Running into extortion emails? Don’t panic

The rundown on extortion style phishing attacks

black and yellow poison sign

We discuss phishing mails frequently at Bytagig. For good reason, they’re both frightening and dangerous. But among this family of social-engineering schemes a nefarious, quite personal phishing email type: extortion emails/messages.

These are worth addressing because while they operate with the same intent: to get money or information, they attempt to accomplish their goals by exploiting personal information. Information that is intimate, personal, or even embarrassing in nature.

Sometimes the emails are vague in nature with sweeping claims about “monitoring,” but other times identifiable info is used, such as a password, address, or even personal contact. That’s when alarms go off, because when you see info like that, certainly you’re willing to believe you’ve been seriously compromised.

What’s in the message

Even I’ve been a recipient of an extortion email. And, to my shame, I briefly believed the contents, only because there were tiny kernels of believability in the message. For example, the message explained I’d been monitored for several months. And somehow the sender had access to the operating system/email contacts.

The reason I gave it some thought is because it’s the nature of ransomware and networking monitoring: hackers do often infect systems, unknown to the users, before launching an attack. The rest of the message threatened to publish personal details to various contacts, and thus the extortion aspect came into play.

Funny enough, when a threat attacker claims to have “control over the operating system,” you wonder why they wouldn’t just ransom the entire system itself?

Extortion techniques

In that brief example, you get the simple DNA of an extortion email. The difference being the subject matter. Often, these emails attempt to persuade action by threatening with personal details. Let’s be real here, they might suggest they have records of you visiting an adult website. Or, maybe you talked about personal details with a friend/relative over email.

That’s right, they’re attempting to shame you into paying a ransom. It’s a clever scheme, because obviously, no one wants personal details published online or to random strangers. It’s one thing to have information you can control published. A password, for example, is changeable. But personal details? That can feel quite scary.

Legitimate or not?

The big question, of course, is whether or not the extortion email in question is in fact legitimate. In a majority of cases, no. If, for instance, an email claims to have control over your systems and access to contacts, why would you be warned? Why would the threat actor not take advantage of that control (because that’s effectively your entire system) and leverage it?

But here’s the thing, extortion emails tend to use vague, sweeping threats with a lack of specifics. True, there are times where they might have a password and/or email you’ve used in the past, but it’s far likelier those credentials were discovered in website breaches. Said breaches are an unfortunately common occurrence, though that doesn’t mean you should panic. Fear is what the attacker relies on for you to make an impulse decision.

But the fact of the matter is, a ransomware attacker or malicious party isn’t going to sit around and threaten you with an email. They’ll actively demonstrate they have access or control to a system before they leverage it. For example, if you’ve got a trojan, you’re going to notice significant changes in your PC system (performance slowdowns, wallpaper altered, unusual visual changes). Otherwise, like most phishing and social engineering schemes, it’s hot air.

Taking precautions

Ultimately, though, there’s nothing wrong with caution. And, if you feel there are legitimate reasons to believe your info is compromised in some way, precautions are good to take.

Doing a full scan with anti-virus software will do a lengthy, but extensive, check of your system to detect irregularities. If the password in question is used for important websites, change it ASAP. Set up two-factor authentication as well if you haven’t already. It may also be prudent to make a backup of your data and do a fresh install of your operating system. 

Remember, extortion emails will attempt to use very personal information to succeed. However, never respond to them, click on any links within the message, or pay the demanded ransom.

If you’re still experiencing trouble, you can reach out for help. Contact Bytagig to learn how we can assist you.

Share this post: