慌亂的消息打破了午夜的寧靜,。奧倫·法爾科維茨收到了一位客戶的請求，這位客戶的朋友持有一家即將上市的硅谷公司的股份,，卻收到了可怕的郵件,。

客戶寫道：“對方聲稱，他觀看色情影片的視頻已經(jīng)被他們用攝像頭拍下來了,?！?/p>

作為反欺詐公司Area 1的老板，法爾科維茨的建議很有效：“這是假消息,。讓他刪掉（郵件）,，去睡覺吧?！?/p>

危機(jī)解除了,。不過另外幾千人卻不幸成為了這個(gè)郵件騙局的受害者。對方要求他們支付比特幣,，否則就把網(wǎng)絡(luò)攝像頭拍攝到的隱私照片和色情視頻的截圖發(fā)給受害者的所有聯(lián)系人,。

不幸的是，這種勒索方案成為了犯罪獲利的最新榜樣,。Area 1的調(diào)查顯示,，騙子發(fā)送了數(shù)百萬封郵件，共計(jì)得到94.9萬美元,。平均每筆成功的勒索可以得到593.56美元,，按照文章撰寫當(dāng)日的匯率，即0.073比特幣,。

Area 1的數(shù)據(jù)來自于對比特幣區(qū)塊鏈的檢查,，其中永久記錄了所有的交易情況，包括那些與騙子綁定的數(shù)字錢包地址相關(guān)的交易,。

色情威脅是這些罪犯郵件敲詐的三大類型之一,。其他手段還包括威脅摧毀受害者電腦中的數(shù)據(jù)，或在受害者的工作場所實(shí)施暴力行為,。

這種騙局已經(jīng)流行了一段時(shí)間,。正如我的同事羅伯特·哈克特在去年8月解釋的那樣,，由于騙子會附上受害者曾經(jīng)用過的真實(shí)密碼，這樣的威脅具有相當(dāng)?shù)男ЯΓ?/p>

（你應(yīng)該）看看郵件提供的密碼對應(yīng)的賬戶能否在Have I Been Pwned找到,。這個(gè)可以搜索的數(shù)據(jù)庫能夠確定那些網(wǎng)絡(luò)漏洞引發(fā)的數(shù)據(jù)泄露里是否包含你的信息,。如果可以搜到使用那個(gè)密碼的賬戶，就說明勒索者可能利用這些廢棄數(shù)據(jù)得到了所有那些信息,。換個(gè)直白的說法：騙子沒有監(jiān)視你的鍵盤輸入,、屏幕和網(wǎng)絡(luò)攝像頭。他只是虛張聲勢,，恐嚇那些驚疑不定的受害者,，讓他們支付加密貨幣。

某專家認(rèn)為,，目前的色情郵件欺詐與摩洛哥的一家營銷公司有關(guān),，它之所以成功，是因?yàn)槔账髡呱朴谝?guī)避微軟（Microsoft）和谷歌（Google）的垃圾郵件過濾系統(tǒng),。Area 1的報(bào)告顯示，他們逃避檢測的一個(gè)途徑是在郵件中暗藏不可見的莎士比亞或簡·奧斯汀的語句,。過濾系統(tǒng)會認(rèn)為郵件中主要是“優(yōu)美的文字”,，從而讓它們免于被屏蔽，順利進(jìn)入收件箱,。

盡管如此,，他們利用的與其算是技術(shù)漏洞，不如說是人性的弱點(diǎn),。法爾科維茨認(rèn)為,，總有人會上當(dāng)，部分原因在于人類有著好奇的天性,。

他表示：“給員工培訓(xùn)起不到什么效果,。‘賬號被盜’這樣的短語太容易引發(fā)他們的情緒化反應(yīng),?！?/p>

他補(bǔ)充道，最好的辦法是通過反釣魚技術(shù)從源頭上阻止不良郵件的傳播,。

這是解決問題的途徑之一,，不過卻并非最經(jīng)濟(jì)實(shí)惠的選擇。你還可以購買攝像頭保護(hù)套,，在亞馬遜上,，這種可滑動的小配件六只裝只要7.99美元，作為對比,，也就是0.00098比特幣,。（財(cái)富中文網(wǎng)）

譯者：嚴(yán)匡正

It was after midnight when Oren Falkowitz received the frantic text messages. It was a plea from a client to help a friend who owns shares in a Silicon Valley company set to go public—and who had received a very frightening email.

“They said they have videos of him looking at porn through his webcam,” the client wrote, adding the senders had targeted his friend in a crafty blackmail scheme.

Falkowitz, who runs an anti-phishing company called Area 1, had some useful advice: “It’s fake. Tell him to delete [the email] and go to sleep.”

Crisis resolved. Unfortunately, thousands of others have fallen prey to the same email scam, which instructs the victims to send Bitcoin or else see intimate photos from their webcam—and screenshots of the porn they watched—sent to all of their contacts.

Unfortunately the blackmail scheme has become the latest example that crime sometimes pays. According to an investigation by Area 1, the scammers have sent millions of emails and earned $949,000 from the racket. The average payout is $593.56, or 0.073 Bitcoin, at today’s rate.

Area 1 came up with the figure by examining the Bitcoin blockchain, which contains a permanent record of all transactions, including those associated with a digital wallet address tied to the crooks.

The porn threats are one of three variations of email blackmail used by these criminals. The others rely on threats to destroy data on the victim’s computer, or to carry out a form of physical violence at the victim’s workplace.

The scam has also been going on for a while. As my colleague Robert Hackett explained last August, it has proved effective at frightening people because the scammers will include a real computer password the victim has used in the past:

[you should] check to see whether any accounts tied to that password appear in Have I Been Pwned, a searchable database that identifies what personal information of yours may have leaked as a result of various online breaches. If any accounts that once used that password pop up, then the extortionist likely scraped all of the information from one of these data dumps. Translation: The crook has not been monitoring your every keyboard touch, screenshot, and webcam image. Rather, the delinquent is bluffing—frightening unsuspecting victims into forking over cryptocurrency.

The current porn email scam, which one expert suggests is tied to a Moroccan marketing company, has also been successful because the blackmailers are good at evading spam filters set up by Microsoft and Google. According to Area 1’s report, one tactic they use to avoid detection is to paste lines from Shakespeare or Jane Austen in invisible text in the email—a signal to the filters that there is mostly “good language” in the email, helping it land in recipients’ in-boxes, rather than being blocked.

Still, it’s not so much a technical loophole they’re exploiting, as it’s human failings they’re taking advantage of. Falkowitz argues that people will always fall prey to phishing, in part because humans are naturally curious.

“Training employees doesn’t work,” he says. “They’re too subject to emotional responses in response to phrases like ‘a(chǎn)ccount compromised.'”

Instead, anti-phishing technology designed to stop bad emails from getting through in the first place is the best solution, he adds.

That’s one way to solve this problem, but it may not be the most economical approach. You can also invest in a webcam cover—the sliding stickers currently come in a six-pack from Amazon for $7.99, or just 0.00098 Bitcoin, for comparison’s sake.