Sextortion scams are a type of phishing attack. The aim of these emails is often to coerce you into paying a fee or a ransom to protect yourself. The threatening emails often say they have images/videos of you visiting adult websites. The reason these scams seem plausible is because of the technical details included around how this was achieved. The phishing email will often also include personal details such as usernames, passwords, addresses and contact numbers.
In actual fact, in most cases these personal details have often been obtained through a data breach.
Phishes such as these are designed to play on your emotions. The aim of the phish is to get you to act unusually or out of character. And for most people, this means immediately reacting to the email and paying the ransom. The phisher is gambling that enough people will respond and pay up to make their scam profitable. They do not know if you have a webcam, or if you have been watching adult content, they are simply guessing.
So, what do you do if you receive a sextortion or any other type of extortion email?
Its important to approach it with a clear head, don’t let your emotions cloud your judgement. As with any other phishes, it’s important that you don’t engage with the phisher. Forward the email immediately to firstname.lastname@example.org which is the NCSC’s phishing email reporting service. Once you’ve done this, you can delete the email.
If you are tempted to pay any fees/ransom they have asked for – you should be aware that doing so would likely encourage more scams in the future as the phisher will know that they have a willing “customer”.
Does the email have your password in? Don’t worry about it. Its likely from a historic data breach. You can check by visiting https://haveibeenpwned.com/ they can also send future notifications, if you sign up.
If the email has your current password in, change it immediately. We have advice on how to set a secure password here.
If you have been a victim of sextortion, you should report this to Action Fraud. For information on how to do this, click here.