In a digital era, online extortion has only grown. In fact, Orange Cyberdefense found a 77% increase in online extortion in 2024. The crime is when a perpetrator gains access to sensitive information and demands a ransom. The bad actor may threaten to release the data, or in some cases, they encrypt the data and demand payment to decrypt it. When someone is extorting you, it can be devastating emotionally and mentally. However, there are steps you can take to protect yourself during an extortion attempt and ways you can prevent it.
Steps to Take if You Are Being Extorted Online
Being a victim of online extortion is a traumatic experience. It can bring on extreme amounts of stress and anxiety. Most notably, it can make victims feel helpless. However, you do have options. There are steps that you can take to combat online extortion and fight back against the perpetrator. Here are a few guidelines to consider if someone is extorting you.
- Do not pay. You should never pay an extortionist or comply with their demands. Doing so only communicates to the scammer that you are an easy target for extortion.
- Do not block. Blocking the extortionist on online platforms may feel like a logical next move. However, it can actually work against you. This can encourage the criminal to release the information being threatened in retaliation.
- Cease communications but maintain an open line. Extortion victims should cease all communication with the perpetrator. However, deleting and blocking conversations can prevent cybersecurity experts from tracing the digital trail left behind by the criminal.
- Preserve evidence. You will need evidence of the extortion in order to take legal action against the perpetrator or for law enforcement to perform an investigation. Make sure to take screenshots of conversations, save media files, and any other relevant information.
- Contact authorities. File a report with law enforcement about the extortion. They can provide advice on how to deal with the demands and may be able to launch an investigation to find the extortionist.
- Seek support. Extortion brings on many emotions at once, which can be overwhelming. It’s best to have someone to talk with during this time. This can be a trusted friend, family member, or professional counselor. Talking with someone will alleviate some of the weight from the incident.
Forms of Online Extortion
Cybercriminals use a variety of methods to gain access to sensitive data. They can gain unauthorized access to networks or impersonate a trusted colleague to lure the victim into sending private information. It’s important to understand the different forms of online extortion to be aware of tactics to watch out for.
Ransomware
Ransomware is a form of malware that is designed to access and encrypt unauthorized data. The data in question is typically valuable to the organization, and the malicious actor will demand payment in order to return access to the owner.
Distributed Denial of Service
A distributed denial of service (DDoS) attack is when a malicious actor overloads a server, service, or network with a flood of traffic, preventing regular internet users from accessing it. Cybercriminals can use DDoS attacks to disrupt the regular traffic to an organization or website. In some cases, criminals may use DDoS attacks to extort victims.
Phishing-Based Extortion
Phishing scams rely on deception to trick people into sharing sensitive information or even money. Perpetrators will impersonate friends, family, or co-workers in a workplace by creating fake accounts. Then, they send the target a message requesting sensitive information like a phone number or tax documents. In some cases, the scammer may request money in suspicious ways, like an urgent need to pay an invoice.
Another way scammers use phishing tactics is with malware-infested links. Scammers will disguise a phishing link in a regular message. While impersonating an employee or even a CEO, they encourage co-workers to click on the unsuspecting link. However, the link only deploys malware into the computer system and gives the scammer access to the company network. Once the criminal gains access to sensitive information, they can begin the online extortion.
Data Breach Extortion
A data breach is a security incident at an organization in which sensitive, confidential, or protected information was accessed by an unauthorized party. There are two main causes of data breaches: insider threats and network attacks. Insider threats are any employees that can potentially misuse their access to hurt the company, while network attacks are from an external party.
Data breaches may result in the loss of trade secrets, financial information, intellectual property, or customer data. However, in data breach extortions, the scammer will demand a ransom from the company, and in exchange, they will keep the stolen data private.
Social Engineering: The Art of Deception
Internet criminals aren’t always easy to identify. Sometimes they use sophisticated tactics to impersonate others or gain your trust. This is otherwise known as social engineering. Instead of using highly technical skills to hack into a network, scammers use social engineering to trick users into letting them in.
Hackers can also take over the account of an employee or trusted individuals to trick co-workers into sharing sensitive information. It’s important to keep your guard up in every interaction online. Be cautious of all links and take your time when reading or responding to messages.
How to Spot the Warning Signs of Online Extortion Early
In terms of today’s online scams, criminals are highly intelligent. They understand the buttons to press and how to gain trust quickly. However, scammers can reveal subtle red flags in their language or approach to messages. Here are the warning signs you should look out for when it comes to online extortion.
- Pressure to act quickly. Scammers are typically only interested in money and use urgency to encourage quick action.
- Demands for payment using difficult to trace methods. Cryptocurrency and gift cards are common forms of payment in scams. They are difficult to trace and simple transactions.
- Misspellings or strange structure. Many cybercriminals are non-native English speakers, which can result in misspellings or strange word choices.
- Request for more access. Sudden and suspicious requests for a change in permission controls are red flags. You should also be cautious of requests for access to certain information that they may not have had before.
- Messages with suspicious links. Scammers who use phishing links tend to insert the links in messages to their victims. You can preview any link by hovering over it to verify the destination.
How Digital Forensic Corp. Helps Victims of Online Extortion
At DFC, we have cybersecurity professionals that want to work with you. Our team of experts are well-versed in the tactics of online criminals and know how to put an end to your online extortion.
By using digital forensics and state of the art technology, we can trace the digital footprint of the perpetrator and unmask their identity. Once the anonymity of the perpetrator is revealed, we can also work to remove your sensitive information from their possession. On top of that, Digital Forensic Corp. can reinforce your security to minimize the chances of a data breach occurring again.
Preventing Online Extortion Starts Now
Educating yourself is the first line of defense, and the next should be strengthening your online security. Make sure your passwords are complex and unique for every account. You can also use anti-malware software to protect your devices from malicious code. Every online interaction should be approached with skepticism to prevent any unintentional security breaches.
Your Guide to Staying Safe During an Online Extortion
Whether you own a business or simply just have an online presence, we all need to be aware of threat actors and the tactics they use to penetrate our online defenses. Online extortion is an unfortunate reality in this day and age. The best way to protect yourself is by understanding how to deal with it in case you are ever a victim. However, if you want experts on your side during extortion, Digital Forensic Corp. has a team available 24/7 for support. Contact us today and start taking back control!
