“HOW did he know what’s in my password?”
This thought raced through her mind as she read his e-mail.
Her nickname for her daughter, “sugarpuff”, was part of her password for her work e-mail and other online accounts.
But it was staring back at her in the e-mail title from this stranger.
In his message, he threatened her to pay him USD888 (RM3,615) in Bitcoins, sarcastically telling her to Google how that works if she didn’t know. Or else, he would shame her by spreading a “compromising” video of her viewing pornographic material.
“If you ignore this email, I will send the video to all your contacts. Think about the shame you will get.”
The truth is, she has never viewed any smut on the said computer.
It was her company’s desktop and she only used it for work. But how did he figure out her password?
“I felt like I was sweating buckets. I couldn’t sleep because I was worried what else he knew about me,” says Emilia (not her real name), who reported the incident to CyberSecurity Malaysia (CSM).
She says she immediately changed all her passwords after receiving the e-mail.
The scammer claimed that he had installed malware on a porn site, which he accused her of visiting. Using the malware, he allegedly gained access to her computer’s screen and web camera. From there, he said he collected her contacts from her e-mail and social media accounts.
“Then I made a double-screen video. The first part shows the video you were viewing (you’ve got nice taste). The second part displays the recording of your web camera, and it’s you in it,” read the scammer’s e-mail.
The scary part about this story is: It is technically possible for such despicable deeds to be done, says CSM.
However, based on CSM’s investigations into such cases, claims by these cybercriminals have been consistently fake.
There are no disgraceful photos or videos recorded, devices being hacked or installed with malware, or passwords cracked.
“Victims should simply ignore these e-mails as such cybercriminals are trying their luck in threatening victims for money.
“However, to be safe, victims should scan their devices with a reputable anti-virus software to ensure their devices are clean and updated,” CSM advises.
In Emilia’s case, she had also reported the matter to her company’s management since it involved her work e-mail.
“My company’s IT department received about three other similar complaints since November.
“As to how the scammer knew part of my password, the department said the scammer could have made an educated guess through social engineering techniques.
“This includes stalking public posts in my social media accounts to find out more about my life,” she says.
CSM chief executive officer Datuk Dr Amirudin Abdul Wahab reveals there has been a spike in such cyberblackmail cases over the past two years.
From 17 cases reported to CSM in 2017, it jumped to 46 last year, he tells Sunday Star.
“Of the 46 cases in 2018, 13 incidents involved organisations.
“The rest are from individual victims,” he says.
Contrary to what many may believe, this type of cybercrime isn’t due to the weakness of defences.
“But it is more likely due to the increased avalibility of public e-mail addresses like work e-mails.
“Information such as e-mail listings are becoming more available online, making it easier for those e-mails to be targeted randomly,” Dr Amirudin says.
With the nature of businesses and our personal lives intricately weaved into the digital world, it is nearly impossible to avoid some information being available online.
Nevertheless, CSM says there are several tips to follow to prevent being preyed on by cybercriminals.
“Never send compromising images of yourself to anyone, no matter who they are or who they say they are,” urges Dr Amirudin.
The public should also avoid opening attachments from people you don’t know, and generally, be wary of opening attachments even from people you do know.
“Turn off and cover any web cameras when you are not using them.
“Also, scan your device with a reputable anti-virus or anti-spyware program to ensure the device is safe,” he adds.
He also calls on the public to report any cybersecurity incidents to CSM for assistance.
Contact CSM through their e-mail email@example.com, or call 1-300-88-2999 (during business hours).
Its 24-hour handphone number for incident reporting is +60192665850.
For more information, log on to www.mycert.org.my .