Cyber criminals increasingly targeting Irish users with extortion campaigns
Security firm warns of sharp rise in number of attempted email extortion incidents
Skout Secure Intelligence has warned Irish users are being targeted with sophisticated extortion campaigns. Photograph: iStock
Irish users are increasingly being targeted by cyber criminals carrying out extortion campaigns, cyber security firm Skout Secure Intelligence has warned.
The US-founded firm, which has its European, Middle East and Africa headquarters in Portlaoise, said over the past few months it had seen a sharp increase in the number of attempted email extortion incidents in Ireland, with an average of one new incident reported per day.
It follows a general Europe-wide increase in such emails, which seeks to blackmail recipients by claiming they have personal and sensitive information on them, and offers “proof” by providing some login details that were harvested in previous data breaches. Ransom is usually demanded in digital currency bitcoin.
“Recipients of these emails may feel coerced into paying the ransom. This is because the password referenced in the email was in fact one that they had previously used in an online account and that was tied to their email address,” said Jessvin Thomas, chief technology officer.
“With the increase in big data breaches, billions of email addresses and passwords are indexed on the dark web and this is where cyber-criminals would have accessed them.”
The schemes are becoming increasingly sophisticated, with the use of real user data adding a new layer of authenticity to the scam. Mr Thomas said the use of such information also has a psychological impact on victims. “Most people’s passwords are personally generated,” he said.
However, it could lead to a new awareness of the scams and improve users’ security measures, Mr Thomas said. “It’s not a turning point as such, but more of a gradual increase in awareness,” he said.
Mr Thomas said recipients should not pay the ransom, and immediately change passwords and implement two-factor authentication where possible. He also recommended users flag emails that look like spam and never open attachments from people they don’t know.
The advice is standard, but Mr Thomas compared it to repeating security messages for your home or car about securing valuables. “People are leaving the keys in car, or leaving it running,” he said.