What are ‘sextortion’ phishing emails
Have you received an unpleasant email saying that the sender knows your password and that they have footage of you visiting adult websites (or other similar threatening messages)?
‘Sextortion’ phishing scams are where people are coerced into paying a BitCoin ransom because they have been threatened with sharing of videos of them visiting adult websites. These scams are made to appear all the more credible because they provide seemingly plausible technical information on how this was allegedly done.
These emails are completely indiscriminate and can land in anyone’s inbox – I’ve had several, and I don’t even have a webcam! They can be unpleasant and frightening – especially if you recognise the password in the email.
Phishing emails are designed to play on your emotions. The scammer is gambling that this email will land in enough inboxes of people who have possibly visited sites of an adult nature, and they hope enough people will respond so that their scam is profitable. They do not know if you have a webcam, have been visiting adult websites, or the means by which you communicate with people – in a nutshell, it’s all guesswork. The scammer hopes to emotionally trigger people and cause fear, so that they will ‘take the bait’ and pay the ransom demand.
What you need to do if you have received one of these emails :
If the email includes a password that you recognise and still use, then change it immediately anywhere you are using it. For more advice how creating strong passwords visit the Cyber Aware Government website.
Do not to engage with the sender. Forward the email to firstname.lastname@example.org
We advise against paying any ransom. Firstly this is a phishing email so there is no footage to distribute; secondly it may encourage further scams as you will be identified as a good target; thirdly, sadly you are funding further criminality.
How did they get my password?
In all likelihood, this will have been obtained from historic data breach. To protect yourself, we strongly advise checking if your email addresses have ever been compromised and get future notifications by registering with “Have I Been Pwned” website. It’s free of charge, and if you select “Notify Me” you won’t need to visit the page again as it will email you if your details are involved in future breaches! NB I personally have my accounts registered, and many businesses, Police Forces and Local Authorities use the trusted, free, safe and secure service.
If you have been a victim of a sextortion scam and paid a ransom, either via phishing email, or you have shared images and then been threatened, please report it to your local police force by calling 101.
If you feel that you would benefit from emotional support, this is available from charities such as Victim Support by calling 0808 168 9111 or visiting: https://www.