6 Lessons To Be Learned From Security Analysts About Zoom Fatigue

/0 Comments/in /by

Have you been feeling tired and anxious lately? Sitting too long in a chair, glued to a computer screen? Welcome to the stressful world of working from home. Unlike what we may have imagined when tied to the office all day, working from home didn’t turn out to be the utopian pleasure we’d dreamed of. Instead, many of us have found that having to juggle work and family and continue to be productive in a restricted workspace, cut off from our colleagues, is a real challenge. In addition, many have been feeling worn out due to the longer hours and more solitary nature of working from home and communicating with family, friends and peers via remote working software

This is because the same technology enabling remote work and video-conferencing (Zoom, Teams and the like) is stress-inducing. There’s even a name for this: Zoom fatigue, described as a feeling of exhaustion after a long day of video calls (By the way, this is not limited to Zoom and applies also to using Google Hangouts, Skype, FaceTime, or any other video-calling application or service). 

There are several factors that contribute to this feeling: poor audio quality, the need to maintain eye contact with our counterparts and the ease with which we lose focus during video calls. In addition, we need to ensure our environment is clean, organized and quiet (which is no small feat for people working from small apartments with roommates or young kids).

All these stress-factors combine to drain our mental resources far quicker in video meetings than in real-life meetings.  

There’s More Than Zoom To Drain Your Brain

But the actual strain of working from home isn’t limited to video conferencing. There’s also the constant bombardment of notifications from email, WhatsApp, Slack, Zoom and similar remote working software, alongside “domestic disturbances” (such as kids knocking on the door or yelling in the adjacent room). In short, there’s always noise, and never a dull moment. This erodes our ability to concentrate and respond quickly and accurately. And finally, many people find themselves working longer hours, on average, an additional two hours every day.

No wonder we feel overworked, on constant alert and just waiting for this period to pass.

Our New Normal Is An Analyst’s Regular Day

The state described above is not unlike the day-to-day experience of security analysts. Working tirelessly in a stressful environment, security analysts are overloaded and understaffed. They know all about a similar kind of stress-induced fatigue: alert fatigue. Alert fatigue (a term coined by medical professionals) is now widely associated with passive detection and response security technologies. It causes stress, reduces productivity and, over time, leads to the psychological effects of depression and apathy. Obviously, these can greatly affect an analyst’s ability to function properly and to remain in their position, which is one of the reasons that analysts suffer from significant burn and churn.

Employees Working From Home?
Learn How to Secure Your Enterprise

Watch Webinar

What Can Security Analysts Teach US About Dealing With Stress?

Analysts are not only required to function in this stressful environment, but their margin of error is far narrower than the average Work From Home employee. If an analyst misses an alert or responds in a sub-optimal manner, an organization could be breached. For most of us, the biggest risk in having an off-moment is likely to be no more serious than forgetting to join a scheduled call or someone seeing us in our pajamas. 

Given the high-stakes involved in their work, analysts have come up with ways to deal with the pressure that enables them to cope and continue to operate at an optimum level, day in and day out. Perhaps we can borrow some of these methods and apply these to our WFH routine as well?

1. Divide and Conquer Your Tasks

On average, a modern SOC encounters hundreds of thousands of alerts everyday. It is impossible for humans to handle such massive amounts of incoming data, so analysts focus on the most severe alerts, and let machines handle the rest. For each case an analyst handles, they may have only a few minutes to deal with it. Focusing on the task at hand and setting aside competing demands on their time is a prerequisite skill.

The lesson to be learned here is that WFH is different from ordinary work. Your environment is likely filled with distractions, disturbances, and competing demands on your time. When we’re in the office, we are typically ‘quarantined’ from our ordinary lives and other demands and worries until lunch time or after office hours. But our new WFH reality mixes and muddies our workspace with our home space, both physically and emotionally. In such a situation, you need to compartmentalize and prioritize just like a SOC analyst. Set aside this time for that, and that time for this, and so on. Within the times allocated, prioritize and focus on the tasks that are most essential.

2. Automate, Automate, Automate!

Whenever possible, alerts in a Security Operations Center are handled by an automated, predefined workflow. Given that the majority of security alerts are of low severity and mixed in with a number of false positives, this enables analysts to focus on the important stuff.  

The lesson to be learned here is, when possible, automate or delegate menial tasks. There are many automation mechanisms available that can eliminate repetitive tasks. If you find yourself repeatedly typing the same response to certain emails, or endlessly copying structured data from one place to another, look into software that can set up scripts and hotkeys to reduce the toil of such tasks. Doing mindless, repetitive things is what computers were built for. Remember: your mental reserves are in short supply in times such as these, and mundane activities can drain them quickly.

3. Workflows – Define and Stick to a Plan

When an incident occurs, an analyst follows a predefined procedure or workflow. SentinelOne’s Vigilance MDR team call this a playbook. Working from a playbook requires defining and categorising problems and then developing a procedure of steps to follow in advance depending on the circumstances. This reduces the need to think of an “attack plan” at the time of encounter, and it avoids endlessly “reinventing the wheel” for problems of a similar nature that you’ve dealt with before.

Try to have templates for everything that you can, from sales emails, to presentation and document templates. This is critical for having productive meetings, too. If the meeting has a well-defined agenda, many of the annoying aspects of video calls (like several people trying to speak at once) could be avoided.

4. Escalation – Pass It On, Move On

Analysts are divided into tiers. A lower-level analyst handles an alert up to a certain stage, and if he can’t resolve it he escalates it quickly to a higher-level analyst or his manager. There’s no shame or embarrassment involved in this; it is the normal protocol.

In a normal office environment, we are all used to holding on to problems and ensuring that we do everything possible to solve them. We all want to deliver and be seen as competent in our roles. But in the office we also have the support of people around us, of a familiar environment and trusted colleagues to bounce ideas off, tap for knowledge at the water cooler or point us to a case file buried in a locker somewhere. This invisible support is missing when we are working from home, and the temptation to hold on to a problem even though we may not have the resources to solve it is a hard habit to kick. 

Employees working from home and who are cut-off from their peers and managers should communicate often with their colleagues and escalate issues to their superiors when the need arises. It will speed up the group’s work and reduce stress.

5. Avoid the ‘Always On Call’ Mentality

It is essential to balance work and rest. Analysts work in shifts, often to provide “follow the sun” security coverage for their organization across the globe. But nobody can work at peak efficiency without proper rest and recuperation. When you’re against the clock and desperate to solve a problem, things only get worse when you don’t take a break. 

Break your day into sessions and eat proper meals. This helps reduce the stress and increase focus. Work hard, but when your work is done, disconnect.

6. Don’t Be a Slave to the Technology

Analysts have learned to make technology work for them. Gone are the days of ugly looking SIEM consoles where it was impossible to identify the acute alert. Modern management consoles are built to assist the analyst in responding quicker and more accurately. For instance, the SentinelOne console automatically groups hundreds of data points into correlated console alerts, showing unified alerts that provide a complete timeline of the incident. This reduces the amount of manual effort needed to investigate an alert.

Likewise, technology should assist those working from home. If the audio quality of your laptop is poor, buy a decent speaker or headphones. If the image quality is unclear, ensure your room is well lit and even invest in an external camera. And finally, use technology that’s appropriate for the task. You don’t have to use video conferencing for every communication, particularly when a phone call or email will do. For example, if a meeting only involves two or three people and does not include any visuals, why not leave the Zoom and simply make it a phone call? And if that’s not practical, you can always turn off the webcam and go audio only. You are guaranteed a much better, less stressful experience.

Summary

We are all experiencing a stressful period, faced with new challenges that have demanded that we adapt quickly. But since this transition was so rapid, it has resulted in stress and ensuing fatigue for many of us, particularly if we do not possess the right tools and processes to be productive in this environment.

This is a great opportunity to learn from the people who operate under similar circumstances and learn from their experience. It’s also a good opportunity to stop and appreciate the hard work these analysts perform every day in keeping us and our organizations safe.  

Like this article? Follow us on LinkedIn, Twitter, YouTube or Facebook to see the content we post.

Read more about Cyber Security

Box makes quick decision to add new collaboration capabilities in face of pandemic

/0 Comments/in /by

When the shutdown began six weeks ago, the powers that be at Box sat down for a meeting to discuss the situation. They weren’t in the same room of course. They were like everyone else, separated by the virus, but they saw this as a key moment for Box as a company.

They had been talking about digital transformation for years, trying to help customers get there with their cloud content management platform, and this was a pivotal moment with millions of employees working at home.

Box CEO Aaron Levie says the company’s executives had to decide if the change in work style they were seeing at that moment was going to be a temporary event or something that changed work forever.

After some debate, they concluded that it was going to change things for the long term, and that meant accelerating the product road map. “We made the bet six weeks ago that this was going to be a long-term change about how business works, and even if offices opened back up, we thought that companies were going to want to be resilient for this type of event in the future,” Levie explained.

From Box’s perspective, they saw this playing it in three crucial ways. Employees would need to be able to share files securely (their sweet spot). They would need to collaborate with folks inside and outside the organization. Finally, as you are working inside other cloud applications, what is the best way to interact with files stored in Box?

These are all scenarios that Levie has been talking about for years, and to some extent Box offered already, but they wanted to tighten everything up, while adding some new functionality. For starters, they are offering a cleaner interface to make it easier for users to interact with and share files.

They are also helping users organize those files with a new feature called Collections, which lets them group their files and folders in ways that make sense to them. This is organized on an individual basis, but Levie says they are already hearing requests to be able to publish collections inside the organization, something that could come down the road.

Next, they are adding an annotations capability that makes it easy to add comments either as a single editor or in a group discussion about a file. Think Google Docs collaboration tools, but for any document, allowing an individual or group to comment on a file remotely in real time, something many folks need to do right now.

Image Credit: Box

Finally, external partners and customers can share files in Box from a special landing page. Levie says that this is working in conjunction with Box Shield, and the malware detection capability announced last month to make sure these files are shared in a secure fashion.

“Companies are going to need to make sure that no matter what happens — in the fall, next year or 10 years from now — that they can be resilient to an event where people can’t transact physically, where you don’t have manual processes, where employees can go work from home instantaneously, and so that’s going to change dramatically how you adjust your company’s priorities from a technology standpoint,” Levie said.

These new features may not answer all of those huge strategic questions, but this is a case where Box saw an opening for the company to address this change in how people work more directly, and they sped up the roadmap to seize it.

These features will be rolling out starting today and over the next weeks.

Box adds automated malware detection to Box Shield security product

Zoom acquires Keybase to get end-to-end encryption expertise

/0 Comments/in /by

Zoom announced this morning that it has acquired Keybase, a startup with encryption expertise. It did not reveal the purchase price.

Keybase, which has been building encryption products for several years including secure file sharing and collaboration tools, should give Zoom some security credibility as it goes through pandemic demand growing pains.

The company has faced a number of security issues in the last couple of months as demand as soared and exposed some security weaknesses in the platform. As the company has moved to address these issues, having a team of encryption experts on staff should help the company build a more secure product.

In a blog post announcing the deal, CEO Eric Yuan said they acquired Keybase to give customers a higher level of security, something that’s increasingly important to enterprise customers as more operations are relying on the platform, working from home during the pandemic.

“This acquisition marks a key step for Zoom as we attempt to accomplish the creation of a truly private video communications platform that can scale to hundreds of millions of participants, while also having the flexibility to support Zoom’s wide variety of uses,” Yuan wrote.

He added that that tools will be available for all paying customers as soon as it is incorporated into the product. “Zoom will offer an end-to-end encrypted meeting mode to all paid accounts. Logged-in users will generate public cryptographic identities that are stored in a repository on Zoom’s network and can be used to establish trust relationships between meeting attendees,” he wrote.

Under the terms of the deal, the Keybase will become a subsidiary of Zoom and co-founder and Max Krohn will lead the Zoom security engineering team, reporting directly to Yuan to help build the security product. The other almost two dozen employees will become Zoom employees. The vast majority are security engineers.

It’s not clear what will happen to Keybase’s products, but the company did say Zoom is working with Keybase to figure that out.

Keybase was founded in 2014 and has raised almost $11 million according to Crunchbase data.

In surprise choice, Zoom partners with Oracle for growing infrastructure needs

Harbr emerges from stealth to help build online data marketplaces

/0 Comments/in /by

Harbr co-founder Anthony Cosgrove has been working with data for over 15 years, so he has an inkling of some of the problems associated with pulling data together in a way that makes it easy for others to consume, whether internally or externally. Like many entrepreneurs before him, he decided to start a company to solve that problem, and today it came out of stealth.

Cosgrove explained that in his experience, data platforms of the past had several problems. “They were too slow. They were too expensive and too risky, and when you got the data you then ended up working in a silo with really no repeatability of anything that you did for anybody else in your organization,” he explained.

Cosgrove started Harbr because he saw a dearth of tools to help with these issues. “We wanted to create an environment where organizations could share their data, collaborate on that data and create new versions of that data that were really optimized for very specific use cases,” he said.

For now, the company is concentrating on large data vendors, helping them package and monetize the data they produce as a business more efficiently, but Cosgrove sees a time where he could be helping other firms that produce data as a byproduct of conducting business to monetize that data more easily.

He says these big data businesses generally lack the agility to package data in ways that make sense for each customer, and his company’s product should help solve that. “They’re able to start working directly with their customers to move away from kind of sending data to actually selling services, models or insights, which is what customers really want,” he said.

One other unique aspect of the tool is that it is a true platform, meaning that you are not just restricted to the data in your system. You can pull together other data sources as well, and that could make for even more interesting ways to package the data for customers.

The company launched in London in 2017 and spent some time building the product. It recently opened offices in the United States and currently has 30 employees divided between the two locations. It has raised $6.5 million in seed capital led by Boldstart Ventures .

As private investment cools, enterprise startups may try tapping corporate dollars

/0 Comments/in /by

Founders hunting down capital in the middle of this pandemic may feel like they’re on a fool’s errand, but some investors are still offering financing, even if the terms might not be as good as they once were. One avenue that appears to remain open: corporate venture capital.

The corporate route offers its own set of unique challenges, depending on the philosophy of the organization’s investment arm. Some are looking strictly for companies that fit neatly into their platform, while others believe a solid investment is more important than a perfect fit.

Regardless of style, these firms want their investment targets to succeed on their own merits, rather than as part of the organization the funding arm represents. To get the lay of the land, we spoke to a couple of firms that take very different approaches to their investments: Dell Technologies Capital and Salesforce Ventures.

Corporate venture is a different animal

Corporate venture funds aren’t typically as large as private ones, but they have a lot to offer, such as global sales and marketing support and a depth of knowledge that offers direct benefits to a young upstart. This can help founders avoid mistakes, but there is danger in becoming too dependent on the company.

The good news is that these companies are often not leading the round, but are instead providing some cash and guidance, which leaves entrepreneurs to develop and grow on their own. While the pandemic is forcing many changes in approaches to investment, the two corporate venture capital firms we spoke to said they will continue to invest, and their theses remains pretty much the same.

If you have an enterprise focus and you can convince these firms to take a chance, they offer some interesting perks a private firm might not be able to, or at the very least provide a piece of your funding puzzle in these difficult times.

Daily Crunch: Zoom acquires security startup Keybase

/0 Comments/in /by

Zoom acquires some encryption expertise, Uber makes a big investment in scooters and we review the new 13-inch Macbook Pro.

Here’s your Daily Crunch for May 7, 2020.

1. Zoom acquires Keybase to get end-to-end encryption expertise

Keybase, whose encryption products include secure file sharing and collaboration tools, should give Zoom some security credibility as it goes through pandemic demand growing pains. A number of Zoom security issues have come to light in the last couple of months as demand has soared and exposed security weaknesses in the platform.

Under the terms of the deal, Keybase will become a subsidiary of Zoom and co-founder and Max Krohn will lead the Zoom security engineering team, reporting directly to Yuan to help build the security product.

2. Uber leads $170 million Lime investment, offloads Jump to Lime

As part of the deal (which was reported earlier this week but is now official), Lime is also acquiring Uber’s micro-mobility subsidiary Jump. There will be more integrations between Uber and Jump in the future, but both apps will remain active for now.

3. Apple MacBook Pro 13-inch review

With this week’s news, the 13-inch becomes the third and final member of the MacBook family to get the new keyboard. It’s not “Magic” as the name implies (Apple really does love the M-word), but Brian Heater says improvements are immediate and vast.

4. Nintendo sells a lot more Switches, as people stay at home playing Animal Crossing

The company says it has sold 21 million Switch units in the past year, handily beating a 19.5 million forecast. 6.2 million of those systems were the newer, cheaper Switch Lite, which hit the market in September. All of this comes as Nintendo has run up against shortages through a combination of increased popularity and a a global supply chain knocked off balance from COVID-19.

5. How will digital media survive the ad crash?

Bustle Digital Group’s Jason Wagenheim told us that he’s anticipating a 35% decline in ad revenue for this quarter. And where he’d once hoped BDG would reach $120 or $125 million in ad revenue this year, he’s now trying to figure out “what does our company look like at $75 or $90 million?” (Extra Crunch membership required.)

6. Apple awards $10 million to rapidly scale COVID-19 sample collection kit production

Apple has awarded $10 million from its Advanced Manufacturing Fund to COPAN Diagnostics, a company focused on producing sample collection kits for testing COVID-19 to hospitals in the U.S. The money comes from the fund that Apple established to support the development and growth of U.S.-based manufacturing — to date, the fund has been used to support companies tied more directly to Apple’s own supply chain.

7. Sonos debuts new Arc soundbar, next-generation Sonos Sub, and Sonos Five speaker

Sonos has introduced a trio of new hardware today, adding three new smart speakers to its lineup, including the Sonos Arc soundbar that includes Dolby Atmos support, as well as Sonos Five, the next version of its Sonos Play:5 speaker, and a third-generation Sonos Sub.

The Daily Crunch is TechCrunch’s roundup of our biggest and most important stories. If you’d like to get this delivered to your inbox every day at around 9am Pacific, you can subscribe here.

Zoom consultant Alex Stamos weighs in on Keybase acquisition

/0 Comments/in /by

When Zoom started having security issues in March, they turned to former Facebook and Yahoo! Security executive Alex Stamos, who signed on as a consultant to work directly with CEO Eric Yuan.

The goal was to build a more cohesive security strategy for the fast-growing company. One of the recommendations that came out of those meetings was building end-to-end encryption into the paid tier of the product. Those discussions led to the company buying Keybase this morning.

Stamos says in the big build versus buy debate that companies tend to go through when they are evaluating options, this fell somewhere in the middle. While they bought a company with a lot of expertise, it will still require Keybase engineers working with counterparts from Zoom and consultants like Stamos to build a final encrypted product.

“The truth is that what Zoom wants to do with end-to-end encryption, nobody’s really done, so there’s no product that you could just slap onto Zoom to turn it into key encryption. That’s going to have to be thought out from the beginning for the specific needs of an enterprise,” Stamos told TechCrunch.

But what they liked about Keybase in particular is that they have already thought through similar problems with file encryption and encrypted chat, and they want to turn the Keybase engineers loose on this problem.

“The design is going to be something that’s totally new. The great thing about Keybase is that they have already been through this process of thinking through and then crafting a design that is usable by normal people and that provides functionality while being somewhat invisible,” he said.

Because it’s a work in progress, it’s not possible to say when that final integration will happen, but Stamos did say that the company intends to publish a paper on May 22nd outlining its cryptographic plan moving forward, and then will have a period of public discussion before finalizing the design and moving into the integration phase.

He says that the first goal is to come up with a more highly secure version of Zoom meetings with end-to-end encryption enabled. At least initially, this will only be available for people using the Zoom client or Zoom-enabled hardware. You won’t be able to encrypt someone calling in, for instance.

As for folks who may be worried about Keybase being owned by Zoom, Stamos says, “The whole point of the Keybase design is that you don’t have to trust who owns their servers.”

Zoom acquires Keybase to get end-to-end encryption expertise

VC’s largest funds make big bets on vertical B2B marketplaces

/0 Comments/in /by

During the waning days of the first dot-com boom, some of the biggest names in venture capital invested in marketplaces and directories whose sole function was to consolidate information and foster transparency in industries that had remained opaque for decades.

The thesis was that thousands of small businesses were making specialized products consumed by larger businesses in huge industries, but the reach of smaller players was limited by their dependence on a sales structure built on conferences and personal interactions.

Companies making pharmaceuticals, chemicals, construction materials and medical supplies represented trillions in sales, but those huge aggregate numbers hide how fragmented these supply chains are — and how difficult it is for buyers to see the breadth of sellers available.

Now, similar to the way business models popularized by Kozmo.com and Webvan in decades past have since been reincarnated as Postmates and DoorDash, the B2B directory and marketplace rises from the investment graveyard.

The first sign of life for the directory model came with the success of GoodRX back in 2011. The company proved that when information about pricing in a previously opaque industry becomes available, it can unleash a torrent of new demand.

Health APIs usher in the patient revolution we have been waiting for

/0 Comments/in /by
Rish Joshi
Contributor

Rish is an entrepreneur and investor. Previously, he was a VC at Gradient Ventures (Google’s AI fund), co-founded a fintech startup building an analytics platform for SEC filings and worked on deep-learning research as a graduate student in computer science at MIT.
More posts by this contributor

If you’ve ever been stuck using a health provider’s clunky online patient portal or had to make multiple calls to transfer medical records, you know how difficult it is to access your health data.

In an era when control over personal data is more important than ever before, the healthcare industry has notably lagged behind — but that’s about to change. This past month, the U.S. Department of Health and Human Services (HHS) published two final rules around patient data access and interoperability that will require providers and payers to create APIs that can be used by third-party applications to let patients access their health data.

This means you will soon have consumer apps that will plug into your clinic’s health records and make them viewable to you on your smartphone.

Critics of the new rulings have voiced privacy concerns over patient health data leaving internal electronic health record (EHR) systems and being surfaced to the front lines of smartphone apps. Vendors such as Epic and many health providers have publicly opposed the HHS rulings, while others, such as Cerner, have been supportive.

While that debate has been heated, the new HHS rulings represent a final decision that follows initial rules proposed a year ago. It’s a multi-year win for advocates of greater data access and control by patients.

The scope of what this could lead to — more control over your health records, and apps on top of it — is immense. Apple has been making progress with its Health Records app for some time now, and other technology companies, including Microsoft and Amazon, have undertaken healthcare initiatives with both new apps and cloud services.

It’s not just big tech that is getting in on the action: startups are emerging as well, such as Commure and Particle Health, which help developers work with patient health data. The unlocking of patient health data could be as influential as the unlocking of banking data by Plaid, which powered the growth of multiple fintech startups, including Robinhood, Venmo and Betterment.

What’s clear is that the HHS rulings are here to stay. In fact, many of the provisions require providers and payers to provide partial data access within the next 6-12 months. With this new market opening up, though, it’s time for more health entrepreneurs to take a deeper look at what patient data may offer in terms of clinical and consumer innovation.

The incredible complexity of today’s patient data systems

Tech Support Scam Uses Child Porn Warning

/0 Comments/in /by

A new email scam is making the rounds, warning recipients that someone using their Internet address has been caught viewing child pornography. The message claims to have been sent from Microsoft Support, and says the recipient’s Windows license will be suspended unless they call an “MS Support” number to reinstate the license, but the number goes to a phony tech support scam that tries to trick callers into giving fraudsters direct access to their PCs.

The fraudulent message tries to seem more official by listing what are supposed to be the recipient’s IP address and MAC address. The latter term stands for “Media Access Control” and refers to a unique identifier assigned to a computer’s network interface.

However, this address is not visible to others outside of the user’s local network, and in any case the MAC address listed in the scam email is not even a full MAC address, which normally includes six groups of two alphanumeric characters separated by a colon. Also, the IP address cited in the email does not appear to have anything to do with the actual Internet address of the recipient.

Not that either of these details will be obvious to many people who receive this spam email, which states:

“We have found instances of child pornography accessed from your IP address & MAC Address.
IP Address: 206.19.86.255
MAC Address : A0:95:6D:C7

This is violation of Information Technology Act of 1996. For now we are Cancelling your Windows License, which means stopping all windows activities & updates on your computer.

If this was not You and would like to Reinstate the Windows License, Please call MS Support Team at 1-844-286-1916 for further help.

Microsoft Support
1 844 286 1916”

KrebsOnSecurity called the toll-free number in the email and was connected after a short hold to a man who claimed to be from MS Support. Immediately, he wanted me to type a specific Web addresses into my browser so he could take remote control over my computer. I was going to play along for a while but for some reason our call was terminated abruptly after several minutes.

These kinds of support scams are a dime a dozen, unfortunately. They prey mainly on elderly and unsophisticated Internet users, walking the frightened caller through a series of steps that allow the fraudsters to take complete, remote control over the system. Once inside the target’s PC, the scammer invariably finds all kinds of imaginary problems that need fixing, at which point the caller is asked for a credit card number or some form of payment and charged an exorbitant fee for some dubious service or software.

What seems new about this scam is the child porn angle, which I’m sure will worry quite a few recipients. I say this because over the past few weeks, someone has massively started sending the same type of sextortion emails that first began in earnest in the summer of 2018, and incredibly over the past few days I’ve received almost a dozen emails from readers wondering if they should be concerned or if they should pay the extortion demand.

Here’s a hard and fast rule: Never respond to spam, and certainly not to any email that threatens some negative consequence unless you respond. Doing otherwise only invites more spammy and scammy emails. On the other hand, I fully support the idea of tying up this scammer’s toll-free number with time-wasting calls.