Pay the ransom – or watch me wreck your life
Chilling new computer menace that is driving victims to suicide...
At first, the message seems harmless – an email pops up on your screen that could be from a friend or colleague. But click on it and your blood will run cold. Because what follows is a string of vicious threats to destroy your life unless you hand over money. The ‘ransom’ email explains that you have been caught viewing an adult website – captured on your computer’s camera.
To add credibility to the sting, the email includes key private details, such as your phone number and secret passwords for a bank or shopping account.
The effect is chilling, as Sarah Hartley, a Mail on Sunday journalist, found out for herself when she was targeted recently. ‘Like most journalists, I am as tough as old boots and used to dealing with all sorts. Yet what horrified me most about receiving such an email is that it breached my work firewall,’ she says.
‘The email name had looked credible. It came from a common female name and I had assumed it was a public relations adviser. So I clicked on the option to permit. But when I read it I flushed hot and cold from head to toe – I was stunned by the sheer nastiness of the words [see right]. Adding to my sense of fear was that the email included a password I use for an online shopping account. A barrier had been broken.’
It used to be easy to spot and deal with, attempted cyber fraud. You might get an email from an African dictator’s widow who needs to transfer €50m out of the country. All you have to do to help her is provide access to your bank account. But online scammers have upped their game. You have probably given out your email address and phone number hundreds if not thousands of times. That information easily finds its way onto massive directories traded by scammers.
Most likely it has already been bought and sold numerous times among criminals.
The latest development in scamming is the personal touch – they know something about you: who your boss is; your daughter’s name; your phone number, or even just your email address. When you are contacted, your guard is down.
Millions of people have received this latest example of ransomeware. It tells the recipient he or she has been caught viewing an adult website and captured doing so on the computer’s camera. I have received that very email which, in my case, contained the last four digits of my mobile phone number.
Ms Hartley adds: ‘Although I knew I had not been watching pornography, the way I was threatened – that a video of me would be passed on to contacts if I dared breathe a word – was horribly menacing. I would have been mortified to know my friends and work colleagues might be contacted in this way. ’
Ms Hartley ignored the email. But criminals are frightening victims into handing over hundreds or more in anonymous Bitcoins. If they do not pay up, the blackmailer says they will share the details they have on the web.
Experts say the cyber attack appears to stem from a major security breach online that happened years ago. The details – passwords, emails and phone numbers – were subsequently traded around the murky world of the Dark Web for years. Personal information can be bought for as little as €5. Or it can be ‘harvested’ using gadgets bought for about €50, according to Colin Tankard, head of cyber security firm Digital Pathways. He has been targeted himself in the latest scam.
He says: ‘Ransomware can destroy lives. There have been instances when people have committed suicide as a result of the horrible threats made. It breaks up perfectly stable relationships and causes untold misery.’ Paying up is the worst thing a victim can do. You are then put on a “sucker list”.’
Your name will be added to lists of people deemed susceptible to crime, which are then traded among criminals – leading to more demands for money.
Being a Dark Web criminal does not require much skill – just a lack of scruples. Mr Tankard says a harmless looking €50 USB stick device known as a ‘rubber ducky’ can be inserted into the side of a laptop. It includes a ‘slurp’ facility that will then instantly grab hold of personal computer files, including passwords and contacts. The details are copied, leaving the computer user none the wiser.
Similarly, a small hand-held ‘Wi-Fi pineapple’ box with antenna can be purchased on the internet for €100. It offers free Wi-Fi to nearby internet users and even imitates servers, perhaps pretending it is the Wi-Fi provider for the coffee shop a person is sitting in. The device can be used to steal home log-in details for Wi-Fi.
Ruth Walker, of internet search engine consultant Evolved, says: ‘These details have often initially
been gathered through phishing – perhaps using pop-up windows or emails with click-on links to websites that harvest personal information.
‘People often have the same password for a variety of services, making it easier for criminals to build a data profile.’
Experts say computer users should be wary of pressing links on pop-up windows or contained in unsolicited emails.
Rogue security software and copycat websites, claiming to be popular online shops such as Amazon and eBay, payment system PayPal or official organisations such as the Revenue Commissioners or Customs, are favoured by fraudsters hoping to trick you into giving away private information. Anti-virus software is a way of combating a cyber attack.
Providers that offer free options include Avira and Sophos. Others worth considering include McAfee, Intego, Norton and Bitdefender, although you will have to sign up to an annual subscription costing at least €30.