By Amer Owaida
What are some common strategies cybercriminals employ in extortion schemes and how can you mitigate the chances of falling victim to a cyber-shakedown?y
When it comes to coercing
people into parting with their money, cybercriminals seem to have an bag of
tricks to choose from. There are some tricks, that they favour more than
others, one of which is extortion. According to the FBI’s
latest Internet Crime Report, US victims of extortion lost
some US$107.5 million to these crimes last year.
One thing to keep in mind
is that
blackmailers won’t just stick to one trick but will employ multiple flavours of extortion to try to force their victims into doing their
bidding – be it paying them a handsome sum or even performing tasks on their behalf.
Ransomware
Ransomware is by far one of
the best-known examples of extortion employed by hackers around the globe,
with targets ranging from companies, through governments to individuals. The
basic premise is that your device will be infested by ransomware using one
of the various tactics hackers employ, such as duping you into clicking on
a malicious link found in an email or posted on social media or shared
with you through a direct instant message.
After the malware makes its
way into your device: it will either encrypt your files and won’t allow you
to access them, or it will lock you out of your computer altogether, until
you pay the ransom. It is also worth mentioning that some ransomware
groups have added a new functionality; a form of doxing wherein they
traverse your files looking for sensitive information, which they will threaten
to release unless you pay them an additional fee. This could be
considered a form of double extortion.
Before wondering
whether to pay or not, you should check if a decryption tool has been
released for the ransomware strain that has infested your device; also,
the answer is: don’t pay. For additional advice on protecting against
ransomware attacks, you can check out our excellent, in-depth
article Ransomware: Expert advice on how to keep safe and secure.
Hack and
extort
The title is pretty much
self-explanatory, but to make things abundantly clear, the extortionist
will infiltrate your device or online accounts, go through your files
looking for any sensitive or valuable data,and steal it. Although it may echo
ransomware in some respects, in this case, the breaking-and-entering of
your device is done manually and the cybercriminal will have to invest time and
resources into doing so. Well, unless your password was part of
a large-scale data breach, in which case the effort put insignificantly
drops. The successfully targeted individual then receives an email in which the
criminal tries to coerce the intended victim into paying by threatening to
expose this data, listing examples for added effect.
To protect yourself, you
should consider encrypting your data and adequately securing all your
accounts using a strong passphrase, as well as
activating two-factor authentication whenever it is available.
Sextortion
Sextortion is exactly what
it sounds like: extortion via some kind of threat of exposure of sexual
material about the target. Extortionists who take part in sextortion can
go about it in several ways. It can start as an apparent romantic
dalliance through a dating platform, until the criminal gains their victim’s
trust, convincing them to leave the platform for a regular messaging service.
This is done to avoid triggering the security mechanisms dating apps use
to detect potential scammers. Once off the dating platform, they will try to
coax the target into sharing some risqué or intimate photos or even videos,
which will then be used to blackmail the victim. Alternatively, hackers
can opt for hacking a victim’s computer and hijack their webcam to
secretly watch and even take salacious snapshots or voyeuristic videos of them American
model and former Miss Teen USA Cassidy Wolf fell victim to such
sextortionists.
Sending any kind of risqué
photos to anyone is ill-advised. That applies even to someone you trust,
since you can’t rule out that their devices or accounts aren’t
compromised, and the sensitive photos leaked or that your current level of
trust in them might change or is otherwise misplaced. As for mitigating
the chances of being hacked, you should keep your devices patched and
up-to-date as well as use a reputable security solution.