Canadians are receiving “sextortion” emails demanding cryptocurrency and threatening the release of explicit videos, and two victims say more education and outreach is needed.
On February 13, Kiran Bains was sifting through her junk mail when she noticed an email titled “I Know.”
“I know there’s a lot of scams, we get calls and emails, but the first line in this email I saw was my password,” the 37-year-old Brampton, Ont. woman said in an interview.
The email said Bains’ computer was infected with malware, giving the scammer access to her accounts, her computer’s camera, and microphone.
“I collected all your private data and I RECORDED YOU (through your webcam) SATISFYING YOURSELF!” the email read, which was obtained by Yahoo Finance Canada.
“I can send the video to all your contacts, friends, post it on social network, publish on the whole web!” it read.
The scammer demanded Bains transfer $900 in DASH cryptocurrency.
According to the Canadian Anti-Fraud Centre (CAFC) the cost of mass marketing fraud (fraud by phone, the internet, mass mails, and email) is approaching $130 million, which represents a 30 per cent increase from 2017.
Bains said she called the police first, who advised her to change her passwords immediately and monitor her accounts.
“What really had me shuffling is that it was my real password,” she said. “When you see your password sent to you from somebody, some unknown person, you don’t know who it is, where they’re from, what they’re monitoring... I felt a bit scared.”
Bains said that while she did a quick Google search of the type of scam and did her due diligence, she still felt that there wasn’t enough information to educate her on extortion email scams.
“You hear about the [robocalls] on the news, you hear about it on the radio, but nothing like this where someone tells you what your password is,” she said, adding that a lot of senior citizens or younger Canadians could easily be a victim of these scams.
Robert Rochefort, an intelligence research profiler at the CAFC, explained in an interview it is difficult to definitively know how scammers get information like passwords, but that it can be found from a database breach.
For example, if customers sign up for services or do a survey with a company that later incurs a data breach, that would allow scammers access to personal information.
He added that the CRTC did implement the anti-spam legislation but the difficulty is trying to stop all the emails.
“It only takes five minutes to create a new email account. Once an account is created, especially with different free online email sources, you knock one down, a brand new one starts up and they’re going to continue spamming,” he said.
Rochefort said that to crack down on email scams law enforcement has to get to the root cause and that involves police from many jurisdictions, and sometimes working with law enforcement agencies in other countries.
“It does make it extremely difficult to try and stop,” he said.
This is far from the first case of “sextortion” email scams to occur to a Canadian. Nicholas McDougall, a 34-year-old Ottawa man, said in an interview he received the same scam email about a year ago.
Similar to Bains, McDougall said he knew the email was a scam but was caught by surprise when he saw it included the password he was using at the time.
“I was like geez, they know my password,” he said. “The main thing that upset me or made me worry is that a lot of my important information is attached [to the email].”
McDougall posted on an Ottawa subreddit page to get some answers and said he was reassured when many other individuals responded to his post stating that the email he got was a scam.
Like Bains, McDougall immediately changed his password and said while he felt he could research and get information about email scams, he didn’t know if it was enough for older citizens or young people.
“I don’t want anyone to get scammed out there but the thing is I don’t know how to help those people. A lot of people are stubborn about things. You know, you try to help them with things and they say they know that or they don’t care,” he said.
CAFC works with government, non-profits to disseminate information
Rochefort said the CAFC works with the Competition Bureau, the Ontario Provincial Police, and non-profit organizations to bring attention to these scams to Canadians.
“It is through media releases, through online social media. There will be aspects brought forward through Twitter, Facebook, in order to try and reach out to as many people as possible,” he said. “The difficulty at the end of the day is, of course, we just can’t reach everybody.”
Matthew Johnson, director of education at MediaSmarts, noted that cybersecurity should be included in school curriculums so that all generations know what to do when they get email scams.
“We need to be doing a better job of teaching in the school system. But we also need to make sure that adults are getting training and updates, particularly if they are using computers at work,” he said, adding that younger people are more susceptible to online scams.
MediaSmarts is an Ottawa-based non-profit organization that focuses on media literacy programs.
A new survey from Equifax said 60 per cent of millennials wouldn’t know what to do if someone committed fraud using their name. It added that 43 per cent of those millennials have accidentally clicked on a scam email or text message.
In that survey Equifax said it surveyed 1,515 Canadians ages 18-65 from Jan. 31 to Feb. 3.