Phishers resort to perverted email extortion
Internet users beware. There is a new phishing campaign that is making the rounds of the cyber space. This time, the cyber criminals have resorted to shameless blackmailing. India’s federal cybersecurity agency has uncovered a batch of fraudulent emails that are trapping victims by threatening to leak their personal videos to the mass public. The phishers say they have secretly captured a private video which would be going live on the internet unless the victim pays a ransom in the form of crypto-currency. Such blackmail emails are a means of email extortion, and are likely to cause massive panic. Thanks to techie movies, we are no strangers to the idea of our device cameras being hacked and used to record our surroundings.
Breaking down email extortion
To make sure the panic doesn’t spread, the Computer Emergency Response Team of India (CERT-In) has intervened. In its advisory, it said that such emails should not be taken seriously at all. As precautions, CERT-In suggests you should revisit all your passwords and try to strengthen them even more.
As an aid to people CERT-In also lays down the typical format and messaging of an extortion email. First off, the hacker creates a scare by including the victim’s old password. This immediately establishes the hacker’s credibility. You begin to think he/she really might have some video recording of yours. You automatically start taking whatever comes next very seriously. To try and cinch the deal, CERT-In says the extortionist is likely to use a lot of confusing technical jargon.
Besides the ‘you were caught on camera’ scam, another narrative the hackers are weaving has to do with a malware. The email says the hacker placed a malware on some inappropriate website you were caught visiting, and while you engaged with the website, the malware creeped into your system and stole all the contacts from email, messenger, and Facebook.
Not willing the risk of a paper/electronic trail, the hacker will demand ransom in some form of crypto-currency, like Bitcoin. To keep you from overthinking or possibly going to the authorities, the extortion email says you have only 24 hours to pay up.
Don’t stress over it: The truth behind an email extortion and what you can do to prevent it
CERT-In reports that the password mentioned in the email might very well be your own, but it does not mean the hacker has gained illegal access. You might want to double check within your organization and look for a data breach. Have you stored your passwords on a singleton file somewhere? Did you mention it in passing where someone might have overheard it? Is there a pattern to all your passwords? (The name of your children or pet etc.) The first thing you have to do is improve upon your password policy. The next thing is to plan an organization-wide search for possible security weak-points. The extortion threat might not be real, but the fact that the hacker got his/her hands on a password suggests a weakness in your security fabric.
And, whatever happens, do not pay up.
“Recipients should not send any payments to the scammers and if the passwords listed are in use or familiar, recipients are advised to change their password at any site that they are being used.” – CERT-In
Strong Gatekeeping
As it would’ve become clear by now, the problem starts when the hacker starts playing with the victim’s panicked mindset. It is the unsurety factor that makes such campaigns successful. You begin to wonder: is my security actually strong enough to ward off such email extortions? Even if you have done everything right, there is a lingering doubt.
But what if you could be confident that your security is in good hands? What if a tool could weed out such email extortion scams before they even became a cause for worry? Email is the entry for phishing campaigns. Security advisers everywhere are pushing people towards better email security mechanisms. With a trusted, third-party email security service, you can protect against malicious emails, detect spoofed email addresses, and identify whether a link or attachment contains malware. You can rest easy knowing that no malware from any website has leaked to your email contacts and mailboxes.
Logix’s Email ATP solution can protect against advanced email threats, phishing attempts, and also business email compromise (BEC) attacks. Our tool can filter out potential threats before they even reach to you. Bid farewell to security matters that distract you from running your business.