Updated: Oct 7, 2019
Members of the public have reported receiving scam emails that appear to come from their own email account, threatening to reveal intimate images of them unless they pay a fee.
This email scam is widespread, with the Australian Cyber Security Centre, Office of the eSafety Commissioner and Scamwatch receiving over 300 reports from the public this week.
How it works
This scam uses a tactic known as ‘sextortion’ – a form of online blackmail where a cybercriminal threatens to reveal intimate images of someone online, often to their friends and family, unless they pay a ransom quickly (often in cryptocurrency).
The scam uses ‘spoofing’ to make the email look like it’s come from your own email address. Email spoofing occurs when email addresses are manipulated to come from a different source, but display as a legitimate address. This is a technique commonly used by cybercriminals to make their scam seem real.
How do I stay safe?
If a blackmailer is threatening to reveal intimate images of you online, do not give in to their demands, it is most likely a fake threat.
Report it to the Office of the eSafety Commissioner. (you can find the matching eSafety agency in your country by googling: cybersecurity government agency in <country name>)
If you receive one of these emails, don’t give the perpetrator any money or images, and stop all contact with them. In Gmail you can open the scam email and tap on the 3 dots menu and select Report phishing (similar options will be found in other email programs). This will alert your email account company and they will warn others and block such emails from coming to other users.
If you’re concerned about your physical safety call Triple Zero (000) or contact your local police.
Change your passwords for all social media and online accounts – including your email account – straight away, and review your privacy and security settings.
Cybercriminals can use your personal details to their advantage, like manipulating your email address if it has been caught up in a data breach.
You can check if any of your email addresses have been in a data breach by visiting https://haveibeenpwned.com and type in your email address. If there are some that come up gop to those websites and change your password.
Additional Setup from Cyberkite: Visit Cyberkite website www.cyberkite.com.au/cybersecurity and select Book a Cybersecurity Healthcheck to book us for a cybersecurity healthcheck or select Request a Quote of you need an overhaul of your small business IT security.
If you have experienced image-based abuse, you can also contact the Office of the eSafety Commissioner to report and seek support, including links to counselling support services. You can report scams to Scamwatch: https://www.scamwatch.gov.au/report-a-scam (you can report a scam in a similar way in your country by googling: report an email scam in <country name> )
© 2019 Australian Government. All rights reserved.
Republished by Cyberkite with additional notes.