I caught you watching porn.

Every time we browse the internet or receive email it is linked to a location and we leave a virtual trail of breadcrumbs behind.

This is fine for the vast majority of us, but it is not ideal if you operate on the wrong side of the law; unfortunately, there are a lot of people who do.

The reports of online fraud are all too common and like me, you’ve probably received a threatening email in your inbox demanding payments in exchange for your privacy.

So how do these guys get away with it?

It starts on the dark web and it’s far easier than you think to navigate.

The Dark Web is a series of servers that all have hidden locations, and to get on you need something called an onion browser. The browser has layers, hence the name. These layers make it very difficult to tie the breadcrumbs to a location.

Once you’ve got your browser you can browse pretty much anything you want, and more often, many things you don’t!

It’s a growing problem and a recent call inspired me to write this blog.

A client of ours received an email saying that they had been filmed through their webcam while browsing pornography sites. It went on to demand $2000 and threatened to release the footage to their entire contact book.

Have a read of it here…

Ian,  cobalt is one of your passphrases. Lets get right to purpose. You may not know me and you’re probably wondering why you are getting this email? No one has paid me to investigate you.

Let me tell you, I setup a software on the xxx vids (sexually graphic) web site and you know what, you visited this web site to experience fun (you know what I mean). While you were viewing videos, your browser started functioning as a RDP that has a key logger which gave me accessibility to your screen as well as web cam. after that, my software program gathered your complete contacts from your Messenger, FB, as well as e-mail . And then I made a double video. 1st part shows the video you were viewing (you have a nice taste lmao), and next part displays the view of your cam, yeah its you.

You have got a pair of solutions. We are going to look at these options in details:

Very first solution is to neglect this message. In this case, I most certainly will send your actual video clip to all of your personal contacts and then visualize about the disgrace you feel. And consequently in case you are in an important relationship, exactly how it will certainly affect?

2nd option will be to give me $2000. We are going to describe it as a donation. Consequently, I will straightaway remove your video. You could keep your way of life like this never took place and you will not ever hear back again from me.

You’ll make the payment through Bitcoin (if you don’t know this, search “how to buy bitcoin” in Google).

BTC Address: 1D3yDTzCwP2tsbVNpq2FvenD98cNNfktYH

[CASE-sensitive, copy & paste it]

Should you are making plans for going to the cop, well, this e-mail cannot be traced back to me. I have taken care of my moves. I am just not trying to charge you so much, I prefer to be paid.

You now have one day to make the payment. I have a specific pixel within this email message, and right now I know that you have read through this e-mail. If I do not receive the BitCoins, I will definately send out your video to all of your contacts including close relatives, coworkers, and so forth. Nevertheless, if I receive the payment, I’ll destroy the recording right away. If you want to have evidence, reply Yeah and I will certainly send your video recording to your 11 contacts. It is a non-negotiable offer, so don’t waste my personal time and yours by responding to this email message.

Fortunately, in this instance, this person was a chancer, but what can you do to protect yourself online?

The first thing is your passwords.

Don’t use obvious words or word and number combinations; ‘123456’ and ‘password’ are great examples of what NOT to do. Maybe 15 years ago I did use cobalt as a password.  For some of you, however, your passwords will be much more recent.  If they are, change them now.

How do they get hold of your passwords?

It’s scarily simple. They purchase them with bitcoin on the dark web.

How did they get there?

Companies get hacked, and you’ve probably had an account with one of them at some point. Examples are eBay, Sony, Yahoo (more than once), Ashley Madison, Talk Talk, Facebook, Debenhams, Three, Sports Direct, but to name a few.

Can I get the information removed and what else can I do?

Removing your information isn’t easy. These criminals are committing the perfect crime. This could be a teenager sitting in their bedroom in Hackney or a firm of hackers in an office in Eastern Europe. They are hard to trace and even more difficult to catch.

The most important thing to do is to give your passwords a spring clean. Make them more complex and use phrases instead of words. DeepBlue0verc0at# is a dictionary word phrase but it has layers of complexity with the addition of numbers and characters.

I know that remembering passwords is mission impossible, but there is software which can do it for you. I use LastPass <not on commission>, and it generates and stores all my passwords.  Here’s an example of one – “x5E2X&z^zKZx”.

There’s no way I would remember this, but I can access it easily from within the encrypted app. Using an app like Last Pass is just as quick as using saved passwords you know off the top of your head. You don’t lose speed and you’re a hell of a lot more secure!

Finally, don’t freak out if you get emails with your information on. Spear Phishing is specifically targeted at you and it’s crafted to elicit fear. These guys are very well resourced and it’s how they make their living.

We’re here if, or more likely when you get a suspicious email. Strong passwords are a solid start, but robust cyber policies and procedures are vital to keep you and your business safe online.

This is what we do.