By: Jada Ackerman
Just a Small Town Girl – Living in a Cyber World
As a born-and-raised small-town girl, security has always been something I think I have taken for granted. Even being married to a law enforcement professional didn’t sway me from leaving my house unlocked, my keys in the ignition of my car, and taking walks by myself late at night. It’s not that I disregard safety measures, I just didn’t feel…for lack of better words, touchable.
Despite numerous training sessions at work, the fear of being a target of a cyberattack never really set in. I felt educated, confident, and protected. Again – untouchable. Until it almost happened.
A Malicious Email Journey
In the United States, there is an email scam circulating that is leaving its targets feeling vulnerable, exposed, and violated. Even though components of the email may be true, the likelihood of the attached threats being ‘real’ is minimal. Having said that, the emotions attached to this threat are very, VERY real.
Here is a brief synopsis of what happened to me. I am sharing this story because it could happen to you, too. And if I had followed my original instincts, I could have gotten myself into a much worse situation.
One quiet evening I’m sitting on my patio after work listening to music and catching up on all the social media gossip I had missed during the workday. After I was done scrolling, I ventured over to see if any new emails had been delivered to my Gmail account - when one instantly caught my attention.
There was an email with some very personal information in the subject line. This included my name, physical address, and cell phone number. In the body of the email was a picture of my neighbor’s work truck taken from the outside of my house, with the caption, ‘Nice location’. To say it caught my attention is a bit of an understatement.
The email stated they had loaded Pegasus (a very real and terrifying spyware that is nearly impossible to detect) on my phone through a malicious website I had visited. The sender claimed to have taken control of my phone’s camera and microphone, thus gaining access to my personal data. He said he had been ‘watching’ me for months and had pictures and videos of me in compromising positions (such as in the bathroom, preparing for a shower, etc.) and was threatening to send those images and videos to everyone in my address book. He even complimented me on the nice layout in my room.
I’m sure you can imagine the instant FEAR I felt at the mere thought of that!
Near the end of this email, he extended me an opportunity to delete all those images. I just needed to follow his attached QR code and pay a small fee of $200 within 24 hours. Additionally, he warned me that should I share this email with anyone, he would know and forward everything immediately.
If you are like me, the thought of having sensitive pictures shared with family members, friends, and colleagues is not at the top of things you necessarily want shared with the world. So, yes, my first instinct was to pay the fee and be free from the threat.
Luckily, the teams I work with at Blue Valley Technologies and Networks Plus, have trained me to think before clicking. Which is exactly what I did. I sat my phone down. I took a deep breath. (Actually, I took several deep breaths!) I finally picked my phone back up and began to reevaluate the words, line-by-line.
To help you avoid falling prey to this scam, should it ever land in your inbox, I want to share with you how I dissected this email and drew the conclusion it was not true.
Urgency
Bad actors often use a sense of urgency to prohibit you from taking a step back and fully thinking about the reality of the issue at hand. Fear removes your ability to be rational and dictates an instinct to simply pay the fee.
Images shared
Personal information – if this threat isn’t real, how did they get my cell phone number, address, and email?
It’s important to remember these bad actors prey on our emotions. Even with all the cybersecurity training in the world, the human factor will still come into play. Knowing the facts and looking at the situation from a rational point of view may prevent you from the ‘knee jerk’ reaction to pay the fee. Let’s be real though… the nagging in the back of your mind will likely linger. It certainly is for me! It’s all those ‘what if’ questions. What if they DO have pictures of me? What if they DO send images and videos to everyone I know? What if I could have prevented this?
Taking the necessary steps to protect yourself IS important.
Avoid visiting questionable sites. (I try hard not to, but I’ll be real - I am an avid clicker of target marketing ads. I mean, who doesn’t want to look 10 years younger?!?)
Avoid sharing too much information online (Guilty as charged. Most of my social media is public. Scratch that. WAS public.)
Avoid friending people you don’t know on social media.
Avoid clicking links from unreliable sources.
Even with the best of intentions, vulnerabilities still exist. Arm yourself with the knowledge that threats are lurking in every corner of the world wide web. People are looking to get rich quickly by stealing your hard-earned money and will quite literally tell you whatever they want to get you to hand it over. None of us are untouchable. Lock those doors on your home and lock up your data online!
I know I will undoubtedly be much more diligent in my cybersecurity habits from this point moving forward. This email has haunted my dreams more than Freddy Krueger ever did!
If you would like to learn more about cybersecurity and how to protect yourself, please reach out to us at 877-876-1228 or email us at csr@bluevalleyinc.net.