Skip to main content

Real-Life Stories of Cyber Crime. Podcast 1: Online Extortion

Cyber criminals are smart – and getting smarter. As technology progresses and communication methods change, online scams are evolving. Online Extortion is one way criminals are getting to Canadian businesses.

Protecting your business from fraud and theft has always been a challenge – there have always been criminals looking for ways to steal money and information for their own gains. Even as security advances, so do scams, and online attacks have resulted in the loss of millions of dollars by Canadian businesses every year.

Online extortion is one branch of cyber fraud that can be particularly damaging to small and medium sized businesses as it often involves loss of client and operating data as well as the money many businesses pay to have it recovered.

One of the best ways to protect your business from online extortion is to be aware of the types of scams out there and understand how real businesses have been affected by incidents of ransomware, phishing and online blackmail.

In the first episode of our podcast series: Real-Life Cyber Crime Stories, RBC Director of Awareness and Education Denise Pratt sits down with Detective Alpha Chan from the Toronto Police Services Cyber Crime Unit.

Listen to the podcast for Detective Chan’s stories, warnings and tips that can help protect your business from online extortion scams.

Detective Chan underscores how falling victim to an online extortion scam can be overwhelming – it can cripple business operations and put customer and employee information at risk. He says the key to protecting your business is being prepared. Here are four ways to prepare your business, and minimize potential damage that can be caused by an online extortion scam.

1. Back Up Data

No matter the size of your business, you hold valuable information that cyber criminals are hoping to get a hold of such as employee records, customer data, and financial information. Should your business ever be the target of a ransomware attack – where a cyber criminal gets a hold of your data and encrypts it until you pay a ransom to retrieve it – having an off-site, off-line data back up can minimize the impact to your business.

“To have a protocol or a process to have continual backups that are not connected is key. We’ve had situations where businesses had backups, but they were connected [to the main system] so they were also encrypted. Encrypted backups are no good to anyone,” Detective Chan explains.

2. Educate Employees

Fraudsters play on people’s emotions and anxieties to infiltrate a company. Online extortion begins with intimidating or manipulating a person to get what they want. “People often get tricked into giving away information that is compromising to their personal lives as well as the business,” cautions Detective Chan.

Teaching your employees about cyber threats and the different ways criminals try to maneuver into a business can help to keep attacks from happening in the first place. Provide regular training about phishing scams, the latest social engineering tactics, and how posting on personal networks can affect an employee’s own security and that of the company. Detective Chan says that even reminding employees to simply think twice is helpful – “Before you post anything, look at the picture. Are you releasing any kind of information inadvertently?”

3. Never Pay Ransom

If you have been locked out of your computer systems, you may feel like you would do anything to get back in. After all, it may be next to impossible to operate your business without having access to your data. Cyber criminals know this and if they have stolen or taken over your digital assets, they are likely holding them ransom by demanding large sums of money to release your data back to you.

Detective Chan cautions to never pay ransom for data. “We’re just funding the problem if you are paying for it,” he reasons. “It breeds the notion that it is profitable to do this and [criminals] will continue doing it.” What’s more, there is no guarantee that you will get your data back once you pay the ransom.

4. Report Any Incidents

So if you shouldn’t pay the ransom to recover your information/data, what do you do? The best course of action is to report the incident to your IT team, financial institution and the authorities – the earlier you do so, the better.

“If you are a victim and you call or contact your respective technical partners and/or law enforcement early, the better your chance of recovery,” says Detective Chan.

By reporting incidents, law enforcement can investigate and ultimately shut down fraudsters. And when you notify your IT support and financial institution early in the process, there is a much better chance of recovering data and losses.

Download our Little Book of Big Scams to learn more about the common scams that are affecting Canadian businesses – and how you can protect your customers, your employees, and the future of your company.

March 16, 2020

Share

Twitter LinkedIn Email

Read This Next

The Cybersecurity Talent Gap: A More Diverse Workforce Is Needed for the Safety of Canadians

October 7, 2019

The cybersecurity landscape is growing at an exponential rate. To keep up with the pace of change, Canada needs a diverse and robust workforce of cybersecurity professionals.

Get Cyber Security Working for Your Small to Medium Business

October 7, 2019

Small businesses often think they don't have to worry about cybersecurity, but these companies are usually the easiest targets for cyber criminals.

Today Small And Medium Businesses Need Outsized Cybersecurity

October 1, 2019

Gone are the days when small businesses could fly below the radar of cyber criminals. Hacking small business is big business.