Cyber Blackmail – Do’s and Don’t’s

Morgan Wright, Chief Security Advisor at SentinelOne, discusses with Security MEA about cyber blackmailing and steps to be taken to mitigate the risk of becoming a victim of cyber blackmail.

What is cyber blackmailing and how does it work?

Cyber blackmailing plays upon the fears of people, and exploits their lack of technical expertise, to obtain money, photos, or instill fear. Many times, contact is initially made from a public post, and the victim is gradually ‘groomed’ into providing more personal information, or pictures. This process could take a few days to a few weeks. The goal of the blackmailer is to get the intended victim to become less and less apprehensive about their activity. Once the compromising material is obtained, then demands more explicit photos or money is generally made. The threat being that if the victim does not comply, the embarrassing information will be made public. Generally, men are targeted with this scheme more often than women.

Which age group is particularly targeted more?

It crosses many age ranges, but men seem to be targeted more than women.

Do the victims and the perpetrators of cyber blackmail fit into any specific profiling?

The victims may be people who are looking for attention and are receptive to compliments about their appearances. The criminals don’t really care about their looks – they only care about exploitation. Older people tend to be lonelier and can be more easily exploited.

What are the various methods used for cyber blackmailing?

It can involve compromising a victim’s personal email account or obtaining access to their storage account where personal photos and information are kept. This could start off as a phishing email, purporting to be something of interest to the victim, and getting them to click a link. This leads to hijacking the account and downloading personal data.

Another method is to just scan social media, looking for potential targets and starting up non-threatening conversations with them. Once someone is found to be receptive, the conversation gradually moves into active exploitation.

 What are the provisions as per the laws in the UAE that we should be aware of that addresses the issue of cyber blackmail?

Under UAE law, cybercrime is punished by a minimum of two years in jail and/or fines that range between Dh250,000 and 500,000. Since confidentiality is of utmost importance, victims can use a smartphone app – “inform the prosecution” – and notify authorities.

How should one respond to cyber blackmail?

Report it immediately. Many victims will be reluctant because of societal norms, or religious views, and decide to live with the shame and the blackmail. The criminal is counting on this. If you compromise once with blackmailers, they can count on you compromising twice. Stop the cycle by reporting any cyber blackmail right away.

Basic do’s and dont’s to be followed to ensure we don’t become victims of cyber blackmail.

• Be cautious what you post on social media. This is how criminals begin targeting their next victim. Be very careful of unsolicited direct messages.

• Always protect your stored information by encrypting it, using strong passwords, and multi-factor authentication (like Authy, Google Authenticator, Microsoft Authenticator, etc.).

• Don’t click on links in unsolicited emails (phishing emails).

• Never share personal details or information with persons you know only from online. You have no way of knowing who they really are.

• Keep your software on all devices up-to-date and always apply the latest security patches.

• Utilize the privacy features of your devices and apps. Keep the exposure of personally identifiable information to an absolute minimum.