What to Do if a Hacker Threatens You / What Would You Do if You Were Extorted?

What would you do if you were contacted by a hacker threatening to publish compromising information about you? This may seem like a hypothetical question, but this extortion tactic is widely used by hackers today and brings in big bucks. Typically, the hacker threatens to reveal your account details or a sensitive photo or a video of you, so you give into his demands, which can be a frightening experience, but in truth, you don’t need to worry. The emails may look real, but they aren’t. And they can be a GOOD thing. You learn more about your online security than you would know if you hadn’t been contacted. If it contains any passwords, you will be in the best position to learn what passwords to change so you protect yourself from the real online threats lurking deeper in the web.

Sextortion

One of the most popular extortion techniques is “sextortion,” where hackers threaten to expose a video of you or personal photos unless you give in to his demands. He may state he took photos or videos of you with your computer camera without you knowing, and will send them to your family, friends, and social network contacts. This is anyone’s nightmare, making it an effective strategy. In 2018, this tactic resulted in $83 million in blackmail dollars alone.

What the Emails are Like

These emails seem personal to you, but they are formulaic and easily recognizable if you know what to look for. To sound authentic, they reveal your name, a site you visited, and your password. The rest of the email follows a standard format of instructions.

Typically the communication is only by email. Even with sextortion, there is no personal interaction. No people wave to you and flirt with you, seeming interested in you, to gain compromising information about you so you give in to his or her demands. In fact, nothing else is happening either. No hackers are staring at you through your camera, and no programs are on your computer systems in order to expose you.  

Emails are used most often because they can be sent in bulk. You are among thousands of people being emailed at once, each email with its own name and password pulled from a database sold by either one or a group of hackers on the dark web. Email casts a wide net to as many people as possible.

In addition to individual passwords, the emails share similar traits:

1) The hacker mentions that a personal, sophisticated, “one-of-a-kind” software system or a special type of malware was used to obtain a photo or a video of you. None of this is true.   

2) Specific dollar amounts (such as $541 of $873) are used to feel authentic.

3) You are given a short deadline for payment.

4) The payment address is a long series of numbers and letters.

Reading the emails is an intimidating experience for sure, but you can relax. You have nothing to worry about from this scammer. That said, you have some other work to do.

What Would You Do if You Were Emailed?

Things You Should Do if Your Account is compromised:

Step #1: Pay Attention to the Password

If the password is out of date, you are fine. If it looks current, the concern here is not with the hacker and the extortion, but that the password is widely used by hackers across the web, creating a bigger issue. With details of your identity compromised, hackers can search computer systems in order to access your financial accounts and figure out what other kinds of information they can learn, like answers to password safety questions and your social security number.  

Step #2: Change your password

  • Make Sure All Passwords You Use are Different

If your passwords are unique to each website, you can verify the password mentioned in the email. If it is different, you can relax, and then use the password to figure out what site is compromised.

  • Switch to two-factor authorization

This type of authorization is usually your password and a second verifying factor within computer systems in order to strengthen the barrier. Some permissions include clicking on imagery, such as light posts in a series of photos, or sending you a code on your phone to input. Since hackers often use bots, they won’t be interested in sites that require manual work. Even if they were determined, it would take a group of hackers so long to figure out what the temporary digital codes on your phone would be that they wouldn’t bother.

https://twofactorauth.org/ This site shows you what sites require 2-factor authorizations and provides instructions on how to set them up.

  • Use Fake Answers to Password Questions

What’s your favorite bicycle? Maybe an elephant.

The stranger and the more foreign your answer it is to you, the better. And keep each answer unique. Maintain a record of the answers in your encrypted passwords app or paper notebook and remove them from your computer systems in order to prevent cyber theft. The unique answers tell you where you were compromised so you can be in the best position to stop it in its tracks.

Step #3: Look for Similar Scams

Look online for spam with similar terminology to know if you were sent a generic email while gaining more ammunition so you can be in the best position to notice future scams. You learn the latest tactics from all different types of hackers while learning the depth they will go.

When the email includes an address link to send money, search the address Google to see if it pops up as spam.

Step #4: Check Your Spam Filters

Check your spam filters to ensure they are up to date. If needed, more advanced systems can be purchased to fight different types of hackers, and your administrator may already have spam solutions for your computer systems in order to protect you further.  

Step #5: Tell the Authorities

What would you do if you were concerned that hackers would still come for you, or if the emails have more compromising information about you? You can notify the local police and your IT department to start. They typically know similar scams and how to deal with them. You can also report the emails to the FBI via their website athttps://www.ic3.gov/default.aspx. It is good to notify them, so they stay on top of the latest hacks and their strategies.