Column: Don’t Be A Victim Of Sextortion

Their latest bit of mischief is being called “Sextortion,” and it could be coming soon to a computer near you. With the exception of a catchy title, it is costing people time and money. Here is how it works:

 One of these bad actors will send you an e-mail advising you he has gained access to your wireless network. He quickly gets your attention because, by golly, he has your wireless password.

 Since he is a basically useless person and has nothing better to do with his time, he claims to have been monitoring your visits to online porn sites. Because he is helpful, he has collected screen captures of your visits in a folder.

 With each one of us spending so much time on the Internet, it is easy to land on a site unintentionally. It is also possible in a moment of boredom to have searched “Jennifer Lawrence naked photos.” Even if you haven’t done so, and have only looked up the weather in Indian Hills, Kentucky, Jennifer Lawrence’s birthplace, or “Jennifer Lawrence Oscars” you begin to worry.

 This bad actor goes onto claim he has also gained access to your contact file. You believe him because he has your wireless network password. He threatens to begin sending screenshots of your shameful behavior to first a few of your contacts, and then to all of them.

 Because he isn’t completely bad, though, he offers you a way out of this unpleasantness. Just click on the link below and pay him a ransom in cyber currency. He goes onto tell you to save yourself the trouble of contacting law enforcement, since his address is untraceable. And just so you don’t feel lonely, he tells you he already knows you have opened the e-mail.

 Of course, this is all a horrible, reprehensible scam. You didn’t visit porn sites. And your only jeopardy will come if you click on the link. If you do so, this bad actor will have the opportunity to infect your computer network with malware. It is also possible he could lock down your network until a ransom has been paid. This last ransom threat will be real.

 We recommend you alert all members of your staff to be on the lookout for this e-mail scam, and direct them to not open the link. They should trash the e-mail and alert IT. Bad actors depend on the tendency for good people to be shamed by their e-mail, and so not report it.

 One more thing to do – purchase cyber insurance –While the first wall of defense against cyber risk is a comprehensive data security plan, no amount of preparation can fully protect your firm from this and other security breaches. The second wall is educating your staff on Internet issues which come up from time to time. The third and necessary wall is an insurance policy transferring the risk of loss from a cyber event to an insurance company. Due to potential limitations of standard liability coverage when dealing with the evolving cyber environment, work with your trusted broker to transfer your cyber risk to dedicated cyber insurance products.

Kevin McPoyle is President of KMRD Partners, Inc., a nationally recognized risk and human capital management consulting and insurance brokerage firm with offices throughout Pennsylvania. Kevin can be reached at [email protected]