The Internet Crime Complaint Centre in America receives a lot of reports from individuals who have received extortion attempts via e-mail related to recent high-profile data thefts. The recipients are told that personal information, such as their name, phone number, address, credit card information, and other personal details, will be released to the recipient’s social media contacts, family, and friends if a ransom is not paid. The recipient is instructed to pay in Bitcoin, a virtual currency that provides a high degree of anonymity to the transactions. The recipients are typically given a short deadline. The ransom amount ranges from 2 to 5 bitcoins (up to £1,000). This problem is not confined to just America.
The following are some examples of the extortion e-mails:
“Unfortunately your data was leaked in a recent corporate hack and I now have your information. I have also used your user profile to find your social media accounts. Using this I can now message all of your friends and family members.”
“If you would like to prevent me from sharing this information with your friends and family members (and perhaps even your employers too) then you need to send the specified bitcoin payment to the following address.”
“If you think this amount is too high, consider how expensive a divorce lawyer is. If you are already divorced then I suggest you think about how this information may impact any ongoing court proceedings. If you are no longer in a committed relationship then think about how this information may affect your social standing amongst family and friends.”
“We have access to your Facebook page as well. If you would like to prevent me from sharing this dirt with all of your friends, family members, and spouse, then you need to send exactly 5 bitcoins to the following address.”
Fraudsters quickly use the news release of a high-profile data breach to initiate an extortion campaign. In many cases, the extortionists don’t have access to your confidential information – but in some cases they do.
TIPS TO PROTECT YOURSELF:
- Use strong passwords i.e. ones that are difficult to guess or to crack
- Use multiple passwords rather than one for everything.
- Do not open e-mail or attachments from unknown individuals.
- Monitor your bank account statements regularly, as well and as your credit report at least once a year for any fraudulent activity.
- Do not respond to unsolicited emails.
- Do not store sensitive or embarrassing photos of yourself online or on your mobile devices.
- Never provide personal information of any sort via e-mail. Be aware, many e-mails requesting your personal information appear to be legitimate.
- Ensure security settings for social media accounts are turned on and set at the highest level of protection.
- When providing personally identifiable information, credit card information, or other sensitive information to a website, ensure the transmission is secure by verifying the URL prefix includes https, or the status bar displays a “lock” icon.