“Amateurs hack systems, professionals hack people.”
What do cyber extortion attacks consist of?
Most often we receive an e-mail sent to ourselves from our own e-mail account or from an unknown e-mail address. In this e-mail the cybercriminal alerts us that he has had access to our devices and, therefore, has both confidential information and all our passwords.
After calling our attention through this very disturbing communication, he demands that we urgently pay a certain amount by transfer to a cryptocurrency wallet (i.e. virtual currency account that is difficult to trace, such as bitcoin).
And following this request, it threatens us that if we do not do it, it will make public all our information and passwords, so that other scammers can use them. So it only leaves us the option to choose between trick or treat.
How can we avoid this?
- Golden rule, be wary of everything: Even if it is possible, we must first of all be wary and not panic. Given that these communications are more common than we might think and in most cases are totally random cyber-attack campaigns. They are launched to a large number of users internationally, until a percentage of people get scared and agree to pay.
- Perform a technical review of the devices: This can be done by using antivirus programs that can track possible unauthorized access to the computer or cell phone and installation of malicious programs or applications. And in the case of compromised passwords, we recommend you to use https://haveibeenpwned.com/ which is a website that allows us to check if we have accounts or profiles accessible via the Internet, in which the password has been stolen due to a cyber attack. So we can change it immediately or delete the profile, if we no longer use it.
- Ask experts before responding to the cybercriminal or making payment: In the case of our readers, you have the option of contacting us by replying to any of the weekly SECURE&TIP emails you receive and we will answer your questions free of charge, whether they are personal or professional.
- Report it: If we have received the e-mail on a personal level, we must report the cyber-attack to our provider of this service (Microsoft, Google, Yahoo, etc.). If we have received it in the workplace, it is our obligation to notify as soon as possible the IT Department or the IT Manager, the CISO and the DPO (if these last two positions exist in our company or entity).
IMPORTANT NOTE: In any of the cases described in the previous section, we recommend reporting it also to the police authorities, so that they can carry out an investigation and stop these cyber attack campaigns or even find the criminals behind them.
*Date of shipment: October 27, 2025