May 29, 2024

201 - Scam Anatomy

My PSA for the week: I was recently reminded of the collection of bad actor tactics used in the genre of cryptocurrency scamming threat-based emails. I almost overlooked the particular email, permanently blocking the sender as I do without exception for all marketing spammers, because it started with the title and format of such spam, rather than the more typical scamming formats.

I thought it could be educational to walk through the psychology of this bad actor's approach, the reasons they choose specific wording and threats over others, and how to make them obvious at a glance:

"...Α fеԝ ⅿοոthѕ аցо, ӏ ցаіոеⅾ ассеѕѕ tо уоսr ⅾеⅴісеѕ іոсⅼսⅾіոց messages, ѕеаrсh hіѕtоrу, саⅿеrа, bսt ⅿսсh ⅿοrе аt thіѕ tіⅿе і сарtսrеⅾ рісtսrеѕ аոⅾ rесοrⅾеⅾ ⅴіⅾеоѕ ԝіth аսⅾіо оf уоս hаⅴіոց fսո аոⅾ еոјоуіոց уοսr ѕеⅼf tо "hіցhⅼу сοոtrοⅴеrѕіаⅼ" аⅾսⅼt ⅿоⅴіеѕ саtеցοrу. Yοս kոоԝ ԝhаt іⅿ tаⅼkіոց аbоսt :)"

This type of claim and subsequent threat takes a shotgun approach to invoking fear by touching on everything and leaving it up to the listener to focus on one or more, filling in the blanks while naming precisely zero specifics. This is a typical con artist's tactic. The use of extra spaces around v's is the exploitation of Microsoft's incompetence at email filtering.

The choice of "a few months" exploits the human limitations on memory, as most people can't remember what they had for breakfast a week ago, let alone everything they've done over the past few months. Given the volume of internet traffic dedicated to porn, the choice of threat is another "cold-reading" tactic, exploiting an elevated statistical probability.

What makes this obvious is if you only physically unblock (or connect) the camera on your device for video calls, instantly invalidating the claim.

"...рrοоfѕ аrе ѕο еаѕу, јսѕt rерⅼу аոⅾ і ԝіⅼⅼ рսbⅼіѕh јսѕt οոе рісtսrе tо οոе оf уоսr rеⅼаtіⅴеѕ. frοⅿ уоսr оԝո ⅾеⅴісе."

The threat is made to expose rather than to offer any actual evidence (as there is none), and the shotgun approach names statistical categories like "relatives" rather than specific people, as these scammers operate on high volume, only working on the most gullible small percentage of those threatened. Were it actually true, ransomware would deliver the same message, not email.

"...trаոѕfеr ехасtⅼу 2000 ՍՏᎠ tо ⅿу Bitcoins ԝаⅼⅼеt..."

Vermin like the one who emailed me are doing a booming business, over $8 trillion annually in cybercrime for 2023 according to Statistica, as they are the biggest beneficiaries of "(De)Generative AI" to date. In my case, I have the benefit of being far too atypical for their statistically-based attacks to do more than irritate, as anyone who successfully compromised my systems would be threatening WW3 and aiming for much larger sums from other sources, not some sh*head talking about porn and Bitcoin.