/dq/media/agency_attachments/UPxQAOdkwhCk8EYzqyvs.png)
Follow Us/dq/media/post_banners/wp-content/uploads/2019/10/anonymous-2755365_640.jpg)
The Indian Computer Emergency Response Team (CERT-In) recently warned citizens about a new email extortion campaign scaring email recipients into thinking they've been hacked and their personal information withheld unless payment is made through bitcoin. CERT-In said in its advisory that the hackers would try to grab the attention of recipients by writing their old password in the email.
The scammers are then resorting to crafting a story, thus trying to make the recipient believe that he/she is a skilled hacker by using fancy computer jargon. The scammers finally proceed to ask for cryptocurrency in exchange for control of the recipients’ device.
“Phishing emails that are intended to scare email recipients into believing that a bad actor holds personal information about them are one of the oldest "tricks in the book". However, these types of attacks still have the potential to threaten a corporate environment if a bad actor attempts to extort data about an organisation from an employee or infect a network with malicious links in the phishing message. The good news is that typically, the malware delivered by phishing messages will try to exploit well-known common vulnerabilities. Criminals like easy 'low hanging fruit,” said Adam Palmer, Chief Security Strategist at Tenable.
Nevertheless, CERT-In has clarified that citizens must not fall prey to this trick, and also not send any payment to scammers. The reason scammers would happen to know about old passwords could be because of leaked data breaches shared online. Viewers can also protect themselves by changing their passwords.
“The best way for an organisation to defend against this type of attack, in addition to user awareness, is to practice good cyber hygiene - such as by identifying critical risks and patching systems with common vulnerabilities favoured by criminals, blocking malicious sites and IP addresses, enforcing multi-factor authentication, and using encryption for sensitive data. These recommendations make it far harder for criminals to be successful,” adds Adam Palmer.