Since late 2018, hackers have found yet another way to breach security at your expense. The latest that they’ve come up with is sextortion- or simply blackmail you into paying them money using your fears about your internet activities against you.
In this new scam, hackers will send you an email containing some of your personal information, such as your email’s or other sensitive passwords and make you believe that since they have this intimate information about you, everything else that they say must be true. Then, the email will continue claiming that not only they know your entire web-surfing history, but that they also have video footage of you accessing pornographic related websites. The hackers get your email and password information from unrelated data breaches and use this information to make you think they know more about you than they do.
In general, if you receive an email like this, you can safely ignore and delete it.
While it may be possible for them to have accessed this information if you inadvertently allowed them into your computer, or if your computer was not being properly patched, it is usually the case that you are receiving a generic email sent to the masses and that they have no such information.
The audience targeted for such scams is usually CEO’s, doctors and lawyers, who the scammers know wouldn’t want any such videos to be released to the web. Those targeted executives would often agree to pay the high fee in order to keep quiet and avoid scandals. They will often have no choice but to pay the scammer usually in the form of bitcoin which would average at $500 per scam.
Between July 2018 and February 2019, it was reported that an estimated sum of $332,000 has netted by hackers using this technique. Certain hacker criminal groups are offering as much as a $350,000 in yearly salaries to accomplices who can help them with this scam.
At MBC, our advice remains the same for any phishing-type scams and includes the following:
If you see your boss, IT department or billing department asking you for sensitive information via a clickable link in an email, always first verify that the e-mail is legitimate and was sent by the entity sending it. Pay close attention to the From email address as this is usually an easy way to tell if it is authentic communication.
If you are being prompted to open or download an attachment that you were not expecting, DO NOT Open or Run it.
Be sensitive to the context of the email request and ask yourself if it sounds like what that contact would request. Before following through, always verify and validate with the original sender by phone or in person, not electronically.
Right-click (or Press and Hold for mobile phones) on the hyperlink you are being directed to. Take a look at the domain name and make sure it is authentic. When in doubt, don’t use the link and instead go directly to the website.
Looking for more information on how to protect your company again Cybercrime, have a look at the Security tips of try our free Cyber security assessments.