Blackmail – A Message from IT360 President Don Dawson

I have received my share of emails that try to blackmail me into paying a sum of money to keep my network safe or my “secrets” from getting out (examples below).   These emails usually include one of your current or previous passwords in the subject line to get your attention. They go on to explain in detail that the sender has your password and has compromised your privacy or security in some way. The email usually also provides a time frame and amount of money by which you can make this all go away.   If you do not pay the designated amount by the deadline, they release the information to your contacts, significant other and the list goes on.

How did they get your password? The password you see in the subject line is usually a password you have previously used or are currently using, and that’s what makes the email seem legitimate.  Data breaches of large organizations are happening at a staggering rate.  These data breaches also include username and passwords account holders.  In 2018 alone, over 350 million records have been stolen from companies such as:

These stolen account details are then posted on the dark web to be obtained either for free or a small fee.  Once others get access to these account details, they use the information in emails to guilt or coerce people into sending them money.

The emails are also sensitive in nature for a reason.  This can make it somewhat embarrassing to reach out and ask if the email is legitimate.  The chance of paying may rise because of this.

At the end of the day, these emails are scams.

What should you do?

  1. At IT360, we understand that sending these emails in through a normal ticket may not be the most comfortable thing to do.   When you receive these questionable emails that are sensitive in nature, pick up the phone.  You can ask for me directly or any other IT360 employee you feel comfortable with.   We may ask you to forward it to us directly so we can review and talk with you about next steps.
  2. Don’t use the same password for multiple sites/accounts. Use unique password for each account.  It is just good security practice.
  3. Change your password on sites every so often – every 6 months on social media sites and probably more frequently on any financial accounts.

I have received numerous calls from clients asking about these emails.  The conversation they have with myself or any IT360 employees will always be confidential.  I am also posting links to the scam emails I have personally received so you can see some examples that are out there right now

Example One Example Two

President, Transportation Company

Your technical support team has always been able to handle our needs quickly, efficiently, and patiently. We appreciate your timeliness and the hours you have saved us. It is great to know that we have people at IT360 capable to provide solutions to our problems.

President, Transportation Company

Recent
Technology News

IT360 News
Vaccine Research Companies are the Target of New Ransomware Attacks

The U.S. Treasury Department’s Financial Crimes Enforcement Network (FinCEN) warns financial organizations to be aware of campaigns actively targeting vaccine companies If you’re a ransomware gang and you want to maximize your ransom, who do you attack? An organization working feverishly to potentially make billions of dollars via a desperately needed vaccine, of course! Take […]

Read more
IT360 News
[HEADS UP] Allowing Site Notifications Can be Very Costly

Krebs on Security reported that there have been an increasing number of websites asking visitors to approve ‘notifications’. In most cases these notifications are not malicious, but several firms are paying site owners to install notification scripts to sell to scammers. Normally, a website will ask permission to send notifications (as long as you approve […]

Read more