Posts

ALERT: Threatening Emails are Spiking

ALERT

In the last 72 hours, our clients have reported an alarming increase in threatening emails. These emails contain enough personal information to legitimately trigger worry, fear, and in some cases, panic. 

This post covers three types of threatening messages and how to respond.

The Attacks

This type of attack is known as a “Exposure Threat” or “Fear of Exposure” attack. Attackers threaten to release embarrassing or sensitive information about you or your business. They may share bits of information or make claims that imply or confirm that they really do have some information. 

Here are three common forms of the threat:

1 “We Know Where You Live”

The email arrives in your inbox from what looks like a “legitimate” Gmail, Yahoo!, or other email service. The subject line contains your name or that of a family member. The message includes your full address and a valid phone number. In some cases, this threat may also include a picture of your home or office. 

Most often, this type of email does not include any explicit threat or demand.

The implication “we know where you live” is intended to instill fear. The goal is to make you more likely to respond and cooperate with future threats. 

2“We Know What You Did”

This form of attack claims to have documents, images, or video of you doing something embarrassing or illegal. The attacker will claim to have access to your email account, or all of your contacts, and will threaten to share the information if you fail to pay a ransom.

This is an explicit form of extortion.

The attackers are betting that the fear of exposure will cause you to pay the demand and prevent you from reporting the attack.

3“We Have Your Information”

This form of attack threatens to disclose sensitive information about you, your business, or your customers. The threat is the damage a data breach causes. This can include serious and costly legal, regulatory, or contractual issues. The attackers may share a sample that “proves” they have the information on hand.

This attack typically includes a specific threat and an extortion demand.

The preview information shared by the attackers may be from sensitive files, but it may also be available from other sources. This form of attack warrants some investigation.

How to Respond: Do NOT Panic!

First and foremost, do NOT panic. The success of these attacks is dependent upon your fear and your reaction. If you receive an email that is like one of these cases or similar, how you respond can make a difference.

No Specific Threat

  • If the email does not contain a specific threat or demand, your best response is to mark and report the email as spam. Doing so should direct future emails directly to your spam or junk folder.
  • You can take the extra step of reporting the message as abuse to the email server. Here are links to report email abuse for Gmail, Sky/Yahoo!, and Xfinity/Comcast.

With a Specific Threat

  • If the email contains a specific threat, you can and should report the message as spam/junk. We recommend your report this to your IT service provider. Your IT team should investigate the possible risks and take appropriate preventative and responsive measures.
  • Extortion is a crime. While many local law enforcement departments do not have the expertise to investigate cyber crimes, most state police organizations have cyber crime units. You can also report the attack directly to the Internet Crime Complaint Center (IC3). The IC3 will route your report to the FBI and other relevant agencies. Depending on the nature of the attack, the response may range from acknowledgement of the report to a full criminal investigation.
  • If the email includes a threat to show up at your home or business if you do not respond or comply. we strongly recommend reporting the threat to law enforcement.

Possible Data Breach

  • If the threat indicates that the attacker has, or can, access sensitive data, promptly take additional steps to protect yourself and your business.
  • If the attack references personal information, placing locks on your credit reports is always a good step. If the threat mentions (or indicates) a source, such as your bank or investment accounts, report the incident directly to that institution or business. Discuss protections they can put in place on your behalf.
  • If the attack references information from your business, promptly investigate the possible breach. This may involve scanning systems for malware and advanced threats, analyzing logs for unauthorized access, and verifying compliance with security measures. The level of your investigation should match the level of risk. Your IT service provider can help you assess the situation and determine the best course of action.

Your Next Steps

You can protect yourself and your business from these attacks, and other cyber attacks before they happen. Our Security CPR model provides a guide.

  • Communicate and Educate: Learn about, and help your team understand, the risks, nature, and impact of cyber attacks. Communicate the need for vigilance and how their behaviors can enable or prevent a successful attack.
  • Protect and Prevent: Put cybersecurity policies, procedures, systems, and services in place commensurate with your business’s risks, needs, priorities, and budget. This includes advanced threat protection for email and strong settings for your SPF, DKIM, and DMARC protocols in your DNS record. 
  • Respond and Recover: Ensure that you have systems, processes, and services in place to respond and recover should an attack be successful. Beyond restoring data and systems, have resources available to address the legal, regulatory, and customer service issues that often arise. Ideally, have solutions in place that allow you to keep your business running while you respond and recover.

For help assessing your current cybersecurity protections, please send an email or schedule time with one of our Cloud Advisors to discuss our cybersecurity assessments and solutions.

About the Author

Chris CaldwellChristopher Caldwell is the COO and a co-founder of Cumulus Global.  Chris is a successful Information Services executive with 40 years experience in information services operations, application development, management, and leadership. His expertise includes corporate information technology and service management; program and project management; strategic and project-specific business requirements analysis; system requirements analysis and specification; system, application, and database design; software engineering and development, data center management, network and systems administration, network and system security, and end-user technical support.

5 Security Threats SMBs Should Not Overlook: Malicious Web Sites

Security Puzzle
As more services move into the cloud, users bring their own apps to their work environment, and we see more integration and interconnect between systems, the nature security risks and threats are changing.  

This blog series looks at some of these threats, why the should be of concern to SMBs, and how SMBs can mitigate the risks.


Many small and mid-size business owners look past security threats in the belief that their businesses do not have trade secrets or other information coveted by hackers.  This view is naive.  Small businesses are ripe for attack because they often have personal, credit, or medical information about their customers and their employees.

Your business may at risk even if you are not a deliberate target. Hackers and thieves cast wide nets to capture personal information for identity theft. For identity theft, your business IT is no different than home computers.

Many businesses respond that they have security in place.  A well managed firewall, a big name malware suite that updates periodically, and spam/virus protection for their email service.

Unfortunately, users are 20 times more likely to suffer a malware attack from a corrupted web site or a phishing attempt then through the “traditional” means of email and file transfers. While traditional malware tools may catch these types of attacks, web-based malware often behaves more like acceptable code.  The recent outbreak of “crypto locker” malware, which encrypts your data and holds it for ransom, is an example of just how ineffective traditional malware prevention alone can be.

The overlooked solution to closing the web-enabled malware threat is known and simple: web filtering.  Web filters not only track sites known to be risky, insecure, or containing malware, they analyze web traffic and behavior in real-time, identifying sites that may be compromised, including those hacked without the site owner’s knowledge.

For most SMBs, adding web filtering to the ecosystem is an affordable increase in IT spending, typically less than $3.00 per employee per month.   Given that a single malware event can take 20 to 60 hours to mitigate at a cost of thousands of dollars, web filtering is a value-add component for most IT ecosystems.


Cumulus Global can assist in selecting a web filtering solution for your business.  Please contact us, or complete the form below, for more information.