In recent weeks and months we are seeing our clients reporting to us more of the extortion style phishing emails again, so lets break down what they are, what we need to be concerned with and how to deal with them.

These extortion phishing emails which were first identified by the National Fraud Intelligence Bureau in July 2018, whereby they claim to have evidence of internet activity carried out by yourself, tend to appear as if they are coming from your own email address.  They usually claim to have images or videos of you and threaten to share them and they will demand payment in some form to stop them sharing the evidence they hold.  On the 23^rd of April 2020 the NFIB reported they had 9473 reports of this email scam, with 200 reports that week alone. (https://www.actionfraud.police.uk/alert/fraudsters-send-victims-own-passwords-in-sextortion-scam )

Now, this can cause concern as you may think they have gained access to your email account to be able to send the email using your address. However, this is just a clever tactic by the phisher to give their email more credibility and is called spoofing.  It may also include a password which you have used in the past.  This information will have generally be taken from a previous breach of your personal data.  However, if you still use this password for any account you should immediately change these passwords.

The whole aim of these emails is to play on the recipients emotions, and they will have sent this email to enough different individuals that they hope enough will respond and pay the ransom to make their scam profitable.

So what should you do?  You should report the email through your organisation’s reporting procedures or delete the email.  You can also report these emails through the National Cyber Security Centre email reporting service – report@phishing.gov.uk  You should also ensure that if there is a password mentioned that you still use, change this immediately and look to implement any further security measures, such as MFA, on these accounts to improve their security.

We’ve included a helpful infographic from NCSC below on extortion emails and ActionFraud have a good further article on the topic which they released in 2018 but is still relevant now.  https://www.actionfraud.police.uk/alert/alert-cyber-criminals-send-victims-their-own-passwords-in-new-sextortion-scam

If you have any queries or concerns surrounding your Cyber Security, please don’t hesitate to get in touch with the team here at MJD.