How internet scams prey on browser guilt

Once upon a time, the internet was seen as an anonymous, faceless utopia where you could say what you want, download what you want and browse where you want.

But in the past few years, we’ve been made aware of IP addresses, browsing histories and cookies (the internet tracking kind, not the delicious kind). We’re all a lot savvier about online tracking too – but that doesn’t mean we’re any smarter about the things we search for.

Which is exactly where browser guilt comes in. Most of us have searches in our browser history we’d rather no one know about – and this is exactly what hackers are targeting through a volatile combination of ransomware and browser guilt.

The evolution of the humble hacker

Internet scammers evolve with the time. Where once you received emails from fictional deposed princes, now you get pop-up ads that tell you that you’re being watched.

Ransomware pops up on your computer, freezes your PC (or pretends to), and threatens further action unless you pay a specified fine. This threatened action could be deletion of precious files (sentimental or work-related), hacking of financial accounts, legal action, or something else.

However, a new subset of ransomware attack preys on the victim’s sense of guilt; hazarding a guess that they visited a site that might, for instance, be linked to pornography (or even child pornography).

Or it might suggest that certain compromising files (such as private photos or emails) will be distributed unless a ransom is paid. Maybe it’ll mention the very common (and very illegal) practice of downloading contraband movies, music or TV shows.

This sense of guilt could be for behaviour real or imagined: even if your online behaviour is squeaky clean, you might misremember or imagine something illegal you’ve done or said in your lifetime of browsing. And has every single site you’ve clicked on (intentionally or accidentally) been 100% legal?

These scammers often don’t have access to browser history or computer files, but (much like those infamous Nigerian Prince emails), it doesn’t matter as it’s inexpensive to attack many targets simultaneously.

Malware is a long game, lurking on your computer and accumulating valuable financial information. Ransomware on the other hand, is a cruder, faster business that mixes modern communication with an old fashioned psychological con game – extorting money based on threats that may or may not be real.

This is a combination of carrot and stick; the stick is the potential embarrassment and the tempting carrot is the idea that if you pay a small ransom fee, the threat will disappear. Admittedly not the greatest ‘carrot’ ever.

What to do if you’ve been hacked?

Well firstly, don’t panic. Seriously, don’t. Assess the threat. Is it even real or tapping into browser guilt? For instance, the FBI has bigger fish to fry than someone who watches adult content or illegally downloaded the new Kanye album.

It’s entirely possible that your computer isn’t truly frozen, which can be assessed if you do something simple like unplugging it. The most obvious course of action is to bring it to a reliable repair shop.

However, ransomware scams are often successful because people are afraid to expose what they’ve been doing (whether it’s to a partner, the authorities or to a stranger in a repair shop). Even though these ransom payments are usually one-off, we would recommend not paying.

You might be lucky and pay out (typically) about £300 and be done with it, but you’re also letting an extortionist know that you will pay money when threatened. That’s not a message you want to convey – no matter what your browser history says!