"Pay up, or you'll be sorry."
Count yourself lucky if you haven't received a cyber blackmail with chilling words like these. Cybercrime is growing more quickly than ever as criminals find different ways to dupe people. Of all the schemes, it's the email extortion scam that tops the chart.
At Zoho, our Anti-Fraud and Anti-Spam teams continuously strive to fight cybercrime. From handling abuse complaints to suspending guilty accounts, they are on their toes to prevent our customers from becoming victims.
With reliance on the internet making everyone a potential victim, we're sharing our teams' findings to the outside world to help reduce the cybercrime rate.
What does an extortion email look like?
Take a look at the example shown below, and you'll know.
Now let's do some sampling here. To make the threat look as credible as possible, the spammer has mentioned a password that supposedly belongs to the victim. They also say that keylogger (a malicious surveillance tool) was used to steal the password. This may be beyond comprehension for a person that isn't so tech-savvy, and the spammers use it to their advantage. Furthermore, people who watch pornography are easier targets, which is why extortion has very much become 'sextortion' these days.
How do I deal with an extortion email scam?
Let's find out by considering the same example.
The email, in fact, arrived in one of my acquaintance's inbox. And he wasted no time in seeking the help of the Anti-Fraud and Security team. Knowing that cybercriminals normally extract information from data breaches that have happened across the globe, our team started their investigation on that front. It turned out the criminal had cashed in on the 2012 LinkedIn hack to come up with the extortion email.
If you receive cyber blackmail like this, these are the steps you should follow:
1.Check for data breaches
With regard to the infamous 2012 LinkedIn hack I mentioned earlier, a hacker breached their database, stole 6.5 million encrypted passwords and posted them on an illegal forum. Many companies have been on the receiving end of data breaches, and it's gaining widespread attention. The stolen data is usually sold for a huge price in the dark web marketplaces. And that's where the foul play starts.
If you confront cyber blackmail at all with a password that you use or possibly have used before, change the password of all your associated accounts. As a next step, check whether your email address was involved in any data breaches. This way, you can identify the breached site and change your password.
2. Check your footprints on the unauthorized sites
Realizing that email is an inseparable part of our lives today, cyber-criminals build websites that are sure to attract visitors. For instance, a gaming website. When you sign-up for such websites with your email address, you play into the hands of hackers. Assuming you've used one of your primary passwords for their site, a hacker might use the password to break into your other important accounts and create damage beyond repair.
3.Understand that the spammer may just be trying his luck
Sometimes, your email address alone is good enough for a spammer to gain access to your accounts. How? When the hashed password combinations from the 2012 LinkedIn hack got exposed in 2016, a staggering 753,305 users had '123456' as their password. In hindsight, anyone can guess a password as weak as this. But where did they get your email address? Simple! If you mention your email ID on a page that comes under the purview of a search engine, you're leaving trails.
How to protect yourself from cyber blackmail
Now that you know how to react to cyber blackmail, here are some tips that might help you prevent it in the first place:
1. Don't use a common password across platforms.
2. Create a password that is 12-14 character in length. Also, make sure it's a combination of numbers, symbols, lower-case letters, and capital letters.
3. Make sure your password doesn't contain a part of your name, your city or country's name, or even a dictionary word.
Hope this helped! Stay tuned to this space for more updates on cybersecurity.