Imagine how terrifying it would be to receive an email like this: “I’ve infiltrated your computer. I have access to all of your files and I’ve been watching you on your webcam. If you don’t send $5,000 by the end of the day, I’m going to start publishing whatever I want.”
Already reeling from such a brazen and creepy threat, you notice that the email appears to have been sent from your own account -- it really does seem like this hacker has access to your computer.
But the biggest mistake you could possibly make in this situation would be to send your attacker money. In the vast majority of cases like this, the attackers are bluffing. They don’t have access to your computer, they haven’t stolen any private information, and they’re trying to manipulate you with digital tricks that make their threats seem authentic (such as the illusion that the email was sent from your own account, which can easily be exposed by checking the email headers). Cyberattacks like this aren’t technologically sophisticated hacks -- they’re just scams, right?
The Blurry Boundary Between Hacks And Scams
For the purposes of this article, hacks are direct breaches of a company’s servers or other digital systems, while scams involve the exploitation of victims who are coerced into voluntarily providing access or sensitive information. But this doesn’t mean hacks and scams are in separate categories; rather, there’s a whole lot of overlap between them, and companies have to understand how they’re alike and how they differ.
For example, business email compromise (BEC) is one of the most common and costly forms of cybercrime (as demonstrated by the 2018 FBI IC3 scams hacks every company needs
