Cyber Extortion, Threats and Blackmail Increasing in Times of COVID-19

Image credit: Pixabay

Email scams, blackmail and cyber extortion increasing in times of COVID-19: how to recognise fraudulent behaviour and protect yourself

The world is going through tough times during the COVID-19 pandemic. Many are suffering from the infection, others have tragically lost their lives and loved ones. It seems that these desperate times have indeed forced an increasing number of people into unethical behaviour. Hackers, or cybercriminals, are taking advantage of this situation through various means including cyber extortion, email phishing, blackmail and even scams via pornography websites.

Is cyber extortion considered a crime?

In short, yes. In many countries around the globe, online extortion is indeed a criminal act. In the UK there is a host of legislation to provide guidance to law enforcement and prosecutors including the Malicious Communications Act 1988, Criminal Justice and Courts Act 2015 and the Communications Act 2003. These Acts provide a broad cover for malicious and offensive communications. Cyber extortion, combined with other related criminal activities, have various laws in different countries.

Why have cybercrime and cyber extortion increased during COVID-19?

Following recent news coverage it seems that, while much of the business world is still suffering under COVID-19 lockdown and social isolation restrictions, the online world has seen usage vastly increase and therefore so have opportunities for illegal activities.

What is cyber extortion?

Cyber extortion is also known as online corruption. Cyber extortion is extorting money (or even online favoUrs) from someone by threatening to reveal evidence of their online activity through means like videos or images. Cyber extortion is one of a growing form of online extortion methods.

Let’s first understand it in the view of cyber laws. Victims of cyber extortion are mostly adults but they can also be younger individuals. Scenarios of cyber extortion include a criminal demanding that the victims provide them something of personal value, such as personal information, in various ways. The result is that the victim is blackmailed either by threats, harm, or perceived embarrassment. For example, the victim may be threatened with releasing and distributing sensitive information if they do not comply with the hacker’s demands.

How cyber extortion works

It all begins with an email or social media message from an unknown user. They might send such an email to your office email address since these are often more publicly available. The content generally follows the pattern of informing the user that the sender has your email account password followed by subsequent email aimed at creating a victim mentality, whether true or not. This may include explaining how the perceived hacker has installed malware, such as a Remote Access Trojan (RAT), on your computer before extorting a financial demand.

Cyber extortion: example scenarios

In many cases, criminals target victims on social media websites. Most of the time, they engage their target via a false profile and use friendship, romance, flattery, and manipulation to entice a potential victim to communicate. Next, the extortionists attempt to acquire personal information, such as full name, residential address and email address. Then, they will attempt to use this information to hack into their target’s online accounts or behave as if they have already accessed their profiles and compromised their online security.

The ultimate goal of cyber extortionists is to create the perception of control in their victims and use this to exploit them, such as wiring financial funds to an anonymous account. Often, the extortion demands involve the threat of posting personal information, including sensitive videos and photographs, online.

In cybercrime instances, the offenders may hack into the victims’ computers by tricking them into accepting a malicious code that allows remote access. They will then exploit this access to obtain personal information, such as financial account information, which they threaten to distribute unless the victim complies with their demands.

In a cyber extortion or email phishing scam, a cybercriminal emails thousands of potential victims, seemingly out of the blue, to claim that they have installed malware on their device. The focus of this threat is to trick the recipient into believing that the hacker has therefore been able to keep tabs on the victim’s online activity. They go on claiming that they’ve taken screenshots of the victim’s online activity and hacked their webcam to make video recordings.

Is there any reason to believe such an email?

Certainly not; it is purely a psychological game. It is purely emotional blackmail, and while they may have acquired one of your old passwords or your phone number as a proof, it is unlikely your security has been compromised. Remember that cybercriminals can indeed gather personal information from different data sources via mass data breaches of a single website.

How to respond to a potential phishing scam?

Quite simply, do your best not to respond to an email or even open it. If you do indeed reply to this email, you are taking the first step to enter their trap. Rather, simply delete these offending emails and review your account security as a precaution. Two-factor authentication (2FA) is an excellent added security tool to increase your security.

Many of our relatives and friends may have indeed received such emails as these and subsequently undergone emotional trauma. Even if the victim has not had their online security breached, many times there is a good chance that they will feel scared nonetheless.

The best defence is to keep up-to-date with the latest cybercrime tricks and techniques while periodically reviewing your online security.

• On its Second Anniversary let’s Redistribute GDPR fines to give a Brighter Future to Disadvantaged Schoolchildren

• Employee Wellbeing is Now Critical – the Case for Work Distancing