Tips To Remain Safe Issued by ACCC
Virus infection, ransomware, phishing or cryptojacking malware are not the only techniques that cybercriminals used to earn money from their victims, a classic case of crimes works too. One such successful technique is extortion, a pure threat against someone’s information in exchange for money. This classic scam, when used through an Internet medium such as email, instant messaging apps, and video conferencing programs are considered cybercrimes as well.
The threat actor will claim that they have in their custody evidence that the ‘victim’ has engaged in child porn or other online criminal activities. Such threats were issued primarily as just bluffs and using clever psychological techniques can convince a gullible victim into believing the threat is real. Also, known as ‘appeal-to-emotion’ method of persuasive art, paired with advanced phishing exploits. The extortion email will ask for money in order for the threat actor to remain silent about alleged illegal activity of the victim, they will then add to the email some captured passwords of the victims. This makes them believable, as the victims were originally been affected by an espionage activity, which made the threat actor aware of their real passwords to the web services they frequent.
The same type of extortion issue has been very prevalent in Australia; the severance has been recognized by its Competition and Consumer Commission. With common sense being the decision compass of a user, no one will believe the extortion threats, but the moment that persuasive evidence like a sample footage of a crime allegedly perpetrated by the target victims is shown, it is an effective tool for them to trigger anxiety attacks which leads the victims to just pay the extortion fee.
Below is one sample as provided by the eSafety Commissioner site:
Lets get directly to the point. <#@$%&> is your pass word. You do not know me and you are most likely thinking why you are getting this email? Absolutely no one has compensated me to investigate about you.
Well, I installed a malware on the X video clips (pornographic material) site and you know what, you visited this site to have fun (you know what I mean). While you were viewing videos, your browser began functioning as a RDP with a keylogger which provided me with accessibility to your screen and web camera. After that, my software gathered your complete contacts from your Messenger, social networks, and e-mail account. And then I created a double video. First part shows the video you were viewing (you have a nice taste hahah), and next part displays the view of your cam, yeah its u.
The nasty and distasteful message such as the example above can trigger the appeal-to-emotion weakness of a person. This is especially true if they are easy to convince and unable to determine the facts on their own.
The Australian e-Safe Site has compiled a list of options open for people to check-out, in order to lessen the chances of falling for extortion scams. Below are their tips:
- Don’t give them any money or give in to any other demands—this is very important as paying any sum of money will only result in more demands.
- Don’t reply to the scammer and block the email address that’s contacted you.
- Delete the scam email from your inbox.
- Secure any online accounts associated with the password included in the email, and remember to update these regularly.
- Make sure anti-virus software is installed on your device and is up to date.
If the scam email is from an Outlook email address (in our experience many are) – report the email address to Microsoft. You’ll find instructions on how to report Outlook accounts as phishing scams and abuse here. If the email address is from a different provider, the major email platforms generally have clear advice online about how to report a user.