Business
Focused
Technology

Blackmail – A Message from IT360 President Don Dawson

I have received my share of emails that try to blackmail me into paying a sum of money to keep my network safe or my “secrets” from getting out (examples below).   These emails usually include one of your current or previous passwords in the subject line to get your attention. They go on to explain in detail that the sender has your password and has compromised your privacy or security in some way. The email usually also provides a time frame and amount of money by which you can make this all go away.   If you do not pay the designated amount by the deadline, they release the information to your contacts, significant other and the list goes on.

How did they get your password? The password you see in the subject line is usually a password you have previously used or are currently using, and that’s what makes the email seem legitimate.  Data breaches of large organizations are happening at a staggering rate.  These data breaches also include username and passwords account holders.  In 2018 alone, over 350 million records have been stolen from companies such as:

These stolen account details are then posted on the dark web to be obtained either for free or a small fee.  Once others get access to these account details, they use the information in emails to guilt or coerce people into sending them money.

The emails are also sensitive in nature for a reason.  This can make it somewhat embarrassing to reach out and ask if the email is legitimate.  The chance of paying may rise because of this.

At the end of the day, these emails are scams.

What should you do?

  1. At IT360, we understand that sending these emails in through a normal ticket may not be the most comfortable thing to do.   When you receive these questionable emails that are sensitive in nature, pick up the phone.  You can ask for me directly or any other IT360 employee you feel comfortable with.   We may ask you to forward it to us directly so we can review and talk with you about next steps.
  2. Don’t use the same password for multiple sites/accounts. Use unique password for each account.  It is just good security practice.
  3. Change your password on sites every so often – every 6 months on social media sites and probably more frequently on any financial accounts.

I have received numerous calls from clients asking about these emails.  The conversation they have with myself or any IT360 employees will always be confidential.  I am also posting links to the scam emails I have personally received so you can see some examples that are out there right now

Example One Example Two

We hired IT360 as our computer hardware and software computer consultants when the company first went into business. Since then, they have helped us purchase new software and hardware equipment that we have instituted into the law firm. Any time we needed them to be there they have been. They have solved all of our problems including: stand alone computers, networking issues, Internet access issues, and software. I would highly recommend IT360 to anybody who needs help in these areas.

Partner, Law Firm

Recent
Technology News

IT360 News
‘New VPN Configuration’ Email Tricks Microsoft 365 Users Out of Credentials

Scammers are taking advantage of the prominent use of VPNs by remote workforces to send out this very topically relevant phishing email that just wants to steal your credentials. Nearly one-third of users utilize a VPN to access work-related sites and services. From a cybercriminal’s perspective, that’s a significant chunk of people they can target. The shift to remote […]

Read more
IT360 News
BEC Isn’t Back; It Never Left

Business email compromise (BEC) attacks aren’t new, but they’re growing increasingly effective, according to Zeljka Zorz at Help Net Security. Zorz cites an article from BakerHostetler, in which two attorneys describe how BEC attacks work and why they’re so effective. The lawyers explain that BEC attacks involve targeted phishing attempts coming from spoofed or compromised email […]

Read more