Other issues in this category (22)
Protect your reputation
Friday, September 4, 2020
What a peculiar message:
Hello, I work as a Private Investigator.
Our agency received a case with an objective of hacking into your email, phone, cloud storage, network and collecting intelligence.
We work with hackers from China for tasks like that, and they are the best. As you can see, they did a good job. Your accounts and devices are compromised.
But we do have an ethical protocol in place.
After checking the background of the person who paid for the hacking and investigation on you, I have decided to come forward and offer you to buy the information about that person (name, contacts, emails and other proof).
You will also get a report on yourself (including a list of compromised accounts, devices, logs, screenshots, photos and documents).
Normally, we do not disclose sensitive information about our clients, but in this case we will be.
Upon reviewing this case, I found that something illegal was planned against you.
The materials we have collected on you are very sensitive and can be easily used to blackmail you.
We usually address personal and corporate espionage cases, but this case is different.
We have received a prepayment of 50% for your case from that person (total agreed upon cost was 12500 USD).
However, I will give you a discount (without any profit for the agency), if you decide to buy this information.
Do not try to email me back. This is a throwaway address. I have to protect identity, because the nature of this job is illegal.
After I get the payment, I will get back to you. You have 2 business days to make the transfer. It will cost you 40% of the unpaid balance.
We will process $2,500 payment through bitcoin. In case you have trouble with bitcoin, google how to fund it.
Send BTC to this wallet 1yjQZMv2gQdpiMctyYk3vNRKbZiyGVN3t
It will be up to you what to do after you get the information. We will delete all files. The original client will get nothing and will never know about our deal.
Please keep in mind, because I need to pay Chinese contractors, and if you decline this offer, I will have to go to the original client and send all intel to cover the costs.
But at least you know that now and have a free heads up of what's coming.
For some reason, the author assumes that we will take them at their word— they provide no proof of the fact that they managed to hack into the system.
Hopefully, you all recognise a blackmail scam. Why do they choose to blackmail their targets? Because fear-based scams are more effective. Just another variation of a typical fraud scheme: "I've hacked into your computer and see what you are doing in there, and now I'm going to tell your superiors all about it".
Extortion is an omnipresent threat. And given that most corporate infrastructures are poorly protected, hacking into them is feasible too. How can a company prevent their reputation from potentially being damaged by an unidentified third party (this can be of vital importance if the company is negotiating a major deal or if its shares are being traded on a stock exchange).
First and foremost, assess the probability of an attack. Ensure that all services are available and no data has been encrypted. Furthermore, check your backup files (make sure that they are intact), and make certain that no malware has penetrated your network and that all vulnerabilities are patched. You can engage a third party to evaluate your security situation.
Point #1. In peacetime, make these preparations:
- Find competent professionals who can conduct a security audit of your infrastructure;
- Establish security assessment procedures that will take effect in the event of an incident.
Point #2. A blackmail message may arrive at any moment. Make sure that competent information security professionals are always on hand in your offices. Determine which staff members must be summoned in emergency situations. And make sure you have suitable replacements if the experts you need are unavailable.
However, technical analysis is a matter for tech specialists. The persons involved in handling a security incident should include:
- The PR team. Prepare several versions of the press release and compile a list of the organisations meant to receive them. Determine what your official response to an incident should be.
- Lawyers. Review the materials prepared by the PR team. Prepare the documents that need to be filed with law enforcement agencies.
- Top managers. Someone must be authorised to approve the emergency procedures.
And someone who has the authority to approve such regulations should always be available. This will help avoid situations when the person who has the power to sanction urgent actions is away on holiday.
The Anti-virus Times recommends
A blackmailer belongs in prison. But they will only end up behind bars if their potential targets prepare for an incident in advance. Protect your reputation!