Cyber extortion - the new sting?
By on July 28, 2010 3:21 PM
"This will cost you millions in lost revenues, trust and credibility not to mention the advertising you will be buying to counter mine."
Imagine receiving an email like that! A US financial services company recently did, from a disgruntled customer.
It went on, "By the way: Yes, I am crazy. Yes, I am vindictive. Yes, I am extremely upset."
The would-be cyber extortionist was demanding as much as $3 million or he would unleash a tidal wave of spam emails with an aim to ruin the reputation of the company he believed had wronged him.
Cyber extortion is a growing racket that is increasingly attractive to cranks and organized criminals alike. It comes in many forms, with cyber extortionists threatening reputational damage or promising to release stolen data and intellectual property.
Another favourite threat, sometimes followed by a taste of what's in store, is a costly "distributed denial of service" attack. And if your business relies heavily on the internet, and you have a big customer base, you're a juicy target.
A couple of years ago, just prior to the Super Bowl, a team of cyber extortionists targeted online casinos, threatening that the betting process would be interrupted before the game unless a significant payment was transferred via Western Union.
Why is cyber extortion a growth area? Because unlike kidnapping a person or running a protection racket, cyber extortion can be done remotely. Plus, it isn't easy to catch an extortionist in cyber space.
We hear about a lot of incidents anecdotally but no-one really knows the full extent of cyber extortion because cases don't always come into the public domain in order to spare corporate blushes.
It could be even more embarrassing to be the victim of an expensive extortion and then find out that insurance could have taken the sting out of it.
In fact, it is possible to buy very cost effective insurance that protects against the financial damage a cyber extortion attempt can wreak. That means coverage for the ransom payment, the professional negotiators and also any specialist PR advisors that have to be drafted in.
Cyber extortionists don't always get away with it. We heard about a teenage extortionist in Wales who gave his home address for the ransom payment.
I reckon the East European mafia gangs active in this area have a little more nous than that.
Leave a comment