You've got (black) mail


“HOW did he know what’s in my password?”

This thought raced through her mind as she read his e-mail.

Her nickname for her daughter, “sugarpuff”, was part of her password for her work e-mail and other online accounts.

But it was staring back at her in the e-mail title from this stranger.

In his message, he threatened her to pay him USD888 (RM3,615) in Bitcoins, sarcastically telling her to Google how that works if she didn’t know. Or else, he would shame her by spreading a “compromising” video of her viewing pornographic material.

“If you ignore this email, I will send the video to all your contacts. Think about the shame you will get.”

The truth is, she has never viewed any smut on the said computer.

It was her company’s desktop and she only used it for work. But how did he figure out her password?

“I felt like I was sweating buckets. I couldn’t sleep because I was worried what else he knew about me,” says Emilia (not her real name), who reported the incident to CyberSecurity Malaysia (CSM).

She says she immediately changed all her passwords after receiving the e-mail.

The scammer claimed that he had installed malware on a porn site, which he accused her of visiting. Using the malware, he allegedly gained access to her computer’s screen and web camera. From there, he said he collected her contacts from her e-mail and social media accounts.

“Then I made a double-screen video. The first part shows the video you were viewing (you’ve got nice taste). The second part displays the recording of your web camera, and it’s you in it,” read the scammer’s e-mail.

The scary part about this story is: It is technically possible for such despicable deeds to be done, says CSM.

However, based on CSM’s investigations into such cases, claims by these cybercriminals have been consistently fake.

There are no disgraceful photos or videos recorded, devices being hacked or installed with malware, or passwords cracked.

“Victims should simply ignore these e-mails as such cybercriminals are trying their luck in threatening victims for money.

“However, to be safe, victims should scan their devices with a reputable anti-virus software to ensure their devices are clean and updated,” CSM advises.

In Emilia’s case, she had also reported the matter to her company’s management since it involved her work e-mail.

“My company’s IT department received about three other similar complaints since November.

“As to how the scammer knew part of my password, the department said the scammer could have made an educated guess through social engineering techniques.

“This includes stalking public posts in my social media accounts to find out more about my life,” she says.

CSM chief executive officer Datuk Dr Amirudin Abdul Wahab reveals there has been a spike in such cyberblackmail cases over the past two years.

From 17 cases reported to CSM in 2017, it jumped to 46 last year, he tells Sunday Star.

“Of the 46 cases in 2018, 13 incidents involved organisations.

“The rest are from individual victims,” he says.

Contrary to what many may believe, this type of cybercrime isn’t due to the weakness of defences.

“But it is more likely due to the increased avalibility of public e-mail addresses like work e-mails.

“Information such as e-mail listings are becoming more available online, making it easier for those e-mails to be targeted randomly,” Dr Amirudin says.

With the nature of businesses and our personal lives intricately weaved into the digital world, it is nearly impossible to avoid some information being available online.

Nevertheless, CSM says there are several tips to follow to prevent being preyed on by cybercriminals.

“Never send compromising images of yourself to anyone, no matter who they are or who they say they are,” urges Dr Amirudin.

The public should also avoid opening attachments from people you don’t know, and generally, be wary of opening attachments even from people you do know.

“Turn off and cover any web cameras when you are not using them.

“Also, scan your device with a reputable anti-virus or anti-spyware program to ensure the device is safe,” he adds.

He also calls on the public to report any cybersecurity incidents to CSM for assistance.

Contact CSM through their e-mail cyber999@cybersecurity.my, or call 1-300-88-2999 (during business hours).

Its 24-hour handphone number for incident reporting is +60192665850.

For more information, log on to www.mycert.org.my .

Article type: metered
User Type: anonymous web
User Status:
Campaign ID: 46
Cxense type: free
User access status: 3
   

Next In Nation

Covid-19: Parents want clearer school SOP should pupils, staff get infected
India wants Pfizer, Moderna, Johnson & Johnson to seek licence for COVID-19 vaccines soon: government official
Tawau police to track down those who flee from EMCO areas
Police looking for Indian workers seen being abducted in viral video
MCO: 73 arrested for various SOP violations on Monday (April 12)
Ramadan bazaar near Ipoh's Perak Stadium draws large crowd on first day
DAP infighting exposes chauvinism among grassroots despite its multiracial claims, says MCA
Flash floods cause traffic jams in parts of KL
Ismail Sabri: EMCO for four areas in Sabah and Pahang from April 14-27
Pulapol cluster accounts for 10% of Sarawak's record high 607 Covid-19 cases

Stories You'll Enjoy


Vouchers