Facet Technologies Logo

(309) 689-3900

Call our office!

3024 W. Lake Ave., Suite 1

Peoria, IL 61615

8:00AM - 5:00PM

Monday – Friday

Blackmail Phishing Scams: 4 Steps to Take if You Receive an Extortion Email

Fear, Lies, and Greed: Blackmail Phishing Scams Play on Embarrassment for Huge Payouts

Why am I getting this email? I didn’t do anything wrong!

A friend of mine recently sent me a screenshot of an email via text. The subject line was a random string of characters, from a sender with a domain ending in “.com.us.”

The sender introduced himself and said he had identified a password she used on the web (the characters in the subject line), and proceeded to threaten “exposing” recordings, photos, and media of illegal acts that she had supposedly committed. Her text followed, “I know this is a scam but how did they get my password?? I use this password everywhere!”

Blackmail scams have become ubiquitous as more passwords are involved in large-scale data breaches and phishing tactics improve. Scammers use lists of breached passwords to frighten and coerce victims into paying large “hush” sums. In typical form, the scammer demanded that she send .1 bitcoin (at the time, around $4,000 USD) to their BTC address or risk “sensitive information being sent to [her] friends and family.”

These emails play on shock value and manufactured feelings of guilt and shame. Often, the emails claim to have a compromising video of you that they threaten to send to your contacts. Sometimes, they claim to have caught you in an illegal act. Sure, you may know they have no such video, but your password in the subject line is enough to raise your blood pressure, and cyber criminals know it!

How do you tell if an extortion email is a phishing scam?

The vast majority of extortion emails are phishing attempts. The scammers don’t have a video of you, and they just got your password from a leaked list that is publicly available on the dark web.

Most extortion emails include one or more of the following elements:

1. Your password (current or past) in the subject line or first sentence of the email.

2. An opening such as, “I know everything about you,” and generally an assertion such as “I now have total control over your computer and webcam, and I’ve seen everything.”

3. An accusation of an embarrassing act caught on camera or photographed, generally explicit in nature.

4. A threat to send the media to friends and family in your contacts.

5. A demand for money, generally in the form of Bitcoin or Ethereum.

6. A sense of urgency, such as a deadline by which you must send the money in order to “delete” the content.

In fact, most of these emails follow the exact same template and formula—a quick Google search will show you some examples.

What should you do when you get a blackmail or extortion email?

So, what should you do when you get an extortion email like this? Stay calm and take the following measures to ensure your privacy and safety. Remember, these emails are becoming more widespread because they are highly effective. High-pressure tactics and embarrassment lead victims to send large amounts of money to prevent the dissemination of videos and photos that never existed at all.

1. Stay calm and assess the situation rationally.

When you receive an email that gets your heartrate up, the first step is to take some deep breaths and stay calm. Remember that you didn’t do anything wrong, and emails like these are sent out by the thousands every day.

2. Do not send money or cryptocurrency to anyone.

Never send money or cryptocurrency to scammers. It will not ensure your privacy nor will it prevent them from contacting you again. Rather, it will embolden them to ask for more money as they know they have you on the line.

3. Change your passwords.

Some blackmail emails use a password that was published during a data breach as the subject line. If you still use this password anywhere, change it immediately, on every site on which you’ve used it. Some password managers will flag sites on which you have used a password involved in a breach, which can be helpful. Use a different password for different sites–it may seem inconvenient, but it’s worth it! If you would like additional peace of mind, Facet offers dark web scans and monitoring which can be used to identify vulnerable passwords.

4. If you have any questions, contact a professional.

We are here to help if you ever receive an extortion or blackmail email. While most scammers are offshore and cannot be prosecuted in the US, we can help you take steps to avoid receiving those emails in the future, such as email filtering services and other cybersecurity safeguards.

You never have to feel uncomfortable about calling us—you can always ask to speak to a specific technician or employee who you trust. We are committed to your privacy and confidentiality.

Email filtration is one step to greater security. At Facet, we advocate the use of a layered security policy at every company. Even if a particularly good phishing or ransomware email makes it through the filter, other services can prevent data breaches and other disasters. The best security builds a fortress around your company and your data.

An important note:

This advice comes with a caveat: if you have reason to believe that you have received an actual blackmail attempt via email, you need to contact the police. Webcam monitoring malware exists, so I don’t want to downplay the possibility, but it is exceedingly rare for “average” people to be targeted and there’s not exactly a pulse on how often that happens. Again, a good cybersecurity protection plan and policies can help prevent such things. Some people cover their webcam with a small piece of tape for peace of mind, and many laptops now come with a physical shield that can be pulled over the camera.

If you have any questions or would like more information on spotting and avoiding blackmail or extortion emails, feel free to give us a call at (309) 689-3900 or fill out our contact form. We have many educational resources available to companies to help train their employees to identify phishing scams and common psychological tactics used in phishing.

Ransomware on the Rise: Five Steps to Improved Email Security

How far would you go to protect your company’s data? How about your customers’ data?

Every day, business owners are confronted with this exact question when they become victims of ransomware schemes. According to an industry report by Coveware, the average ransomware payout in the third quarter of 2020 was $233,817 (source). Some are much cheaper, even as low as $60,000, but cyber criminals are smart enough to tailor their ransom amount to the size of the company and how much they think you’ll be able to fork over quickly.

You may choose to negotiate the amount. This is expected—often the total payout can be negotiated down by as much as 20%, but after that point, you’re at the mercy of your captors. If you choose to pay the ransom, you may get your data back, but there is no guarantee (honor among thieves and all that). Studies show that about 60% of people who pay the ransom get all or most of their data back. Others get only a small amount, and some never see it again. Scary! Plus, companies that pay large ransoms encourage hackers to continue to pursue payouts with ransomware. They’re only in the business because it remains profitable for them.

That’s why I have backups, you may be thinking. It’s true; backups can save you from lost data and prevent downtime. Recently, however, the bad actors have upped the stakes for compromised companies: if you don’t pay, they’ll post your data and your clients’ data to dark web marketplaces for sale. As with getting your data back, there is no guarantee that paying the ransom will prevent this in 100% of cases. Some criminal syndicates that run ransomware schemes will immediately post a small amount of data on “bragging rights” websites, anyway. Trust me, you can’t win here.

How to Prevent Email Ransomware Attacks

The best method proven to prevent email-based ransomware attacks is a solid defense strategy. You can often intercept an email ransomware attack at a couple points in the process: you can prevent the email from reaching your inbox, or you can prevent the software from being downloaded.

Spam Filtering

Prevent ransomware emails from reaching your inbox with the help of an email filtering solution. Many emails with ransomware attached are designed to look like they came from an internal source. A good email filter can catch many of these emails before they ever hit your inbox, quarantining them to prevent ransomware and other malware.

Your email may have a “built-in” spam filter, but these filters are not the most accurate when it comes to keeping harmful emails in quarantine. Email filters like those offered by Facet use artificial intelligence (AI) and other tools to successfully identify and block ransomware attempts, even when they come from legitimate-looking sources. These filters go several steps further to prevent access to your system than traditional spam filtering included with email.

Employee Education and Training

I know you’ve been hearing a lot about employee education from us lately. It’s because it’s the single most effective way to prevent a ransomware attack on your system. Email filters work wonders, but no method prevents 100% of attacks. Your team must practice vigilance and awareness to properly avoid ransomware and loss of data.

Facet offers employee education in a few forms. In addition to resources for training that you can conduct yourself, we also offer phishing simulation services. Phishing simulations are a proven way to decrease your cybersecurity risk across your entire company.

Gone Phishing

Phishing simulations involve sending emails that mimic the characteristics of common phishing and ransomware emails. Instead of containing harmful software or truly stealing your credentials, however, the emails direct those who click on the “harmful” link or enter their password into the fake website to training videos and materials to better prepare them to identify future threats.

Check in with Your IT Provider

If you are already a Facet customer, consider a quick check-in to confirm that your security options and services are all up-to-date. Facet has recently hired a dedicated Security Analyst to assess current threats and industry trends, as well as a Customer Advocate to continue in our goal of better serving our customers. You can use the contact form below or call our main phone number to schedule an appointment and review your security options and recommendations.

Consider an In-Depth Audit of Your Security Practices

If you are looking for an even deeper dive, consider a Security Plus Audit. The Security Plus Audit is an intensive evaluation of your company’s cybersecurity stance, including dark web dives and more. This service is an invaluable way to gain insight into your position and get a roadmap to cybersecurity peace of mind.

Business After Hours at Facet: June 10, 2021

Business After Hours at Facet: June 10, 2021

Join us for Business After Hours with the Peoria Chamber of Commerce at Facet’s new headquarters!

Thursday, June 10th
4:30PM – 6:30PM
3024 W. Lake Ave.
Peoria, IL 61615

We will have raffle prizes including a Cards jersey, Tervis tumblers, and gift cards!

Food, soda, beer and wine will be provided. We will have an outdoor tent and cocktail area as well as tours offered through the new building.

Register ahead of the event on the Peoria Chamber of Commerce website here.

We can’t wait to see you! Feel free to reach out with any questions.

Employee Featured Recipe: Brad’s Snickerdoodle Cheesecake

This month’s recipe is courtesy of Network Technician Brad Strickler. He says this recipe is a favorite that is asked for often at family gatherings.

Snickerdoodle Cheesecake 

Ingredients: 
1 log sugar cookie dough 
3 Tablespoons cinnamon sugar 
3 9-oz. blocks cream cheese (softened) 
1 cup granulated sugar 
1/4 cup sour cream 
3 large eggs 
2 teaspoons vanilla extract 
1/4 teaspoon ground cinnamon 
pinch of salt 

Directions: 

1. Preheat oven to 350 degrees and grease an 8″ springform pan. 
2. In a large bowl, combine cookie dough annd cinnamon sugar, mix until evenly incorporated. Press half of the dough into the bottom of the springform pan (Leftover dough can be baked as cookies). 
3. In another large bowl, beat cream cheese until smooth. Add sugar and sour cream and beat until light and fluffy. Add the eggs one at a time, beating well between each addition. Stir in vanilla, cinnamon and salt. Pour batter over the cookie dough crust. 
4. Bake until slightly jiggly in the center, about 1 hour. Turn off the oven and open the door slightly and let the cheesecake cool for 1 hour. Then refrigerate until completely cooled, from 4 hours to overnight. 
5. Roll remaining dough into small balls then flatten slightly on a baking sheet. Bake until starting to turn golden around the edges, about 10 minutes. Let cool on a cooling rack.
6. Before serving, sprinkle top of cheesecake with extra cinnamon sugar. Garnish with snickerdoodle cookies (or snack on the cookies separately). 

Turn Your Team Into Your Greatest Security Defense

IT security experts will often tell you that employees are the greatest security vulnerability in any company. We warn of social engineering emails and phone calls, reused passwords, work emails used on personal accounts, and dozens of other behaviors that can put your business at risk for breaches and hacks.

According to a cybersecurity report by Kaspersky in 2019, 90% of data breaches occur due to human error. Other sources cite “employee negligence” as a top cause of data breach. Negligence is its own issue, but it’s important to take responsibility as an employer for proper training that could prevent a data breach.

Employee education can save your company millions of dollars. Consider employee education and training the cheapest form of IT security available to companies of any size. Be sure to also take into account the potential costs of data loss—how much would you lose in time and resources in the event of a breach?

Instead of thinking of employees as a liability, consider your team to be a great untapped asset for network security. These five easy behaviors can make a huge difference in your security!

1. Lock your computer when you step away:
We may trust our coworkers with our PC, but there are security risks involved when you leave your computer unattended and open. When you walk away from your computer, take a second to press Windows Key + L to lock your screen and protect any sensitive data.

2. Avoid flash drives, especially “found” flash drives:
Flash drives are useful, but they can easily be loaded with malicious programs or used to steal data. One of the oldest forms of social engineering involves dropping a flash drive in a parking lot and waiting for an employee to pick it up, thinking it simply a lost flash drive, and put it in a computer to see who it belongs to (or to snoop around). It can then install software on the employee’s computer, sometimes without the employee ever knowing. If it’s not your personal flash drive, avoid putting it in your computer.

3. Don’t let just anyone into your server area:
Be careful who you allow to get access to your server. Sometimes people will pose as IT providers to get physical access to your server. If you did not have a scheduled appointment and don’t recognize someone who says they’re from Facet, you can always call us to see if we sent someone out to your location.

4. Verify email senders before clicking links:
Always check the “from” field in any email you get before clicking on a link. Many scams involve fake links (and “from” addresses that are spoofed) to get your login information. If you get a password reset email or other account notice unexpectedly, go directly to the site in question via a browser rather than clicking the link in the email. These couple seconds can save you a lot of trouble!

5. Develop a healthy sense of skepticism:
The most important thing to teach your team is to treat most online and phone interactions with a healthy sense of skepticism. This means taking that extra few seconds to really think about something before pulling the trigger, and not letting a sense of urgency take over. For example, if you get an email with an offer, take a little extra time to verify that it’s a legitimate offer from a real, reputable company.

Employee training may take time, but the practice can save your business thousands in the long-term. For more information, or to request on-site employee training, contact Facet today. We offer a variety of training, including phishing email simulations, training videos, and printed materials.

Employee Feature Recipe: Tammy’s Snickers Caramel Apple Salad

This month’s recipe is from Facet’s Accounting Clerk, Tammy McBride! Tammy says this recipe is a favorite at parties and gatherings and is great if you love Snickers bars and apples.

Ingredients:

  • 6 small apples, cored and chopped (Tammy uses Granny Smith apples with the peels left on)
  • 6 (1.86-ounce) Snickers Bars, cut into bite-sized pieces
  • 1 (5.1-ounce) box instant vanilla pudding mix
  • 1/2 cup milk
  • 1 (12-ounce) container Cool Whip
  • 1 cup marshmallows, optional
  • 1/2 cup caramel sauce

Instructions:

  1. Whisk together pudding mix and milk in a large bowl. Fold in Cool Whip.
  2. Fold in apples, chopped Snickers, and marshmallows.
  3. Drizzle caramel sauce on top.
  4. Refrigerate until ready to serve.

Seven Factors that Affect the Lifespan of Your Computer

How long will a computer last? When do I need to replace my computer?

We get these questions often here at Facet, but it’s not easy to formulate an answer in most cases. There are no fixed rules here, as it often comes down to personal preference.

We can, however, offer some guidance on how to keep your current PC in good working condition. What can you do to extend the life of your computer? There are a few tricks that can help you extend the life of your PC, but it’s also important to understand that even under perfect circumstances, all computers will eventually need to be replaced.

Hardware Lifecycle

All hardware fails, and we can’t accurately predict the lifespan of any one component. Keep this in mind both when purchasing and planning for the retirement of a computer.

Hardware components fail on a bell curve. That is to say, when any one component is mass manufactured, some individual pieces will fail early on. Sometimes this will fall within the manufacturer’s warranty, but bear in mind that warranties are typically designed to end before any considerable number of failures occur (this is why “Black Friday special” PCs often have 3-month warranties attached—we see a lot of these PCs in March and April). Most will fail somewhere in the middle, and a few will outlast the rest and fail much later. There’s no great way to tell where, say, your laptop’s track pad or LCD falls on that bell curve. There are too many individual components in any given PC to control every variable.

Extend Your Computer’s Life with These Easy Changes

Some environmental factors do speed up the decay and subsequent failure of hardware components in your PC. A few such factors include:

  1. Leaving the PC on a charger 24/7: “trickle charging” (where the battery is charged a tiny bit each time it drops to 99%) can cause the battery to fail quicker. We recommend letting the battery drain partly before plugging it in to charge to extend battery life.
  2. How often you use the PC: most computers are designed for daily use, but, of course, parts like keyboards, trackpads, and charging ports decay faster with increased use. Most computers can sit unused without damage for a while, but it is smart to boot up a computer regularly to run updates and make sure it is in working order.
  3. Changes in temperature: computers are not designed to withstand extreme temperatures on either end of the spectrum. It’s always best to keep your computer in a climate-controlled environment, especially away from the summer heat (and take your laptop out of your car at night!).
  4. Using your laptop on your couch, bed, or lap: most laptops have vents in the bottom to keep the components from overheating. Blocking those vents with a blanket or other soft surface can keep them from doing their job and decrease the life of your computer. Try either a lap desk or tray table to save it.
  5. Allowing your computer to get dusty or dirty: even the cleanest houses have some dust in them, and laptop and desktop PC fans are magnets for these tiny particles. Over time, they cause the inner workings of your computer to run hotter, which makes them fail faster. Regularly use canned air to clean out your keyboard and fans (and try not to eat over your computer to prevent a “crumb coating” that makes keys sticky). Check out our blog post and tech tip on keeping your PC clean (opens in new tab).
  6. Replacing your old battery with a knock-off: there are a lot of cheap batteries for laptops out there, but it’s important to get an OE replacement when yours goes bad. Knockoff batteries have a higher failure rate, and if they expand, or, even worse, catch on fire, they can ruin your entire home as well as your laptop. Your best bet is to bring it to a local computer repair shop like Facet Technologies, where we will get the proper part numbers to get the right replacement.
  7. Being rough with your computer in general: this is one you probably already know, but it’s worth noting once more. Treat your computer gently. Don’t toss it or carry it in a bag without a proper sleeve, and don’t carry your laptop by the top panel (better yet, don’t carry it around open). Be gentle when plugging in USB devices and power ports. These small steps will help save you from expensive future repairs!

For computer repair in Peoria, IL, call Facet Technologies at (309) 689-3900. We offer full-service computer repair, virus removal, diagnostics, hardware upgrades, and more. We also offer custom-built desktop computers and Lenovo laptops to fit your needs.