Privacy Perils: Email Extortion – WFH Edition

May 8, 2020
Firm Publication
Helpful Privacy Tips When Working from Home

Whether you know it or not, the password associated with your email address on at least one of your online accounts likely is available on the dark web for sale, possibly included in a “password dump.” Scams have surfaced periodically where the victim will receive an email from someone claiming to have photo or video evidence of the victim engaged in some type of embarrassing or inappropriate conduct. These scams have seen a resurgence now that WFH has increased the use of video conferencing (see our previous Privacy Peril on Background Awareness).

In the email, the fraudster will use the purchased password to convince the victim of the legitimacy of the hoax and demand a ransom, payable in bitcoin, or the incriminating evidence will be published. If a victim is contacted by one of such fraudsters, they should not pay. It is extremely unlikely the scammer has any such evidence; instead, he is simply playing off the victim’s fears, heightened by recent news reports of Zoom and other conferencing services security breaches.

This latest iteration of the extortion scam is a reminder not to use the same password across multiple sites, and to change passwords regularly, especially after a vendor breach.

And if you need any greater comfort, electrical (not Scotch®) tape over your laptop camera will do the trick.

Check out our series, Privacy Perils, to learn what steps you can take to guard your personal and company data. For more information about this topic and other cyber security concerns, please contact Bob Brewer, Tony McFarland, Elizabeth Warren or a member of our Privacy & Data Security team.