Businesses are facing challenges that no one had even thought of ten years ago. Naturally, cyber security is the best example of that. The phrase “cyber security” encompasses a whole host of issues. So, what’s the latest one that business owners should be aware of? Sextortion.
Sextortion is a new phrase that refers to a form of online bribery. Essentially a cyber criminal targets an employee and claims to have evidence that they have been watching porn on their work computers. In exchange for keeping that information quiet, the criminal demands payment in the form of cyber currency.
Usually a sextortion scheme begins with an email claiming knowledge of the recipients porn habits, and webcam footage of them viewing these sights while at work. Often a zipfile is included which claims to be evidence of the video footage, but when that file is clicked on it often releases malware that locks down the computer until the ransom is paid.
This new phenomenon was detailed in a recent report by Beazley Breach Response (BBR) Services. “BBR Services is seeing sextortion emails being sent to individuals in multiple countries, including the UK, and across different industry sectors, from SME to large business,” said Helen Nuttall, international breach response manager at Beazley. Nuttall continued to say that:
“They are sent in the recipient’s local language, and often include reference to passwords known by the user…These emails are convincing as they often appear to come from within the individual’s own email account. This immediately makes the recipient believe that the account has been compromised. Combine this with the fear of potentially humiliating content being distributed to your friends/family/colleagues, it is easy to see why people are lured into paying the bribe.”.
At its core, sextortion is no different than any other form of email phishing. It just tends to be more successful because of the embarrassing personal nature of the accusation. To avoid this employees simply need to follow the same protocol they do to avoid normal cyber security breaches—don’t click on links from people you don’t know. It’s as simple as that.
Sources: Insurance Journal