Caution! Sextortion

Sextortion – The Newest Way to Ruin Your Day

Technology INSIGHTSIn this Blog, Mimi explains how she was recently the victim of a sextortion attempt. And, shares the tips she learned from Alvaka Networks’ COO & CSIO, Kevin McDonald, to help keep her safer from hackers in the future.

For years, in our Technology and Healthcare Round Tables we’ve been hearing about the cyber security risks posed by phishing, data breaches, malware and ransomware, that result in shutting down businesses, including hospitals. Just last week I was the recipient of a new twist on this twisted theme.

Here’s my story: I was innocently sifting through my emails when I spotted an unfamiliar name: Darron Parmenter. Now, I don’t know a Darron Parmenter, but obviously he knew something about me, because the only thing in the subject line was one of my original passwords. So I read his email. It was a long one, so I’ll just share the highlights: “It’s so unfortunate. I know that your [password] is your password. More to the point, … I installed malware on the sex sites you visit to have fun (you know what I mean). While you were busy watching videos, your web browser started out working as a remote control desktop having a key logger which gave me access to your display screen and also webcam. Just after that, my software program gathered all of your contacts from your messenger, Facebook, as well as email, and made a double display video. First part displays the recording you were watching and second part shows the view from your web camera (it’s you doing nasty things).”

Now at this point I knew Darron was barking up the wrong tree, because I sincerely doubted Downton Abbey could be classified as a sex site, and I certainly wasn’t doing ‘nasty things’ watching it. But I read on as Darron gave me 2 options: “First Option is to ignore this message… [and] I will send your video to your contacts including family members, colleagues, and so forth… [or] Second Option is to pay me $1000. We will call it my ‘confidentiality tip.’” Of course he wanted his tip in bitcoins. His email concluded, because of the “…special pixel within this email, and at this moment I know that you have read this message, you have two days in order to make the payment. If I do not get the BitCoins, I will, no doubt send your video to all of your contacts….”

After taking a deep breath, I picked up the phone and called Oli. Oli Thordarson is the CEO of Alvaka Networks, who’s been an ABL Member for over 20 years, and our network-wide EXPERT on all things related to computer malfunction, including how to prevent and react to hacks. I reached Oli in his car and he immediately patched me through to Alvaka’s COO and Chief Information Security Officer, Kevin McDonald. Turns out Kevin’s also a Member of the FBI InfraGard, Orange County Homeland Security Advisory Council, US Secret Service’s LA Electronic Crimes Task Force, and Chairman of the OC Sheriff/Coroner’s Technology Advisory Council. In short, a good person to have on your side of the keyboard.

First thing Kevin shared was he’d heard about this scam from the FBI folks several weeks ago, so he wasn’t surprised to hear that I’d been targeted. And while I was safe from the possibility of creepy hackers sending out sex tapes of me doing “nasty things,” others might not be. Kevin figured about 2% of the population does what Darron suggested, and those folks might be freaked out enough to actually shell out bitcoins to protect themselves. In the meantime, obviously, one of my password/user name combinations HAD been stolen – likely when three billion were hacked out of Yahoo years ago. So Kevin gave me 5 recommendations:

1) Go to haveIbeenpwned (that’s PWNed, which is gaming slang for “owned”) to check if you’ve been breached. (I had been 4 times.)

2) Identify all the sites that might be using the password in the subject line. (I found 5 of them.)

3) Change out those passwords! Our Tech Member, Jeff Broudy, CEO of PCIHIPPA, which helps their clients stay compliant, mentioned how frequently they see passwords among the 100 most common – like “123456” or “password” – used in doctors and dentists’ offices. So you want to ensure your password isn’t on the list of the most common, which you can Google. And our Healthcare Member Catherine Dodd, suggested that long phrases with adjectives or nouns that can be regularly changed and remembered by you – are particularly good. Like, “Ilovewatchingfootballinthefall!”

4) Kevin also recommended saving passwords using sites like LastPass or 1Password so you can keep all your passwords in a “vault” requiring 2-factor authentication to access. I also learned firsthand, you can do this with your Google Pixel phone, too. So you probably can safeguard most of the other smartphones, too.

5) Then he urged me to freeze my credit with all three main credit reporting agencies: Equifax, Experian (which was also hacked), and TransUnion. This one takes a little time, but after hearing horror stories from our Members, including one this week – about having to reclaim his identify and prove he was still alive, it’s worth the effort.

6) Last, Kevin also told me about Miss Teen USA, whose camera on the computer in her bedroom really was hacked. With further research I discovered Cassidy Wolf was one of hundreds who were spied on using “Blackshades,” a “cheap and accessible software used to hijack computers remotely.” In Cassidy’s case the creep on the other side showed her compromising pictures taken in her bedroom, and blackmailed her into performing sex acts for him on camera. Fortunately, she and her parents did go to the police. And four years ago a “crackdown by the FBI and police in 19 countries brought more than 90 arrests in what authorities say is a serious strike against ‘creepware,’ including Cassidy’s perp – a fellow high school classmate. Undoubtedly, Blackshades – or something like it, is still out there. So I invested $9.99 with Amazon to get six webcam cover sliders.

So, just as I did, I’d urge you to block out the next couple of hours to protect yourself from the growing legions of bad guys out there, who are using what should be your protected information for their fun and profit.

Be safe!

by Mimi Grant, President, Adaptive Business Leaders (ABL) Organization – Round Tables and Events for CEOs of Technology and Healthcare Companies