The internet is a wonderful resource, and without it, simple activities like reading this article would be impossible.
Yet the decentralised nature of internet connectivity means its in-built anonymity is easy to exploit in areas like cryptocurrencies and VPNs.
Consider the relentless growth in online extortion, where threats are used to obtain money or sensitive material – financial data, compromising images, etc.
The term is often used interchangeably with ‘blackmail’, but the aim of both is to acquire something of perceived value – or something which can be used to perpetuate more extortion.
Here’s how to tackle online extortion, should you be unfortunate enough to fall into the crosshairs of a malevolent individual…
Dispelling a few myths
Let’s start by eliminating the notion that extortion only happens to vulnerable or gullible people.
You don’t need to have an embittered former partner holding intimate photos of you to be at risk, and nor do you need to be an internet novice.
Anyone could become a victim since extortion is often powered by malware, randomly distributed in the hope (rather than expectation) of infecting devices and finding victims.
The people behind an extortion campaign may have widely varying motives – financial gain, traducing a reputation, obtaining intimate photos or gaining access to something restricted.
Don’t assume extortion is an unpunishable crime, either. It can incur prison sentences of up to 14 years, under the 1968 Theft Act.
That’s why online extortion usually involves payment in untraceable cryptocurrencies like Bitcoin.
Stay secure, stay safe
Having established that this is a stateless and often randomly targeted crime with varying motives, it’s important to consider how to tackle online extortion by preventing it at the outset.
Start by installing antivirus software with full operating permissions and the ability to update itself as often as required, to negate the risk of zero day malware.
Raise privacy levels on any devices you use to the highest sustainable level and approach any unsolicited communications cautiously – especially emails.
Why would a complete stranger email you a photo? Why would a company you haven’t bought anything from suddenly issue a PDF receipt, or promise you a refund?
We’ve previously explained how spelling mistakes, random sender email addresses and vague terms like ‘Dear customer’ are hallmarks of spam emails and malware.
Minimise the amount of personally identifiable information (PII) you publish online, especially on the social media accounts targeted extortion campaigns often feed from.
A good rule of thumb is to only post things you’d be happy for your parents and colleagues to see. If it’s more provocative than that, could it be weaponised and used against you?
If you’re not willing to delete social media accounts altogether, ramp up privacy settings and never accept follow requests from strangers.
Don’t engage or compromise
If you become the victim of extortion, staying calm and not making hasty decisions is the best starting point.
It’s a mistake to think that playing along will help. No amount of money or kompromat will ever sate the criminals’ appetite once they know you’re willing to cooperate.
Avoid all forms of online or offline communication with them, and never give into even seemingly innocuous demands, which could be the start of an escalating campaign.
Do retain any communications or messages as evidence of when and how you were approached, the language used and anything which betrays the criminals’ identities.
Save messages; take screenshots; note times and dates when the criminals communicate with you, all of which might become valuable evidence in any future prosecution.
Criminals will threaten all sorts of adverse consequences if you approach the authorities, because the police pose the greatest threat to their activities being allowed to continue.
To eliminate the possibility of the criminals discovering what you’re up to, use someone else’s phone to report what’s happening, and stay offline on any compromised devices.
If the extortionists have managed to install keystroke logging software on your home PC, for instance, every web search and email you type in will be monitored in real time.
However, they won’t be able to monitor devices belonging to other people, which will allow you to investigate ways of stopping any extortion campaign without their knowledge.