You’ve definitely heard the word Extortion before, probably in some FBI movie or CSI episode. So we know its bad! But what exactly is it?
Extortion is the term used when criminals have unlawfully obtained money, property, or services from another by threatening or forcing them. A familiar word often involved in extortion is blackmail. There are a variety of ways that a criminal could look to extort you online. Criminals are normally looking for you to sign something, hand over a document, pay them, give a false reference or even post a review or a statement that is actually a lie.
Here are some examples of extortion:
Criminal: “If you don’t sign off this insurance claim, I will contact your bank and provide them with evidence of your fraud”.
Victim: “But I never did that!”
Criminal: “I have hacked into your network and stolen the top secret plans for your company’s new product. If you don’t pay me in bitcoin by the end of the day I will post the plans online and you will lose your job”
Victim: “ But I don’t have any bitcoin!”
Criminal: “I have planted malware in your network. If you do not resign as the company CEO I will activate the malware and your databases will be wiped clean”
Victim: “But we haven’t done a backup in months!”
Somehow, the criminal has always managed to get their hands on evidence, break into a system or plant something incriminating. But how do they do it? They could have used a phishing or ransomware attack, hijacked equipment or networks or even posted multiple negative reviews online (under pseudonyms) to ruin your brand.
Nokia’s blackmail blunder
A few years ago, a hacker reportedly broke into the Nokia network and stole the source code for Symbian, Nokia’s Smartphone operating smartphone. If this was leaked, it would allow cyber criminals all over the world to infect millions of smartphones with Malware. Nokia agreed to meet the hackers in a parking lot with the multi-million dollar ransom but simultaneously tipped off the authorities. Unfortunately, the police botched the operation and the hackers escaped with the cash.
How can I protect myself?
So if you find yourself in the position where you feel you are being extorted, what can you do? Take the following steps to protect yourself:
- Inform management and the authorities that you are being blackmailed
- Remember that paying the criminal probably won’t stop them but you also shouldn’t confront them… rather cease all contact
- Make sure all of your devices have security solutions installed and filters have been applied to your email accounts to block their address (insert some examples, ie Anti-virus, Endpoint, Firewall, etc, etc)
- Ensure that the privacy settings on your social media accounts are always as restricted as possible (no friends of friends!) and block those you suspect on the platform. Don’t report them as this will result in all of your proof being deleted
- Speaking of proof, collect as much evidence as you can. In this instance, the screenshot is your friend.
- Change ALL of your passwords to be strong and unique that check all the boxes…. Caps and small letters, numbers, special characters and at least 12-14 characters long. Then go ahead and make sure that all of your accounts and devices are password protected.
- Make sure that you have something covering your webcam… creepy people could be watching.
- Lastly, another good idea would be to do a google search of your name on a device that doesn’t know you and set up notifications to come to you when your name appears online. [insert link to Google Alert on your name]
If you are being threatened, remember that agreeing to pay will probably only make matters worse. The best thing you can do is to immediately report the suspected crime. How do I do that, you may ask? Check out the below information:
Collect all your evidence to prove that someone is blackmailing you. The threat itself, screenshots, call logs, their allegations, etc. The more evidence, the better.
Report the event to the local authorities as per the South African Police Service. Thanks to the Amendment Act of 2012 and the Prevention and Combating of Corrupt Activities Act, 2004 (Act 12 of 2004). You can do so by contacting the Directorate for Priority Crime Investigation (“DPCI”) on CorruptionReports@saps.gov.za or on 012 846 4590.
While you are in the process of reporting it, make sure you play it smart with the extortionists. Don’t poke the bear by aggravating them! Remember, when it comes to protecting yourself online, prevention is better than cure! Rather make sure that all networks, devices and documents are properly protected and always back-up your data to make sure no one ever has a way to ensnare you.