Dealing with the aftermath of a security breach can be hard, but what if someone has lied about a breach? That’s exactly where the term “breachstortion” fits in. This post is about breachstortion attacks and things that businesses need to know.
The basic definition
Simply put, breachstortion attack typically includes email, which states the company website or network has been breached, and data has been copied or moved. The sender basically claims to have managed to hack the network/website and asks for a ransom, or else, the data will be published publicly. In most cases of breachstortion attacks, there is no clear evidence that a breach has occurred, or the hacker has done anything. Small businesses often fall victims to such emails, because they are soft targets and don’t pay enough attention to cybersecurity. The send of breachstortion email will ask for a ransom, which typically again isn’t huge. Bitcoins and cryptocurrencies are common options that hackers prefer for payment.
Should your business panic about a breachstortion email?
No. Hackers rely on breachstortion to cause panic and make the most of fear. Even with no evidence of a breach, a company may end up paying the hacker, because they didn’t do enough early on to prevent cybersecurity issues. If the breachstortion email is real, the hacker will publish a part of the data online, as a proof of the hack. In other words, this is a clear scam.
What to do next?
- First and foremost, let the cybersecurity team know that such an email has been received.
- Ensure that your employees know of breachstortion emails, so that they don’t become victims.
- Always read about news and updates on phishing and breachstortion scams. You need to know how hackers have been targeting businesses.
- Often malicious emails and links are sent in form of breachstortion attack. Make sure that you check every domain for authenticity, and more importantly, be careful of shortened URLs.
- Don’t be forced to pay. You should NOT pay for such an email – Period. There is no guarantee that the hacker wouldn’t make the details public, even if they have the data they claim.
Finally, stay alert. Knowing about different security concerns like phishing and breachstortion and ensuring that your teams and employees are aware and educated about these scams are key steps in ensuring cybersecurity. Also, such emails and scams must be reported, via the standard means and protocols.