How internet scams prey on browser guilt

(Image credit: Norton)

Malware is on the rise in 2020. Hackers are finding increasingly devious ways to trick people into downloading their trojan horse software.

Most of these campaigns target a wide swath of people, mostly those who don’t have the tech savvy to download antivirus software and avoid sketchy links. But whether you want to admit it or not, no one is immune to the psychological tricks that scammers use. And everyone has private information or browsing history that they desperately want to stay private—which scammers will use against you, sometimes without even knowing what that private data is.

If and when you’re targeted with phishing, malware, ransomware or other attacks, it’s hard to think rationally about what to do, or figure out just how compromised you already are. This quick guide should help you determine the right next steps to take.

Don’t panic: your data is out there

Unless you’ve invested in a reliable VPN, you’re being tracked. Your IP address, browsing history and cookies are exposed for various sites and browsers to access. And those sites can then, willingly or inadvertently through data breaches, pass that information along to others. 

Mostly, that just means targeted ads. But there’s always an underlying fear that the wrong people will get access to your data—and those wrong people use that fear against you. In one infamous case of this, hackers used people’s browser guilt and leaked private data to set up a “sextortion” scam

The gist of the ruse was to start out by listing one of your passwords, then say that proved they already had complete access to your computer and webcam, and used this to record you during your “private time”. You would be told to send them money via Bitcoin before they shared a salacious video with people you knew. 

Other scams differ in the guilt factor, but follow similar trends. They hint at wrongdoings that most people have probably done (watched porn, downloaded music illegally, accidentally visited a sketchy website), then add just enough personal information to send you into a panicked shame spiral. Even accusations you know are false can terrify you into compliance, if you’re convinced they’ll spread fake rumors about you if you don’t pay them off.

They don’t want you realizing that, rationally, if they had access to your PC, they could access your information and accounts without resorting to blackmail and surveillance. It costs less time and money to create an email template, cast a wide net, and wait for people with guilty consciences to give them what they want. 

If a phishing email uses personal information to trigger your fears, immediately check Have I Been Pwned? and see if that information came from a company leak. If their evidence is having your email and some old password, you should ignore the email and take comfort in the fact that they don’t really know anything about you and have other marks to rob.

Hacking your insecurities

(Image credit: Norton)

It’s only when the information is truly private and targeted, or when your computer has obviously been breached, that more drastic measures may be necessary. Panicking, however, still isn’t necessary or productive in solving your problem.

When it comes to malware, hackers are playing a long game with your computer. They want it to stay undetected while it gathers financial information about you. While that’s scary in concept, in reality there’s nothing much you can do except keep your firewall intact, avoid untrusted links and vary your passwords. If an email says outright that you are infected with malware, there’s reason to believe they’re trying to scare you with an invisible boogeyman.

When ransomware pops up on your computer, that’s typically a more serious problem, though the hacker may try to make the problem more serious than it actually is. 

Generally, your computer will be frozen, with a message saying you must pay a fee in order to unlock your computer, or else they’ll delete your files permanently. However, they know PC repair shops can sometimes find a way to reboot your computer in safe mode and remove the ransomware, so they need a way to keep you scared and isolated.

So, again, they turn to threats against your character. The ransomware script may suggest that if you don’t pay the ransom, they’ll email your dirty secrets to people you know. Thus, you’ll want to avoid going to a specialist, for fear of being exposed to repercussions.

But, once again, getting ransomware on your computer does not mean that the hackers that built the virus will have access to your computer or browser history—or the inclination to search for that information.

You may admittedly still need to pay the ransom, if you don’t have a backup of important files and can’t find a way to remove it. Just keep in mind that you’re also letting an extortionist know that you will pay money when threatened. That’s not a message you want to convey, no matter what your browser history says or what files are locked away.

Ultimately, your job in these situations is to set any irrational guilt aside, and just salvage whatever data you can without engaging with your phantom blackmailer. Tom’s Guide has an excellent guide on dealing with ransomware, and antivirus software like Norton 360 are designed to clean ransomware off of any computer.