What do cyber extortion attacks consist of?
Most often we receive an e-mail sent to ourselves from our own e-mail account or from an unknown e-mail address. In this e-mail the cybercriminal alerts us that he has had access to our devices and, therefore, has both images and videos of us in compromising or even sexual attitude, as well as the data of our history of pornographic searches on the Internet.
After calling our attention through this very disturbing communication, he demands that we urgently pay a certain amount by transfer to a cryptocurrency wallet (i.e. virtual currency account that is difficult to trace, such as bitcoin).
Following this request, he threatens us that if we do not do so, he will reveal these images, videos and other data to all our contacts or make them public on the Internet.
How can we avoid this?
- Applying common logic: Let’s take some time to think about whether it is possible for a cybercriminal to have that kind of material and information about us.
- Golden rule, be wary of everything: Even if it is possible, we must first of all be wary and not panic. Given that these communications are more common than we might think and in most cases are totally random cyber-attack campaigns. They are launched to a large number of users internationally, until a percentage of people get scared and agree to pay.
- Report it: If we have received the e-mail on a personal level, we must report the cyber-attack to our provider of this service (Microsoft, Google, Yahoo, etc.). If we have received it in the workplace, it is our obligation to notify as soon as possible the IT Department or the IT Manager, the CISO and the DPO (if these last two positions exist in our company or entity).
IMPORTANT NOTE: In either of the two cases described in the previous section, we recommend reporting it also to the police authorities, so that they can conduct an investigation and stop these cyber-attack campaigns or even find the criminals behind them.