A couple of weeks ago I woke up feeling I was on top of the world. Little did I know that my elation would be short-lived and that I was about to plunge into a 24-hour anxiety attack. Just as I sat down for breakfast, I opened up my emails. Saying that I had a mini heart attack after that would not be an overstatement.
Right on top of my inbox was a seemingly innocuous one sent by someone called Geoff Easton.
â€œI know xxxxxxxx is your password.â€
That simple phrase was enough to kill my appetite, because as it turns out, the password was one that I was using for a blogging website.
â€œI require your 100% attention for the coming 24 hrs, or I will make sure you that you live out of shame for the rest of your lifetime,â€ it continued.
I hate to admit it, but in retrospect the only shame I have is not noticing the obvious grammatical errors in the sentence and recognising it for what it was: a phishing scam (fraudulent activities aimed at gaining a personâ€™s data). However, the email was from what seemed like a proper address (especially considering it landed in my inbox and not spam) and the password was actually in use. It was the perfect recipe for entrapment and panic.
Geoff proceeded to warn me that he had access to a lot of my data and private life, along with videos recorded using spyware that activated my camera without my knowledgeâ€”all from the past 184 days. He concluded with the threat that unsavoury details of my life would be periodically released to random recipients chosen from my contact list (of which he claimed access to), unless $2000 in bitcoin was deposited.
By this time the colour was definitely drained from my face and a cold numbness was descending on me. I did what anyone would do: rang up my best friend. When someone threatens to release your secrets, reaching out to the one person who knows you inside out is a definite source of comfort. Thankfully, he had his wits about him and immediately reverse-searched the email address, identifying it as one thatâ€™s been reported to be embroiled in phishing scams. He then listed all the irregularities with the email text and rightfully pointed out that having that much data on someone would require a lot of storage space; in conclusion, that this was likely spam and I should chuckle and toss it in the junk.
My paranoid self was definitely not satisfied. Especially, and I reiterate, due to the password being real. I immediately proceeded to change all my passwords, reviewed all the saved ones and cleaned up my social media links to apps; I set up two-factor authentication everywhere and reported the incident to the email domain, along with filing a report with the Digital Rights Foundation (DRF). However, I didnâ€™t feel calmer until I did my own search and found out that this was just a newer form of a phishing scam thatâ€™s been in place for quite a few years. Shortly thereafter, the DRF reached out to me and assured me this was fake and I had already taken the necessary steps to protect myself. The only thing left was to delete the email and move on.
Further research showed that my password was uncovered as part of a security breach of a blogging website. My supposed blackmailer in fact had no idea what it was used for, but could only trace it back to the email associated with the blog. The threats were empty. (Although, it turns out many people did in fact click on the email links and get their actual data stolen).
Suffice it to say, I did wait with bated breath for the twenty-four hours to end. Once they did and my privacy and dignity was intact, I finally relaxed.
Ever since, Iâ€™ve been a lot more careful of the way I use the internet and how my data is protected; the ordeal was instructive for sure. Below you can find a list of ways to protect your identity, privacy and dignity while being part of the online world.
- Review passwords periodically: itâ€™s essential to do so; make stronger passwords and use a secure password storing service in case you donâ€™t want to type them every time. Or, write them down and keep them somewhere safe. Donâ€™t reuse passwords and donâ€™t be too obvious.
- Set up two-factor authentication: platforms and websites with sensitive information and email addresses should definitely have two-factor authentication. You can connect to a passcode on your phone, another email address, code generators or simply, secret questions.
- Cover up your camera: the biggest fear I had was wondering what had been recorded on my camera. Covering it up with a sticker or tape when not in use is old school, but effective.
- Install reputable virus/malware detectors: for your emails, itâ€™s generally enough to have your junk filter set up to high, but for your computer, do some research and install software to counter such attacks.
- Donâ€™t share info with others: this is a no-brainer.
- Report suspicious activity: always keep a check on suspicious activity logins (there are ways to set them up for various social media) and immediately report to relevant authorities. In case of cyberbullying, the DRF and the FIA are just some avenues you can approach.
- Double check privacy settings: do this for all current platforms you use, especially social media. Also ensure you review third-party app permissions associated with your social media.
- Secure websites and VPNS: always check if the website is secure. This is generally mentioned in the address bar of browsers. Itâ€™s also recommended not to open sensitive data on public wifi. If you must access it in public, use a VPN or set up your own hotspot.
- Be responsible: post online what you wonâ€™t fear coming out in a hack. Same goes for what you store in the cloud.
- Donâ€™t be fooled: I know this is easier said than done. When I received the email, I felt as if the ground beneath me had given way. But there are easy ways to check if youâ€™re being phished or not.
The above are just some guidelines; do your own research, be responsible and keep yourself safe. Iâ€™ll leave you with one of my favourite quotes about the digital age:
â€œYou haveÂ zeroÂ privacyÂ anyway.Â Get over it,â€ Scott McNealy