacts on Facebook Messenger or she would have to pay him $7,000 in Bitcoin and he would delete everything.
“I don’t view it nor do I do it. So, I know this guy doesn’t know what he’s talking about,” she said.
The next day, Hanzlik’s husband received his own extortion email from someone else. Like her own, his email promised to expose his viewing habits to his contacts unless he paid them off — $700 in his case.
“They just want to get money but obviously it works or they wouldn’t do it,” she said.
Experts called it the “sextortion scam,” and Utah Valley University’s director of cyber security, Robert Jorgensen, warned it is effective.
“They think, ‘Oh no, somebody actually has my password,’ and a lot of people would be more willing to pay than risk this happening,” Jorgensen explained. “Even if it’s completely unlikely they have done anything that’s described in the email.”
Jorgensen said the scammers buy and use email addresses and passwords stolen from data breaches. So, neither Ruth nor her husband had actually been hacked but it’s likely their information was compromised in a breach by hackers.
“Your information is out there,” Jorgensen said. “We just have to assume that on the dark web with these attackers … they have your credit card information, they have your passwords, they have your address — all of these things.”
In another version of this scam, the email has included a link to video claiming to be proof the victim can see for him or herself. But clicking that link will likely unleash ransomware onto your computer or device.
Jorgensen said the best thing you can do is to ignore the email and delete it. Also, he advised people not use the same password for multiple websites and change it regularly. One thing you should never do is to pay up, Jorgensen said.
“I think the worst thing you possibly do is to pay someone, because that tells them that you are going to possibly pay more afterwards,” Hanzlik said. “And the money is gone once you send it. The money is gone.”