What is an Extortion Email? An extortion email is one that claims to have access to usually pictures or videos showing users in a compromising situation or looking at something that may be a source of embarrassment.
These scams have ramped up in recent years as criminals (we won't use the word Hacker because Hackers are not criminals), have found a lucrative market for this type of extortion.
A user is sitting at their computer when they receive an email along the lines of:
"I'll begin with the most important. I hacked your device and then got access to all your accounts... Including (email address here) It is easy to check - I wrote you this email from your account. Also, I have an old password for the hacking day: 2734"
You get the point.
So the user fearing that they will be "exposed" will send the ransom and hope that the criminals will leave them alone. There is no evidence that this will stop the emails and may even encourage the criminals to continue these email threats.
So how does this happen? It's easy to say the user was looking at an inappropriate website or downloading from a torrent site. A more plausible answer is that the email provider was compromised and the emails and passwords stored stolen.
The degree of security that service providers utilize various widely. And to be fair, anyone can be compromised; this is not only a "small business" issue.
So what can users do to fight this type of scam? As I said, no one is entirely safe; there are things
What can be done?:
Your email provider should have a protocol in place to deal with these issues on their side; we will not try to list here.
It depends on who the provider, but as a paying customer, do not take "there is nothing we can do" for an answer.
This last point is especially important for managers and CTOs. If your provider tells you there is nothing they can do to combat phishing attacks, you may want to look for a different provider.
A note for managers and CTOs:
Aside from the steps listed above, education is an essential way to combat phishing and extortion attacks.
Some examples of this:
Lastly, if users are still concerned about being spied on via their webcam, consider doing the following:
If the webcam is built into the computer, use a cover, i.e., tape.
If the webcam is a peripheral connected by USB, unplug the webcam until you need to use it.
When not using the computer, turn it off.
The most important thing users can do is not send anything the criminal asks for, whether it is Bitcoin or PayPal or any form of payment. Unlike ransomware, where your system itself is compromised, these emails are scare tactics. You would be sending a ransom payment for something that more than likely not happen.
There is no way to be 100% safe online. But we are all responsible for doing what we can to do as much as we can to protect ourselves, our companies, our data, and our families.
Writer Bio: I have been in the tech industry for over six years working as an IT Administrator. My content focuses on Cyber Security, Cryptocurrency, and Privacy. For more of my work, please visit my website: dragonwolftech.com and find me on Twitter: @dragonwolftech