Reading Time: 4 minutes
Sarah Diggs
Sarah Diggs, Client Services Manager

Just when you might feel you’re starting to get your hands around spotting classic phishing emails, a new twist is emerging. We’ve talked to a few rattled people who received what they thought was a personalized and very frightening blackmail message over email. The email seems incredibly specific, very aggressive, and, in one instance, even referenced a stolen password.

We will analyze these emails below, but it’s important to note that these emails are not personalized blackmail threats toward you. They are automated messages sent by machines, with hackers hoping that the general messaging hits a nerve with a small segment of the users it targets. It can use stolen credentials (gotten through many, many huge data breaches over the last few years) to fill in the blank of an email message, rather like a form letter personalized to you.

Because these attacks tend to be very explicit, we will not print an example in its entirety. However, we will analyze a few clues that will help you realize that these threatening emails are no threat at all.

1. The email message could apply to anyone.

While the message tries to sound specific, there are no personal details that would confirm that someone knows exact details about you and your behavior. Read the message and see if there are any exact details that only apply to you. If not, then it is a mass message where the hacker is betting on a few details coincidentally striking true.

2. Look for details that are not true.

In the email message, the blackmailer will state something like, “I placed a malware on the X video clips (pornographic material) web-site and guess what, you visited this web site to have fun (you know what i mean).” Later, the blackmailer mentions that they captured salacious activity via the person’s webcam. These untrue details are a clear sign this message is not personalized.

3. Understand how technology works.

Many tech support scams use a person’s lack of knowledge about technology to trick them into thinking a problem on their computer needs fixing. These blackmailers use the same lack of knowledge about technology to strike fear into a person.

Here is part of a blackmailing threat email: “While you were viewing video clips, your internet browser started out functioning as a Remote Desktop that has a keylogger which provided me accessibility to your display screen as well as web cam. after that, my software program gathered every one of your contacts from your Messenger, FB, as well as e-mail. and then i created a video.”

Oh my! Let’s break this down:

  • Remote desktop access is something you must grant to another person. It is software that requires clear permissions from your computer. When used ethically, you see this when an IT support person logs into your computer and takes it over to fix something. However, an internet browser cannot all of a sudden start functioning as a remote desktop.
  • A keylogger is malicious software that captures what you type and sends that data to a hacker. However, this is software that you would have to install. Saying “a remote desktop has a keylogger” makes no sense.
  • The blackmailer’s software program is like the Energizer Bunny. It just keeps going and going! Somehow it also gathers Messenger, Facebook, and email contacts. Again, it’s possible you could possibly install malicious software by accident that does such a thing. But—given just this email—the attacker is playing on your fear.

If you’re unsure about such technological descriptions, always ask your IT vendor or staff.

4. Google phrases from the email.

One easy way to check if the email is an empty threat is to take a phrase or two and Google it. For example, Googling the phrase “While you were viewing video clips, your internet browser started out functioning as a Remote Desktop” brings up the following credible articles among many:

If you receive a suspicious email, it’s unlikely you’re alone. Do some Googling and see if others have received the same email. Think of it like a form of fact checking.

Even though this type of blackmailing email is not a threat, you should take a few precautions:

  • If the blackmailer mentions a password that you’re still using, change it immediately! And better yet, change your password to a passphrase and enable 2FA.
  • Try not to open the email. If you open it, the blackmailer will know you at least opened it and may send you additional messages. Again, even these follow-up messages will likely be automated. It’s recommended that you mark the email as spam or junk, or simply delete it, without opening it.
  • Do not download any unknown software or attachments from untrustworthy sources. Whether you receive an email or visit websites, never download something without knowing you fully trust it. And even then, when in doubt, ask your IT vendor or staff when emails, links, or attachments seem suspicious.

Need training to help your city employees spot these increasingly complicated phishing emails? Reach out to us today.

Original Date: 2/13/2019