Imagine you’re mindlessly surfing the internet, when suddenly your screen locks and displays an ominous message: The FBI has “seized and frozen access” to your device because of online activities violating federal law.
This convincing message would take even savvy technology users aback—and it caught many in its snares as inexpensive PCs, smartphones, and tablets, such as Kindle Fire, became more prevalent in the early 2010s. The message went on to say that you could regain access only by paying a fine to the FBI using a GreenDot MoneyPak voucher.
MoneyPak tricks its way to a payday
And that’s when hopefully you would start to get suspicious. Unfortunately, though, enough people fell for the FBI MoneyPak ransomware, aka Reveton, that its UK creator made approximately $915,000 in MoneyPak payments before his arrest.
Zain Qaiser purchased online ads, often on adult websites, and placed malicious code in them. Reveton victims would pick up the code, which then activated the fake FBI message. The real FBI issued a warning about Reveton in August 2012.
But Reveton persisted, with Qaiser’s initial arrest not occurring until July 2014. He worked with an American, Raymond Odigie Uadiale, to launder the money through MoneyPak and into his own bank account. (Interestingly enough, following Uadiale’s involvement with Reveton, he was a Microsoft employee.) The pair had ties to a Russian cybercrime group, and later iterations of Reveton suggested victims had accessed child pornography and a government agency was now monitoring their online activities. That wasn’t true—but the malware did eventually include the Pony password stealer as the hackers attempted to shore up their profits when fewer victims fell for the MoneyPak scheme.
Today, the MoneyPak website offers multiple warnings about fraud—and reminds visitors that law enforcement isn’t going to request a payment from you in this way.
Photo: Andrey_Popov / Shutterstock