IN-HOUSE PREVENTION

Let’s Talk About Sextortion: What Every Employee Should Know

2021-01-07

Blackmail is a common practice among cybercriminals. Although most of the threats are usually fake, many employees lack enough knowledge and are easily taken in. Therefore, it’s crucial to constantly raise awareness and talk about online scams – including sextortion.

“Hello, my friend. You don’t know me, but I know you very well. Better than you’d expect. This is your password, right?” Emails like this often land in employee mailboxes. The mysterious blackmailer usually claims to have stalked the recipient via their webcam while they were watching some adult content, forcing the addressee to pay their way out of trouble, or else the hacker will tell their family and co-workers. These threats are petrifying enough that recipients often don’t want to risk anything and will pay the desired sum. How can you prevent your employees from falling for sextortion scams?

 

 

1. Explain How Social Engineering Works

Sextortion scams are mostly swindles. The extortionists try to look real, believable and confident, just to get under the employee’s skin and scare them. Therefore, make sure all employees know the basics of social engineering tactics and are aware that an email with the very same wording has probably been sent to many other email addresses.

 

2. Describe the Golden Age of Sextortion Scams

Everyone in the company should know that extortion scams are on the rise, since modern technologies make it easier for cybercriminals to spread them. A shining example of how hackers misuse technology and a crises to spread scams is the COVID-19 pandemic. As many companies shifted toward remote work and home offices, where employees were not protected by the corporate network, the number of web threats increased.

 

Recent ESET Threat Report showed that the number of malicious and fraudulent websites blocked in Q1 of 2020 increased by 21% compared to Q4 of 2019, including sextortion scams. Cybercriminals, for example, threatened to infect the victim and their family with coronavirus for non-compliance. Share such examples with your team, identifying the main characteristics of such scams. 

 

3. Make Clear What the Attacker Wants

Also, your employees should know that the main purpose of sextortion emails is to make the victim pay – preferably in Bitcoins, which allows the hackers to collect the money anonymously. Scams are a great business: According to the FBI’s Crime Complaint Center, in 2018, extortion by email caused losses around $83 million, most of them coming from sextortion campaigns. 

 

4. Talk About How Passwords Get Stolen

It can really be that the attacker has got the employee’s password, but that’s probably all they have. Educate you employees on how the password market works, explaining that the hacker probably bought the password on the dark web at a fairly low price – the passwords may have been taken in a data breach. Mentioning a real password is just another technique to make the recipient feel nervous. 

 

Use this opportunity to remind employees of the best practices when creating a strong password or passphrase. Also, explain that the password-selling business is exactly the reason, why everyone needs to change their password every now and then or has to use additional protective factors (2FA/MFA).

 

5. Instruct Employees on How to React to Sextortion Scams

If the password is right, advise your employees not to panic and just change it immediately. Tell them explicitly that they should not send the money, nor reply or click on any links or attachments. Teach your employees that if they fall victim to sextortion scams, they should always inform company IT or internal security departments. And if possible in your country, the incident should be reported (for example, if you’re from the United Kingdom, you can report it online to Action Fraud, and in the US, you can file a complaint on the FBI website). 

 

6. Talk About the Real Threats

If handled carefully, sextortion scams won’t do any harm. But still, your employees should know that there is a way hackers can get into their webcams. Anyways, the cybercriminals wouldn’t be nice enough to tell anyone in an email. Here’s an infographic you can share with your employees to explain how hackers invade their computers.

 

How hackers get into your computer and your webcam

 

7. Raise Awareness About Cybersecure Behaviour 

Knowing what threats are waiting in the online environment, some employees might think covering their webcam with tape will save them. Why not, when even Mark Zuckerberg admitted doing it, and he covers his mic with tape too! Anyway, this is the most superficial solution. It does protect your employees from being seen or even being heard, but their device is still hacked.

 

Introduce more professional ways for employees to protect company devices. Reliable antivirus software with advanced protection against malware, like spyware and viruses, can act as a solid shield in the battle against virtual threats. Also, a firewall that can monitor the traffic on your network and block harmful attacks should be enabled. Teach your employees to use strong passwords and multifactor authentication, too.

 

Last but not least, the most important way to stand up to virtual threats is not being fooled, not just by sextortion scams, but by any online traps. The most effective strategy? Distinguishing real menaces from the false ones.