Cyber Extortion

[Lord Chance]

Just a day ago a dear friend received an email claiming to have hacked her email account and now had placed malware on her computer thus gaining access to her data. A few months ago I had to do a wipe and repave on one of my computers due to ransomware. I'm sure we all have seen things like this so let me ask what do these events have in common? They all try to extort money from the victim through threats or depriving you of something until you pay a ransom. In other words they resort to "Extortion".

What is extortion? The definition of extortion is, "Extortion is a criminal offense of obtaining money, property, or services from an individual or institution, through coercion." Yes, you read right. It is a "Criminal Offense". There are laws against this offense in most countries around the world but the Cyber version is not taken seriously by most jurisdictions. We have all heard the excuse that these threats are not serious. They are only empty threats. Tell that to all of the folk who had ransomware and lost important data. Who can say that my friends email and computer weren't compromised. I assure you that this was not the case but the possibility exists.

Even though you can't prevent attempts, there are things you can do to make it harder for these criminals to succeed.

• Never blindly click on email links or open untrusted attachments.
• Keep your operating system, applications, and security software patched and up to date.
• Backup your data
• Keep usernames and passwords secure.
• Use strong passwords and change them on a regular basis.

Phishing.org has a great article called 10 Ways To Avoid Phishing Scams to help avoid problems in the future.

 

[Arctos]

@Lord Chance. A very timely reminder regarding this.

Remember people you do not have any rich friends, African royalty or any one else wanting to share a big chunk of money your way, or when you get a email stating that you have won a billion dollars in a lotto that you have never bought a ticket in.

Don't get sucked in...

Edit: For the Australians, you do not pay with Netflix gift cards to the ATO which is a phone scam doing the rounds here.

 

[Lord Chance]

@Lord Chance. A very timely reminder regarding this.

Remember people you do not have any rich friends, African royalty or any one else wanting to share a big chunk of money your way, or when you get a email stating that you have won a billion dollars in a lotto that you have never bought a ticket in.

Don't get sucked in...

Edit: For the Australians, you do not pay with Netflix gift cards to the ATO which is a phone scam doing the rounds here.

Well said Arctos. The many scams out there only work if you let them. Think, If it sounds too good then you are either very, very lucky or someone is scamming you. I tend to bet my money it is a scam.

For the curious. Want to know if that email really came from the original sender? Try this article, How to Tell if an Email is Fake, Spoofed or Spam. It mainly covers GMail but other email clients will be similar.

 

[DCiAdmin]

The most common email scam rounding the office is a spoofed email from upper management stressing urgency in purchasing and providing iTunes cards. Rather amazing to me how many of the subordinates will fall for such an obvious (to me) ruse.

Very simple questions will sort out the validity of such emails - does it fit the character of the sender, double-check the email - either in the From field or in the start of a Reply - where does a reply go? If either of those aren't as expected, don't respond. Immediately delete such trash.

Knowledge is power - make use of the link provided by LC - How to Tell if an Email is Fake, Spoofed or Spam.

 

[Lord Chance]

The most common email scam rounding the office is a spoofed email from upper management stressing urgency in purchasing and providing iTunes cards. Rather amazing to me how many of the subordinates will fall for such an obvious (to me) ruse.

All of these problems brought to you by Management farming out the network mail. Using an inhouse email server would stop a lot of the problem. Any incoming mail should be suspect and checked. I was working on a project that would filter email by the "From", "Reply-To", "Mailed-By" and "Signed-By" fields in the header. I knew it would not be foolproof but it would give me breathing space and help add those malicious addresses to a database to call to as the project progressed. That is another project that died a weezing death.

 

[DCiAdmin]

All of these problems brought to you by Management farming out the network mail. Using an inhouse email server would stop a lot of the problem. Any incoming mail should be suspect and checked. I was working on a project that would filter email by the "From", "Reply-To", "Mailed-By" and "Signed-By" fields in the header. I knew it would not be foolproof but it would give me breathing space and help add those malicious addresses to a database to call to as the project progressed. That is another project that died a weezing death.

Worthy project, LC. Too bad it didn't make it to fruition.

 

[Lord Chance]

Worthy project, LC. Too bad it didn't make it to fruition.

I was being helped by a promising young programmer. Progress was slow and he finally had to go off to college. I offered to let him take the project with him but he assured me he would help me finish on summer break. He never returned. It seems he fell in love and family happened. Then I lost track of him. The project never made it past alpha and then somewhere along the way I lost the originals and backup. I really wish he had taken it and finished. It might have helped make him a little money.