Data breaches have become a modern fact of life as too many places that retain our personal data have been successfully targeted by hackers seeking information from which they can profit. Often the information is credit card and debit card numbers that can quickly be used to make purchases for goods that are then sold on the black market to convert into cash. Other times, it is personal information that allows the hacker to access our various online accounts including bank accounts or to use the information to set up new accounts that the cybercriminals can exploit. None of these scenarios are good for the victims of these data breaches. Sometimes the fault is with ourselves such as when we use easy to guess passwords or the same password for multiple accounts. Other times the fault may be with the companies that hold your data that have not instituted proper security measures.
In any event, the FBI has recently noted that now cybercriminals are exploiting data breaches by threatening to expose the victim’s personal information to others unless the targeted person agrees to pay a ransom in bitcoins which are an easy way to money launder criminal activity. At the present time the ransoms range from approximately $250 to $1,200. Here are some of the extortion emails presently being circulated.
“Unfortunately your data was leaked in a recent corporate hack and I now have your information. I have also used your user profile to find your social media accounts. Using this I can now message all of your friends and family members.”
“If you would like to prevent me from sharing this information with your friends and family members (and perhaps even your employers too) then you need to send the specified bitcoin payment to the following address.”
“If you think this amount is too high, consider how expensive a divorce lawyer is. If you are already divorced then I suggest you think about how this information may impact any ongoing court proceedings. If you are no longer in a committed relationship then think about how this information may affect your social standing amongst family and friends.”
“We have access to your Facebook page as well. If you would like to prevent me from sharing this dirt with all of your friends, family members, and spouse, then you need to send exactly 5 bitcoins to the following address.”
“We have some bad news and good news for you. First, the bad news, we have prepared a letter to be mailed to the following address that details all of your activities including your profile information, your login activity, and credit card transactions. Now for the good news, You can easily stop this letter from being mailed by sending 2 bitcoins to the following address.”
Part of the problem is that sometimes, the cybercriminals are bluffing and merely are contacting people after a noteworthy data breach without actually having the information they claim to have.
The best way to avoid this problem is to limit the places that hold your personal information as much as you can. For instance, hospitals do not need to have your Social Security number. Use complex and unique passwords for each of your accounts and use dual factor authentication whenever possible. Also, do not store personal information or sensitive photos or videos on your smartphone. You also may wish to consider limiting the amount of personal information you provide on your social media accounts that can be used against you by being leveraged to gain access to your various accounts or trick you into clicking on links in emails or text messages that may download keystroke logging malware on to your computer, smartphone or other electronic device. You also should limit the use of your debit card to use as an ATM card because the rules regarding protection from unauthorized use of your credit card provide much more protection than the rules regarding protection from unauthorized use of your debit card.