Why Hackers Hack – Sextortion On The Rise And What To Do About It: AS HEARD ON: WTAG: [04-09-19]

On This Episode…

Craig is on with Jim Polito this morning. They talked about sextortion scams being circulated in the emails and about passwords and password managers you can use.

Related Articles

Share This Episode

For Questions, Call or Text:



Below is a rush transcript of this segment, it might contain errors.

Airing date: 04/09/2019

Why Hackers Hack – Sextortion On The Rise And What To Do About It 

Jim Polito 0:01
Welcome back. He’s here and thank God because the cyber criminals are out there. Still trying to get into your email. Well, how do you protect yourself? Well you start with this man, our Tech Talk guru Craig Peterson. Good morning, sir.

Craig Peterson 0:21
Hey, good morning, Jim.

Jim 0:22
How are you, buddy?

Craig 0:24
I’m doing great. We’re just in a conference, in fact, out west and now I’m trying to get used to the time zone again, back and forth, back and forth. There’s so much going on.

Jim 0:34
There is and they’re relentless, the cyber criminals in wanting to get into your email every time some other patches put up or some other security measure, they figure a way around it. So what’s the latest that they’re doing? And what can we do about it?

Craig 0:50
Well, if you don’t mind you, and let me let me explain something to the audience.

Jim 0:53
Explain, I like that. Explain.

Craig 0:58
Why are they doing it? And you get right down to it, you and I and everybody else around here. We’re living here in this first world country. And we enjoy all kinds of things. At the conference, I spent some time with a few ladies from Zimbabwe and South Africa. And they’re living there, this one lady is trying to help other women who are in abusive relationships there. Get out of that learn some skills. They make it $100 a month, in Zimbabwe. They do not have running water. Most of the days of the week the pipes are turned off, there’s no water at all. They don’t have the electricity that we have. It’s just amazing. And they were just absolutely livid about what they called entitled, stupid people worried about everything from the type of plastic bag all the way on out.

Jim 2:03
Don’t talk about plastic bags. You’re going to get people upset.

Craig 2:10 
Total first world problems, okay, I’m helping them by getting some use computers together, cleaning them up, I’m gonna be doing some free training for them on cyber security. So consider that type of person. And then then you can move on to Eastern Europe where it’s more than $100 a month that they’re making but they’re not making very much.

Jim 2:28 
They’re not making very much.

Craig 2:31
So if they can somehow get their hands on your data, if they can, you know, these people aren’t stupid. They’re just in a bad financial circumstance. So if they can get their hands on your data, let’s say one, one of my new clients had $100,000 taken out of their operating account, based on the technique we’re going to talk about, okay. $100,000, and this was an Eastern European, that means they can not only support themselves for a year or two, but they can support their brothers, their sisters, their parents, their grandparents for a year or two. You know, the getting a $500 from someone is a huge win. Again, these women in Zimbabwe, that’s five months worth of food and rent if they have to pay that. That’s huge, huge money. So we’re sitting here with our first world problems saying, well, why would anybody want to steal my credit card or my identity? Or get into my business bank account?

Craig 3:40
Well that’s why. Think think of the motivation of these people and how many people there, they’re going to be helping? So I had to say that because.

Jim 3:48
It makes sense. I’m glad I’m glad you gave that perspective, I mean, just about what they’re dealing with. And and if they you know, it drives people to some things. Drive people to crime.

Craig 3:59
They absolutely do and we just don’t realize it so much of the time zone, we have a very interesting conversation at dinner the night before last, with these ladies talking about what’s going on. So when you were talking about here with email is absolutely huge. Because again, these are just bad guys. And they are trying to get some money out of you. And they’re using some new strategies to get past these email security gateways. You know, you have some of the lower end ones that you might get from a Barracuda or an online site, and there’s ways to get past them. And that’s what we’re talking about just for a minute here. I’ve had a lot of listeners, contact me with these sextortion scams. Know, I’ve got them as well, I don’t know if you have. But what will happen with these sextortion scams, which is a type of blackmail, and right now it’s making up 10% send of all of the spear phishing attacks and email, and that number is rising. And if your employees are more than twice as likely to be targeted blackmail, then standard business email compromise. And so here’s what happened. They send an email that has in the subject line, security alerts type of message. They’ll include your email address, or even your password in the subject line. And they’ll say something like, Hey, you know, we have video of you on this porn site. And they’ll give you a password. Now remember, Jim, we’ve talked many times about do not put your password out on, you know, the same password on multiple websites? 

Jim 5:52
Yeah. Because once they get one, they get the others. Yeah.

Craig 5:57
They’ve got them all because it’s the same one. So they’ll either put your email, your email address, they’ll definitely put your password into these things. And now all of a sudden, you say, Oh, my gosh, what happened? And whether or not you were on that site, you’re questioning now wait a minute, they’ve got my password? Well, of course they do. If you use the same password everywhere, of course they do. And we’re seeing brand impersonation is huge. One out of three times a impersonate a financial institution.

Jim 6:34
And there is. Yeah.

Craig 6:35
There it is business email compromises and blackmail is on the rebound right now. So one of the most common ones is impersonating Microsoft and my dad fell victim to that one. Thank goodness, my mom called me and said, you know, your dad’s  talking to someone on Microsoft technical support? And I’m not sure. You know, one in five is a financial institution, the majority them now are sextortion emails with a security alert, subject lines and more than 70% nowadays, are trying to establish some form of rapport. Hey, we’re trying to help you.

Craig 7:17
Yeah, sense of urgency. And we’re using name spoofing techniques. And it’s getting past most of these lower end filters and gateways out there. So if you’re a business person, and this is, you know, they’re not all going to business email addresses, that’s for sure. And they are not all coming from them either. Right now, the number one source of these sextortion and other emails, is Gmail. It’s Google. Google’s not even able to stop them from going out okay. Huge. So just stay ahead, you’ve got to have the right combination of the right technology, which isn’t the cheap stuff, I’m afraid to say, you know. Look for something good look for Cisco’s email firewalls. Look for the higher end ones. You know, even a Barracuda is better than nothing. Right? So have that, but also have training for your people. You know what, I’m going to dig up, there is a website that Google has put out, I’ve got the URL somewhere. I’ll dig it out. I’ll text it out to our listeners here later on today, once I figure it all out. But this is training. It’s free, it takes five to 10 minutes, 15 minutes at the most. And what it does is it shows you on this website to type it asks for your name and email address, okay, now, they don’t use it in marketing or anything. But the goal behind this is to embed it into these fake emails, they’re going to show you they’re not going to send them to you, they’re just going to show you. And you’ll see the email on a web browser, just like it will be showing up in your normal email client. And you can mouse over and over over so they teach you some techniques. And with what’s going on right now, Jim, this is going to be a godsend. So I’ll make sure I SMS them out. Probably this afternoon.

Jim 9:13
All right. And it will tell you at the end of the segment, how to get to that stuff. But it’s very, very important. Craig, you’ve got I guess the real tip here is you’ve got to make different passwords for every single account. And you talked before about a password storage system to help people with that.

Craig 9:38
Right, exactly. So go into Jim’s archives, and you’ll find, here’s what it is, okay, there’s two password managers, I highly recommend. If you are a business user, absolutely use something called 1Password. So that’s the digit one, followed by the word password, 1Password is the way to go. And it’s absolutely phenomenal. And I’ve written this thing up about this, I’ll try and send that out later today too. I’ll try and send them both out. And then I use it for my family as well. But it does cost money to get the family options and to get the group options. And 1Password has multiple vaults so you can have a vault for your financial people, a vault for your marketing people, etc, etc. So I love that. And then the other one that is free, now 1Password does have free as well. Okay, just let me have all the advanced features which you don’t need from normal, just normal use. LastPass is the other one. LastPass as in last password. And both of these tie into your web browsers, they’ll create passwords, they will remember them, they work across all of your devices. It’s huge. So start today. Change all your passwords and use one of these two password managers.

Jim 10:57
All right Craig big help. Craig Peterson everybody. Now here’s how you get all this information. This is how I know this stuff. And you’ll be in on it too. Text my name, Jim, to this number.

Craig 11:12
855-385-5553. So just text the word Jim to 855-385-5553 along with any questions you might have.

Jim 11:26
Standard data and text rates apply. Craig will not sell your name to somebody, he won’t hack you. This is all free. There’s there’s nothing, nothing you need to do about it. It’s all free and he won’t pester you with incessant messages but he will alert you when something big happens and tell you what you need to do. Craig excellent segment. Thank you so much for the time.