Businesses are facing a new cyber threat no one had even thought of ten years ago. Naturally, cyber security is the best example of that. The phrase “cyber security” encompasses a whole host of issues. So, what’s the latest one that business owners should be aware of? Sextortion.
What is the New Threat?
Sextortion is a new phrase that refers to a form of online bribery. Moreover, a cyber criminal targets an employee and claims to have evidence that they have been watching porn on their work computers. In exchange for keeping that information quiet, the criminal demands payment in the form of cyber currency.
How Does this Happen?
Usually a sextortion scheme begins with an email claiming knowledge of the recipients porn habits, and webcam footage of them viewing these sights while at work. Then, a zip file is in there which claims to be evidence of the video footage. But, when they click on that file, it often releases malware that locks down the computer until they pay the ransom.
So, this new phenomenon was in a recent report by Beazley Breach Response (BBR) Services. “BBR Services is seeing sextortion emails being sent to individuals in multiple countries, including the UK, and across different industry sectors, from SME to large business,” said Helen Nuttall, international breach response manager at Beazley. Nuttall continued to say that:
“They are sent in the recipient’s local language, and often include reference to passwords known by the user…These emails are convincing as they often appear to come from within the individual’s own email account. This immediately makes the recipient believe that the account has been compromised. Combine this with the fear of potentially humiliating content being distributed to your friends/family/colleagues. It is easy to see why people are lured into paying the bribe.”
How to Avoid It
At its core, sextortion is no different than any other form of email phishing. It tends to be more successful because of the embarrassing personal nature of the accusation. So, to avoid this employees simply need to follow the same protocol they do to avoid normal cyber security breaches—don’t click on links from people you don’t know. It’s as simple as that.
Sources: Insurance Journal