Scams – Ransom emails – Don’t panic – but take action now!
Have you received an email demanding ransom money in order to prevent the sender from telling all your contacts that you have allegedly been visiting adult sites ??
“just send xxx bitcoin” etc.etc. usually in fairly poor English as well.
Sadly, this type of vile email scam is on the increase, massively.
It’s quite understandable that such an email can be worrying even for the most innocent of users and can put everything into question, especially if the mail includes personal information, such as a password.
The answer is, don’t panic, but you must take some action – now.
Even though they may have obtained a password or other confidential information from one of the many data breaches that have happened, they really don’t have any evidence of your activity and it is a scam.
IMPORTANT - Don’t reply to them and don’t try to pay them anything.
If they have included a password on your email, it is likely it has been obtained from one of many data breaches. If you have had a legitimate email from someone like Adobe or LinkedIn to change your password and haven’t, that is because they lost vast numbers of logins and passwords so you need to change them (and you can often add extra levels of security such as adding mobile numbers to check when you change passwords etc, or notify you of new login locations). You can check if your email address was included in a breach by going to this site: and entering in your email address.
The likelihood is that your address will appear to show your details have been lost – yet again, don’t panic as millions of people’s information have been lost/stolen, including mine. If you recognise any of the sites in the list, make sure you change your passwords on them. Also if you have used the same password elsewhere, I would strongly advise you to change them too.
With passwords, please try to use a ‘strong’ password and use different passwords on different sites. You can use a password manager like LastPass (I do and it’s brilliant !!) it also has a secure password generator – go to https://www.lastpass.com for a read and a trial. Google Chrome has integrated password management with Smart Lock.
If a ransom email to you includes any bank details, make sure your online accounts are secure and speak to your bank if you are at all concerned.
Remember to keep your computer updated and running up to date security software. I know, we all hate Microsoft updates etc. etc. but it really is a necessary evil to keep your PC up to date and secure. I would advise not to rely only on Microsoft Security Essentials or Windows Defender but consider a third party security solution with spam filters. Contact me (firstname.lastname@example.org) and I can help you with this.
This is especially important for businesses who rely on employees to keep a computer updated – owners should ensure this is done across the board by speaking to their IT company and putting something in place. Statistics show that businesses haven’t reacted to the recent WannaCry and other ransomware outbreaks to take these first basic security steps. If you don’t have an IT department or an IT company supporting you, feel free to contact me here.
For businesses, I strongly suggest you use a good corporate security software that reports centrally so any issues are reported and can be actioned – don’t rely on a terrified employee reporting it to you. Bear in mind that these emails won’t be flagged as viruses, so you might want to make sure all your employees are aware of the latest outbreaks – these have included in the past, emails pretending to be emails from other employees asking for money to be transferred to specified bank accounts or “click here to see the inoivce” etc. etc.
Taking it further, if you are a business and want to ensure your employees can’t access adult, gambling or other sites, you can use content filtering software or hardware to prevent this, in line with your acceptable use policies.
I always recommend multi-layer security which includes my offering of Avast Business CloudCare, which includes traditional antivirus, secondary security modules and optional content filtering, combined with centralised control and monitoring.
There are already a number of variations on the email detailed in the article above and again, I received one of the versions with an old password a while ago. Needless to say, I have done all of the above !!
Finally, a personal note. I’ve seen first hand with some of my customers the stress and worry these type of scams can have on people – of any age and or any level of experience with IT. Sadly the only way to counteract these vile, sick scammers is to raise everyone’s awareness so please, please make sure everyone you know is aware of the above and don’t let them worry unnecessarily.
You can always contact the Owl for a reassuring chat as well.
Here’s an article from the Daily Mail if you wish to read some more