An email notification pops up on the phone screen. This is something that happens numerous times a day and is usually met with a quick swipe and ignore. Today, however, something was different. You don’t recognize the sender and the preview of the contents of the email reads like an iRobot script. “I am well aware (insert password) is your password. Let’s get right to the point.” Panic ensues, that password, how did they get that password? Continuing to read, you are hit with wave after wave of raw fear and shame. This person claims to have recorded you doing something shameful that if leaked would ruin your social and business endeavors. As your heart races, you are presented with two options: “Ignore the email and the video is leaked or pay this person a ransom to have the videos deleted.” Your mind races, you don’t remember doing what they said you did but what if, what if? You imagine a person in a dark hoodie in a dark room staring at their computer screen with malicious intent. They must be going through all your personal data. You have become the victim of what is known as an extortion email scam.
I feel violated!
Since 2018, complaints regarding situations just like this one have risen 242% according to the FBI, with total losses of 83 million dollars. Most of the reported emails specifically centered around the release of a compromising video of a person to friends and family. Shame can be quite the powerful tool, it can cause people to make rash decisions and these malicious entities prey upon it.
Let’s break down these types of emails to better prepare ourselves for situations like this. The opening sentence of an extortion email is written to get attention, it usually contains some sort of personal data. In most cases, this data is a password. You may ask, “How can someone possibly get my password, I mean it’s specific to only to me?” The most common way usually involves a breach with a company whom you may have an account with already.
What can I do?
An easy way to find out if your personal information has been breached is to visit www.haveibeenpwned.com and put in your email address. The HaveIBeenPwned website will provide you with detailed information around the breaches that your account has been associated with.
What if I have been breached?
If your password is still in use, go to your accounts and change it. Changing your passwords regularly and using a password vault are great ways to prevent and mitigate these risks.
This and other recommendations can be found at our website https://cybersecurity.nmhs.net/security-resources/.