慌亂的消息打破了午夜的寧靜。奧倫·法爾科維茨收到了一位客戶的請求,，這位客戶的朋友持有一家即將上市的硅谷公司的股份,，卻收到了可怕的郵件。

客戶寫道：“對方聲稱,，他觀看色情影片的視頻已經被他們用攝像頭拍下來了,。”

作為反欺詐公司Area 1的老板,，法爾科維茨的建議很有效：“這是假消息,。讓他刪掉（郵件），去睡覺吧,?！?/p>

危機解除了。不過另外幾千人卻不幸成為了這個郵件騙局的受害者,。對方要求他們支付比特幣,，否則就把網絡攝像頭拍攝到的隱私照片和色情視頻的截圖發(fā)給受害者的所有聯系人。

不幸的是,，這種勒索方案成為了犯罪獲利的最新榜樣,。Area 1的調查顯示，騙子發(fā)送了數百萬封郵件,，共計得到94.9萬美元,。平均每筆成功的勒索可以得到593.56美元，按照文章撰寫當日的匯率,，即0.073比特幣,。

Area 1的數據來自于對比特幣區(qū)塊鏈的檢查，其中永久記錄了所有的交易情況,，包括那些與騙子綁定的數字錢包地址相關的交易,。

色情威脅是這些罪犯郵件敲詐的三大類型之一。其他手段還包括威脅摧毀受害者電腦中的數據,，或在受害者的工作場所實施暴力行為,。

這種騙局已經流行了一段時間。正如我的同事羅伯特·哈克特在去年8月解釋的那樣,，由于騙子會附上受害者曾經用過的真實密碼,，這樣的威脅具有相當的效力：

（你應該）看看郵件提供的密碼對應的賬戶能否在Have I Been Pwned找到。這個可以搜索的數據庫能夠確定那些網絡漏洞引發(fā)的數據泄露里是否包含你的信息,。如果可以搜到使用那個密碼的賬戶,，就說明勒索者可能利用這些廢棄數據得到了所有那些信息。換個直白的說法：騙子沒有監(jiān)視你的鍵盤輸入,、屏幕和網絡攝像頭,。他只是虛張聲勢,，恐嚇那些驚疑不定的受害者，讓他們支付加密貨幣,。

某專家認為,，目前的色情郵件欺詐與摩洛哥的一家營銷公司有關，它之所以成功,，是因為勒索者善于規(guī)避微軟（Microsoft）和谷歌（Google）的垃圾郵件過濾系統,。Area 1的報告顯示，他們逃避檢測的一個途徑是在郵件中暗藏不可見的莎士比亞或簡·奧斯汀的語句,。過濾系統會認為郵件中主要是“優(yōu)美的文字”,，從而讓它們免于被屏蔽，順利進入收件箱,。

盡管如此，他們利用的與其算是技術漏洞,，不如說是人性的弱點,。法爾科維茨認為，總有人會上當,，部分原因在于人類有著好奇的天性,。

他表示：“給員工培訓起不到什么效果?！~號被盜’這樣的短語太容易引發(fā)他們的情緒化反應,。”

他補充道,，最好的辦法是通過反釣魚技術從源頭上阻止不良郵件的傳播,。

這是解決問題的途徑之一，不過卻并非最經濟實惠的選擇,。你還可以購買攝像頭保護套,，在亞馬遜上，這種可滑動的小配件六只裝只要7.99美元,，作為對比,，也就是0.00098比特幣。（財富中文網）

譯者：嚴匡正

It was after midnight when Oren Falkowitz received the frantic text messages. It was a plea from a client to help a friend who owns shares in a Silicon Valley company set to go public—and who had received a very frightening email.

“They said they have videos of him looking at porn through his webcam,” the client wrote, adding the senders had targeted his friend in a crafty blackmail scheme.

Falkowitz, who runs an anti-phishing company called Area 1, had some useful advice: “It’s fake. Tell him to delete [the email] and go to sleep.”

Crisis resolved. Unfortunately, thousands of others have fallen prey to the same email scam, which instructs the victims to send Bitcoin or else see intimate photos from their webcam—and screenshots of the porn they watched—sent to all of their contacts.

Unfortunately the blackmail scheme has become the latest example that crime sometimes pays. According to an investigation by Area 1, the scammers have sent millions of emails and earned $949,000 from the racket. The average payout is $593.56, or 0.073 Bitcoin, at today’s rate.

Area 1 came up with the figure by examining the Bitcoin blockchain, which contains a permanent record of all transactions, including those associated with a digital wallet address tied to the crooks.

The porn threats are one of three variations of email blackmail used by these criminals. The others rely on threats to destroy data on the victim’s computer, or to carry out a form of physical violence at the victim’s workplace.

The scam has also been going on for a while. As my colleague Robert Hackett explained last August, it has proved effective at frightening people because the scammers will include a real computer password the victim has used in the past:

[you should] check to see whether any accounts tied to that password appear in Have I Been Pwned, a searchable database that identifies what personal information of yours may have leaked as a result of various online breaches. If any accounts that once used that password pop up, then the extortionist likely scraped all of the information from one of these data dumps. Translation: The crook has not been monitoring your every keyboard touch, screenshot, and webcam image. Rather, the delinquent is bluffing—frightening unsuspecting victims into forking over cryptocurrency.

The current porn email scam, which one expert suggests is tied to a Moroccan marketing company, has also been successful because the blackmailers are good at evading spam filters set up by Microsoft and Google. According to Area 1’s report, one tactic they use to avoid detection is to paste lines from Shakespeare or Jane Austen in invisible text in the email—a signal to the filters that there is mostly “good language” in the email, helping it land in recipients’ in-boxes, rather than being blocked.

Still, it’s not so much a technical loophole they’re exploiting, as it’s human failings they’re taking advantage of. Falkowitz argues that people will always fall prey to phishing, in part because humans are naturally curious.

“Training employees doesn’t work,” he says. “They’re too subject to emotional responses in response to phrases like ‘account compromised.'”

Instead, anti-phishing technology designed to stop bad emails from getting through in the first place is the best solution, he adds.

That’s one way to solve this problem, but it may not be the most economical approach. You can also invest in a webcam cover—the sliding stickers currently come in a six-pack from Amazon for $7.99, or just 0.00098 Bitcoin, for comparison’s sake.