Slayton's Technology Services
Your Technology Partner
Extorsion emails use fear to blackmail users • By: Gabriel Slayton
It wasn't long ago that email users were accustomed to receiving chain email messages. In the days of early email, these messages were more of an annoyance to the user and made administrators furious due to hard drives having a capacity of 6GB (gigabytes). It didn’t take long for emails to fill up an email server. I remember as a student that my email mailbox size was 5MB (megabytes). Today, users can sign up for a free email service with storage starting at 15GB on sites like outlook.com.
With the explosion of the internet, everything we need to do, can be done online. We can do anything from pay our bills, to post cute pet photos. While these activities can be viewed as innocent by themselves, users need to create accounts to manage their bank account and photos. One thing users don’t pay attention to, is how their data is stored. Are their usernames and passwords stored on a database open to the world? Are their credentials hashed or encrypted? While the average user doesn’t worry about this, hackers are too familiar with lazy coders and will use the opportunity to steal credentials along with email addresses.
What do storing credentials have to do with extortion? First, when a data breach happens and before users are notified to change their passwords, hackers use the opportunity to steal what they can from the compromised accounts. After all the loot is stolen, it used to be the end of the breach. Now, hackers will use the old data breaches to mass email the users a script that paints a story that they have been in a user’s system for some time now and will email every user some compromising photos they “found” on their system unless the user or victim sends them a form of cryptocurrency.
In reality, there is likely no recent breach of a prospective victim’s computer. The extortionist will instill fear in the potential victim so they quickly send the extortionist the money or bitcoin.
Here are some things to look out for:
1. Look at the source of the email. Do you have a relationship (personal or business) with the sender?
2. Often times extortion emails will begin with a back story like this: Hi. How are you? I know, it's unpleasant to start the conversation with bad news, but I have no choice. Few months ago, I have gained access to your devices that used by you for internet browsing. Afterwards, I could track down all your internet activities.
Slayton’s Technology Services offers managed malware removal as well as email services that will secure you from messages like this.
Be safe out there!