What is a sextortion email?
Sextortion emails come from scammers who claim they have compromised your computer system and found evidence of you having visited pornographic websites or they have compromised webcam footage. They threaten to share what they have found with the public and your regular contacts unless you pay them money.
Below is a typical example of sextortion emails we receive. Click on the image to increase view the full-size version.
The emails might put all the text in body of the email or the email might have a file that the scammers wants you to open.
Why are they targeting me?
Most sextortion emails are sent out in their thousands using a list of email addresses from previous data breaches. It is extremely unlikely that they have any information or footage. Websites such as haveibeenpwned.com can help you discover whether you've been a victim of a data breach.
Sometimes, however, an email can be more specifically targeted, as it might include a real password to convince you that they have managed to gain access to your computer system. These passwords are usually taken from past data breaches and not acquired from compromising an individual account or computer system.
In other emails, the scammer might put a photograph of your home that they have found from Google Street View. The scammer is trying to make it seem as if hacking has taken place but they are only using publicly available information when they already know your home address (because of the data breach).
Recommended Action
If you receive one of these emails, mark it as junk, forward it to SERS (click here for more information about SERS) and delete it.
Never click on any links or open attachments – malicious websites and files can install viruses and other malicious code resulting in personal data being stolen or computer systems being negatively impacted.
Never respond, even if you know it is a scam because this will only tell the scammer that your email address is active and could result in you becoming the recipient of abuse and other scam email campaigns.
If the password displayed in the email message is one you currently use, change the password on all accounts and systems that use it.
If you do not intend to use a service regularly, why not make use of the ’Guest’ option if available instead of creating a user account - less accounts means less chance of your data being breached.
If you received the email to a business email account, follow your organisation’s reporting procedures such as informing your technology department or provider.
This page was last updated on the 24th October 2024