Scott Ross became suspicious of a scam when he received a lengthy email from an unknown sender, claiming to have access to his online browsing data, personal photographs and his phone number — information the person would release if he didn’t pay almost $2,000 in bitcoin.
But Ross, 57, said he felt his face immediately go numb when he saw a photo of the exterior of his London house attached at the bottom of the email he received last week.
“To see your house on an email addressed to you with all that information and the body suggesting they have your browsing history, your photos, they know your family and can come to your house, was terribly unsettling and definitely shakes up part of your day,” said Ross.
It’s all part of an “insidious” technique fraudsters are using in a recent email phishing scam that London police are warning the public about, said Sgt. Sean Harding from the financial crimes unit.
The email’s sender tells a person they’ve installed malware on their devices and are tracking their internet browsing history and recording videos of them, which scammers threaten to release if the individual doesn’t pay a substantial amount by bitcoin.
“It’s really an invasion of privacy,” said Harding. “They’ve attached a picture of your home and it is a photo from Google Earth, but it’s that personalization that is really affecting people.”
Police believe fraudsters have access to an individual’s name, address, email and phone number due to a previous data breach. London police have received more than 20 reports of the email scam since last week, but Harding suspects that number barely scratches the surface.
“We know that fraud is traditionally extremely underreported. Only five to 10 per cent of frauds get reported so we know that our citizens have been affected by this,” he said.
“We’ve seen it happening across the country and even in the U.S., where people with dated addresses are receiving this email and telling us, ‘I don’t live here anymore,’ but they’ve included a photo of a past address.”
What struck Ross the most were the multiple grammatical errors in the email from a person claiming to be from “a very established organization” that led him to believe this was likely a scam. Before responding, he immediately contacted London police, who confirmed his doubts.
What to look out for
Harding acknowledges that although these types of emails can invoke panic, he suggests people should not react or respond. His advice is to follow the three Rs of fraud: Recognize the fraud, reject the attempt and report to authorities.
“That recognize piece is the most difficult,” he said. “Conmen are very good, they’re called conmen for a reason and they’re convincing at what they do.”
If someone does send money, Harding said, individuals have a 10-minute window before it’s withdrawn from their accounts and recommends they use that time to discuss the situation with two confidants who can offer a different perspective.
“In those 10 minutes, discuss this with two friends who can direct you in the right way. Sometimes you just can’t see stuff because you’ve been caught up in the lies that person has been pushing,” he said.
London police also recommend that people change their account passwords and enable multi-factor authentication for additional security.
Harding said London police hasn’t received reports of anyone losing money to this scam yet, but reminds the public that any email suggesting their information has been compromised and asks for money is always a scam.