The world of technology can be daunting for anyone who does not regularly use it or know much about it. Unless you work in IT, you may be baffled by and suspicious of anything outside of the ordinary use of emails, Google, WhatsApp, YouTube and the like. In the case of scam emails, you are right to be suspicious.
If you have ever received a scam email you will know how worrying this can be. There are countless such scam emails floating around; some more convincing than others.
As people spend more time on their computers and smart devices, scams have become more sophisticated. Because of our increased use of and reliance on technology there is increasing scope for cyber criminals to take advantage of the less IT-literate.
We have advised several clients who have received threatening emails or texts. Such messages can be very intimidating and are distressing to receive. Sometimes they are generic (containing none your personal details) but many are bespoke.
By way of example:
One of our clients recently received an email from an unfamiliar email address. The name linked to the account was unusual but the subject line immediately caught our client’s attention – because it was his email address and password details!
The sender of the email claimed access to our client’s phone numbers saved to his contact list in his mobile phone, and details of his social media accounts. The sender also boasted access to our client’s recent internet history. This even included his alleged accessing of pornography, remarking that he had ‘a peculiar taste’ in this regard. Furthermore, the scammer claimed to have video footage of our client (obtained via his webcam which was inbuilt into his computer, as most are) engaging in a sexual act. Alarmingly, the sender threatened to send the video to the contacts list in our client’s phone unless our client paid £2,000 to the scammer in bitcoin currency within the following 24 hours.
The email ended with the suggestion that the opening of the email had triggered a countdown for our client to make the payment.
If you have received an email like this it is in all likelihood a hoax. Needless to say you should never accede to blackmail threats.
There are many variations of this particularly menacing scam, which plays on the fear of humiliation. People are often ashamed to admit to watching pornography. But the fact is that viewing legal pornography is not an offence and indeed is widespread, particularly in the UK. https://www.gizmodo.co.uk/2018/12/the-uk-is-still-the-second-most-porn-hungry-country-in-the-world-according-to-pornhub/)
How do scammers know my email address and/or password?
You may have heard about large scale data breaches in which the personal data of thousands is “hacked” or is published without the consent of the data subject. The Equifax case is one such example, Morrisons is another. In most cases, if your details have been breached, you will receive notification of this from the organisation that is responsible for keeping your data secure (the ‘data controller’). But this does not happen in every case. When a large security breach occurs thousands of people’s personal data may be leaked and then sold on by cyber criminals, to the market on the dark web.
Scammers may buy this stolen data and use it to exploit those who may be unaware their data has been breached. Scammers will often request payment in some form of untraceable currency such as bitcoin, as was the case with our client.
What should I do?
If this has happened to you, please remain calm as it is unlikely that the scammers will have access to your bank account details. But as a precaution you should change all of your passwords on all of your online accounts and delete the ransom email from your inbox. You should also make sure that your online banking details are secure, checking for any unusual activity.
If you have received a notification from an organisation that your data has been breached before receiving the scam email/s then you may be able to claim compensation from that organisation for the distress and/or financial loss you may have suffered.
If you did not receive any sort of notification, there are a number of websites you can use to check whether your personal data have been breached. For example, Have I Been Pwned?.
If it appears that your personal data has been breached by a company (or several) you should contact that company and request details of the breach; this should include confirmation of whether your data was affected. If it was, you should get in touch with our team who will advise you on how to proceed.