40 million T-Mobile customers hit by US data breach
More than 40 million T-Mobile customers have been hit by a US data breach, the company has admitted.
Due to a rise in local reports, #CyberSafeWarks want to provide the residents of Warwickshire with information and advice on the dangers of sextortion scams, protection advice and where to report if you’ve fallen victim!
Sextortion scams are a type of phishing attack whereby people are coerced to pay a BitCoin ransom because they have been threatened with sharing video of themselves visiting adult websites. These scams are made to appear all the more credible because they provide seemingly plausible technical details about how this was achieved, and the phish can sometimes also include the individual's password.
Phishes are designed to play on people's emotions so that they will behave in a way which is out of character, and scams such as this are no different. The phisher is gambling that enough people will respond so that their scam is profitable; they do not know if you have a webcam, have been visiting adult websites, or the means by which you communicate with people – in short, they are guessing. The phisher hopes to emotionally trigger people so that they will 'take the bait' and pay the ransom.
The email can contain the victim's own password in the subject line and demand a payment in Bitcoin to prevent videos of the victim, on their computer visiting adult websites, being shared.
An example email reads;
"It Seems that, XXXXXX, is your password.
I require your complete attention for the upcoming 24 hrs, or I may make sure you that you live out of guilt for the rest of your lifetime.
Hey, you do not know me personally. However I know all the things concerning you. Your present fb contact list, mobile phone contacts along with all the digital activity in your computer from past 176 days.
Which includes, your self pleasure video footage, which brings me to the main motive why I'm composing this particular mail to you.
Well the last time you went to see the porn material websites, my malware ended up being activated inside your computer which ended up documenting a beautiful footage of your self pleasure play by activating your cam. (you got a unquestionably weird taste by the way haha)
I have the full recording. If, perhaps you think I am playing around, simply reply proof and I will be forwarding the particular recording randomly to 8 people you know."
What to do
The impact on businesses
Blackmail is a common practice among cybercriminals. Although most of the threats are usually inconsistent or fake, many employees lack enough knowledge and are easily taken in. Therefore, it's crucial to constantly raise awareness and talk about online scams within your business – including sextortion.
Employees in your business should know that this type of scams are on the rise, since the development of modern technologies, it makes it easier for cybercriminals to spread them more widely. An example of how hackers misuse technology to spread the scams is the COVID-19 pandemic. As many businesses shifted toward remote work and home offices, where employees were not protected by the corporate network, the number of online threats increased.
"A month ago, I received a contact request on Skype from a woman in her early twenties. We quickly became intimate online. Then, she threatened to post some of my sexually explicit pictures on my employer's social media profiles unless I transferred USD 600 to a third person in the Philippines. I did, fearing that she would jeopardise my employment. She demanded additional payments. I ended up informing my manager. Doing so was embarrassing."
Also, employees should be aware that the main purpose of sextortion emails is to make the victim pay – preferably in Bitcoins, which allows the hackers to collect the money anonymously. Scams are a great business with more than approx. 1,350 reports of sextortion scams nationwide. According to the National Crime Agency (NCA), the true number of sextortion cases could be even larger because many go unreported.
Online sextortionists will use increasingly sophisticated techniques to target employees across all sectors, posing a financial and reputational risk to them and their employers worldwide.