Extortion emails and what to do if you get one.

What is an extortion email?

  • Extortion phishing scams have been on the rise lately, supported by multiple data breaches to some websites we visit, like Linkedin, that have leaked mass amounts of personal information.
  • The idea is the same – telling victims that sensitive and embarrassing, information has been obtained, and threatening to send out the content unless a ransom payment is made in bitcoin or other untraceable crypto currency.

Stolen passwords
The first pattern involves extortion emails informing recipients that their passwords have been hacked. Cyber criminals place the targets password within the email body or in the subject of the email (as in the screenshot below).

Do the extortionists have anything on you?

If you get emails with similarity to the examples, you can block the sender and delete the email.
If they had anything at all they would send a picture or a screenshot along with the email.
Our simple advice is: DON’T PAY, DON’T REPLY.
Delete the offending emails, and don’t engage with the crooks at all and block the sender. They don’t even know that your email address is still active.

But they seem to know me!

That’s because the crooks often try to convince you that they really do have “insider knowledge” about you.
They include personal details in the email that allegedly “prove” that there must be some kind of active spyware infection on your computer.
For example:

  • The crooks include one of your passwords. Often, it’s an old password, but usually it is (or was) genuinely yours. That’s scary, but don’t panic – these stolen passwords come from data breaches, where your data was lost by someone else like the website you log in to. The crooks didn’t steal the password directly from you, but from the website you went to.
  • The crooks include your phone number. Just the same – the crooks use phone numbers, paired up with email addresses, acquired through a data breach. The data wasn’t lifted directly from your computer.

What to do?

Block the sender and delete the email.
If the crooks really wanted to prove they had a “sex tape” of you, they’d send you a still image, or a link where you could preview the file they claim to have.
But they don’t – they just threaten you and present vague and unconvincing evidence that they know something about you.
So, don’t panic, delete the email, and don’t reply to the email.