Extortion emails – We have had some internal and external queries relating to the current distribution of extortion emails threatening to divulge information which could be embarrassing, or reputation and career destroying.
Firstly, let us assure you that these emails are completely false and have no relevance to reality, there are no files or evidence as described in the email, and there was no such hack.
These extortion emails are a fairly clever, and disturbing, social engineering attack. The perpetrators are leveraging data from third party account database breaches as evidence for the supposed collection of personally sensitive extortion material, providing a password which you have genuinely used at some time in the past. You will likely find that if you try that password, or the email address that received the message, they will show up on the password and email pwned checks on https://haveibeenpwned.com
These messages are being received on personal and corporate email addresses as they are fully automated and are simply crawling a database of credentials and account information.
Do not fall for this scam.
Do not be concerned about the claims in the email.
If asked by anyone about this, please inform them of the above and not to worry about this at all.
However.. if you still use this password for any services, company logon, Amazon, facebook, twitter, personal email, then do stop using this password and change it wherever it is used! this can now be considered a breached password and provides no account protection.
What this does potentially highlight is the vulnerability of classic password only account use, especially if you find that the password included in the email is still in use anywhere, to that end, this serves as a reminder to consider starting to use a password management service such as 1password (https://1password.com/) or lastpass (https://www.lastpass.com).
Password managers allow you to easily switch to using long unique passwords for every site you have an account with, passwords which you never have to remember. This allows you to follow current best practice and only change your unique passwords when there is evidence of compromise (such as this).
For corporate customers waking up to the fact that their users corporate account passwords are likely plastered across the internet, password which would allow anyone to gain full access to their users accounts and the data and resources available to those users, the use of Azure AD Identity Protection can ensure that your corporate account credentials are monitored, so that if/when passwords are leaked or found online from third parties, the user is notified and can be automatically prompted to change their password.
Implementing MFA and Azure AD Conditional Access will prevent external parties from making use of those credentials to access protected services.
Additionally, correctly configuring your email domains with correct DMARC (SPF, DKIM) settings will reduce the receipt and spread of such messages, severely limiting the ability for them to be sent and received by your, and other organisations.
Deploying Office 365 ATP, correctly configured, will eliminate the receipt of these messages to concerned users.
More information and help
If you would like to speak to one of our consultants simply complete the form below.
Please also be aware that we run regular workshops and webinars providing the latest updates and expert advice about Microsoft 365, Cloud and Hybrid IT, security, compliance and partner tools. We also post regular blogs so please do follow us.