Category Archives: blog

FALLING PREY TO SEXTORTION

FALLING PREY TO SEXTORTION

When it comes to the world of online scams, sextortion is one of the most common ones and a threat that’s not going away anytime soon.

WHAT IS SEXTORTION?

It’s a form of blackmail in which a cybercriminal or a former friend or romantic partner tries to extract favours or financial gain from a victim.

Ever since the web became a daily destination for a majority of people, there have been cases of sextortion through the use of webcams, the threat of intimate pictures leaking and hundreds and thousands of victims.

Even though most people exercise caution in sending potentially compromising pictures and videos, sometimes even the best of us could be exposed to sextortion. A recent study of 1,631 victims of sextortion revealed how every online user is, at one point or the other, potentially liable to become a sextortion victim.

 This is a typical email that is being circulated around…

Let’s get straight to the point. I do know [redacted] is your password. More importantly, I know about your secret and I have evidence of it. You do not know me and no one hired me to investigate you.

It’s just your misfortune that I stumbled across your misdemeanor. Actually, I actually setup a malware on the adult videos (sex sites) and you visited this web site to experience fun (you know what I mean).  While you were busy watching videos, your browser initiated functioning as a Rdp (Remote desktop) with a keylogger which provided me with access to your display as well as cam. Right after that, my software gathered your entire contacts from fb, and email.

Next, I gave in more hours than I should’ve exploring into your life and created a two screen video. First part shows the video you had been watching and second part shows the capture of your web cam (its you doing nasty things).

Frankly, I am ready to forget exactly about you and allow you to continue with your life. And I am going to offer you two options that will accomplish that. Those two choices either to ignore this letter, or simply pay me $2900. Let’s explore above two options in more details.

Option 1 is to ignore this email. Let’s see what is going to happen if you pick this path. I will definitely send your video recording to your entire contacts including close relatives, coworkers, and so on. It does not shield you from the humiliation your self will feel when relatives and buddies learn your dirty videos from me.

Second Option is to make the payment of $2900. We will name it my “confidentiality tip”. Now let me tell you what happens if you choose this path. Your secret remains your secret. I will destroy the video immediately. You continue on with your daily life like nothing like this ever occurred.

At this point you must be thinking, “Let me call cops”. Let me tell you, I have taken steps in order that this e-mail can’t be linked returning to me plus it will not stop the evidence from destroying your daily life. I am not seeking to steal all your savings. I am just looking to be compensated for my efforts I place into investigating you. Let’s assume you decide to make all this disappear completely and pay me my confidentiality fee. You will make the payment through Bitcoin (if you don’t know this, type “how to buy bitcoins” on google)

Required Amount: $2900
Bitcoin Address to Send to: [redacted]
(It is case sensitive, so copy and paste it)

Tell no person what will you use the Bitcoins for or they will often not give it to you. The task to have bitcoin may take a couple of days so do not wait. I have a special pixel in this e-mail, and now I know that you have read this e mail. You now have 2 days in order to make the payment. If I don’t receive the BitCoins, I will definitely send out your video recording to all of your contacts including members of your family, co-workers, and so forth. You better come up with an excuse for friends and family before they find out. Nonetheless, if I do get paid, I will destroy the video immediately. It is a non negotiable offer, thus please don’t waste my time & yours. Your time is running out.

This type of sextortion scam demanding payment in bitcoin is so widespread, it’s unbelievable. Just hours after Reddit officially announced they had a breach, due to the fact that employees relied on SMS-based two-factor authentication, plenty of users found threatening emails in their inbox. Why? The Reddit data breach exposed quite a few old usernames and passwords. Cybercriminals took those passwords to provide some “legitimacy” to their common online scam. Even one of Reddit’s employees received the sextortion message, pointing out the ways cybercriminals try to monetize stolen email databases.

As long as people will continue to have digital lives, sextortion will, in one way or another, remain one of the most common types of online scams. Whether it will come from a known person, after a phishing attack or as part of a spray-and-pray email scam campaign, there’s no question about it, it will happen time and time again.

SENDER POLICY FRAMEWORK (SPF)

SENDER POLICY FRAMEWORK (SPF)

This blog refers to Mailprotector Email system

Spoofing and phishing email activity observed over the past few months and feedback from Mailprotector’s partners has led to modifying the enforcement of SPF (Sender Policy Framework) records for incoming emails.SPF indicates what sources are authorized to send emails for a domain.

Major email services are also enforcing SPF to improve email security, increasing the importance of managing SPF records for consistent and predictable email delivery.

Email security continues to change, and the efforts to stop spam, phishing and other abuses require improvements to mail flow processing. SPF is widely used and is a starting point for determining email authenticity. Future improvements and support for DKIM and DMARC will require sound SPF implementation and management.

What’s Changed?

Mailprotector is following the SPF specification more closely, as defined by RFC 7208, protecting against SPF failures from being delivered to end-users. An SPF record indicates whether to treat failure as a “hard fail” or “soft fail.”

The SPF RFC recommends bouncing messages for hard failures and filtering messages for soft failures. Mailprotector’s belief that all email should be processed and logged for visibility means the enforcement is slightly different.

Hard failures are considered spam and are sent to the user’s quarantine. Soft failures receive a score increase, but may not be high enough to filter the message on its own.

End-user Experience Changes

The end-users may not observe an apparent change. Emails that have been delivered in the past may not be delivered if the SPF record is not correct. For example, a multi-function device that sends emails of scanned documents may be quarantined if the IP or hostname of the device is not included in the domain’s SPF record.

HOW SSL’S WORK

HOW SSL’S WORK

Secure Sockets Layer (SSL) certificates are used to encrypt the information travelling to and from the hosting server. This is instead of sending that data by plain text – which could be intercepted. It can be used for websites and email systems.

A very simple explanation of how SSL works would be:

  • A browser tries to connect to a website
  • The browser first contacts a DNS server to find where the site is hosted, then contacts that web server
  • If the website is secured by SSL, the web server sends a copy of the website’s SSL certificate to the browser
  • The browser checks to see whether the certificate is genuine with the issuer of the certificate. It needs to be a trusted certificate authority, such as Geotrust
  • If it checks out OK, the browser sends a message to the web server and exchanges the necessary encryption information: a key and hashing cypher – basically a code!
  • Encrypted data is shared between the browser and the web server

WHY YOU NEED AN SSL CERTIFICATE

Having an SSL certificate – giving your website URLs beginning with ‘https’ – is no longer a luxury. It’s a necessity.

If you run a site where a user has to enter information – such as a store – not having an SSL certificate could harm your business. Users are less likely to trust a non -‘https’ website. Google has been encouraging web designers to implement ‘https everywhere’ since 2014, and sites without SSL’s are being marked with security warnings.


Freelance Computers offer a very cost-effective way to have an SSL Certificate installed onto a website, please contact us for more information and prices on this service.

JULY 23RD – CHROME WILL START FLAGGING HTTP SITES AS ‘NOT SECURE’

JULY 23RD – CHROME WILL START FLAGGING HTTP SITES AS ‘NOT SECURE’

Back in February, the per cent of sites loaded over HTTPS clocked in at 69.7%. Just one year prior to that only 52.5% of sites were loaded using SSL/TLS, the encryption protocol behind HTTPS…so tremendous progress has been made.

Unfortunately, quite a few popular sites on the web still don’t support HTTPS (or fail to redirect insecure requests) and will soon be flagged by Google.

If you were to ask the operators of sites why they don’t protect themselves and their visitors with HTTPS, the responses you would generally get could be put into the following three groups: “I don’t need it”, “it’s difficult to do”, or “it’s slow”.

None of these are legitimate answers, but they’re common misconceptions as we will explain…

“HTTPS IS DIFFICULT TO DEPLOY”

This was true.. in the mid-1990s…all that has changed and thankfully, we’ve come a long way since then. Today, you can protect your site with HTTPS in a matter of seconds.

“I DONT NEED HTTPS”

This argument is the most puzzling, especially when spouted by people who should know better…surely you care about the safety and privacy of those visiting your site.

Without HTTPS, anyone in the path between your visitor’s browser and your site or API can snoop on (or modify) your content without your consent. This includes governments, employers, and even especially internet service providers.

If you care about your users receiving your website content unmodified and being safe from maliciously injected advertisements or malware, you must use HTTPS.

Besides safety, there are additional benefits such as SEO and access to new web features: increasingly, the major browser vendors such as Apple, Google, Mozilla, and Microsoft, are restricting functionality to only work over HTTPS. As for mobile apps, Google will soon block unencrypted connections by default, in their upcoming version of Android. Apple also announced (and will soon hopefully follow through on their requirement) that apps must use HTTPS.

“HTTPS IS SLOW”

Lastly, the other common myth about HTTPS is that it’s “slow”. This belief is a holdover from an era when SSL/TLS could actually have a negative performance impact on a site, but that’s no longer the case today. In fact, HTTPS is required to enable and enjoy the performance benefits of HTTP/2.

Detractors typically think HTTPS is slow for two primary reasons: i) it takes marginally more CPU power to encrypt and decrypt data; and ii) establishing a TLS session takes two network round trips between the browser and the server.

Even with decade old hardware, SSL/TLS adds less than 1% of CPU load. Today’s processors also come with instruction sets such as AES-NI, that help performance. Further, session resumption technologies reduce the TLS 1.2 overhead and TLS 1.3 aims to eliminate these round-trips entirely.

When HTTPS content is served from the edge, SSL/TLS enabled sites are incredibly fast and performant. And even when they are not served from an edge provider it bears repeating that SSL/TLS is not a performance burden! There’s really no excuse not to use it.


Freelance Computers offer a very cost-effective way to have an SSL Certificate installed onto a website, please contact us for more information and prices on this service.

HTTPS – WHY YOU NEED TO MAKE THE SWITCH

HTTPS – WHY YOU NEED TO MAKE THE SWITCH

If your website has a contact from then you must have an SSL certificate installed to make steps towards GDPR compliance.

Without HTTPS, data from a contact form will be sent unencrypted, and can therefore be intercepted by a 3rd party in transit.

What is SSL?

Secure Socket Layer – SSL – is a technology used to encrypt data that travels between a website and a user’s computer. You are probably already quite familiar with SSL technology – you just may not have realised how prevalent (and useful) it is. SSL encryption is typically used to encrypt sensitive personal information, like credit card details at the checkout of an online store., but now it is required for ANY contact form on ANY website in order to comply with GDPR.

By using SSL, details are encrypted so that in the event of cybercriminals intercepting those details, they will be unable to read or use that information.

BENEFITS OF HTTPS

GDPR Compliance

If your website has an SSL certificate, you’re making steps towards GDPR compliance.

Increased Security

HTTPS protects your customers’ personal and financial information from falling into the hands of a third party. So-called “man-in-the-middle attacks” refer to when information is intercepted by a third party when it is sent between the user and the website. While HTTP websites can fall victim to these attacks, HTTPS websites cannot.

Mobile Usage

Due to Google’s mobile index, it is likely that switching to HTTPS will have a larger effect on mobile browsing than on desktop. When Google converts web pages to AMP, it requires them to be secure. This means that only using HTTP could have a severely detrimental effect on your place in the mobile rankings.

Browse Faster

When HTTPS is enabled, your website’s users are likely to experience slightly faster browsing speeds as well as added security. A faster website is a definite bonus when trying to drive traffic towards your website.


Freelance Computers now offer a very cost-effective way to have an SSL Certificate installed onto a website, please contact us for more information and prices on this service.