Facet Blog

Blackmail Phishing Scams: 4 Steps to Take if You Receive an Extortion Email

September 14, 2021

Fear, Lies, and Greed: Blackmail Phishing Scams Play on Embarrassment for Huge Payouts

Why am I getting this email? I didn’t do anything wrong!

A friend of mine recently sent me a screenshot of an email via text. The subject line was a random string of characters, from a sender with a domain ending in “.com.us.”

The sender introduced himself and said he had identified a password she used on the web (the characters in the subject line), and proceeded to threaten “exposing” recordings, photos, and media of illegal acts that she had supposedly committed. Her text followed, “I know this is a scam but how did they get my password?? I use this password everywhere!”

Blackmail scams have become ubiquitous as more passwords are involved in large-scale data breaches and phishing tactics improve. Scammers use lists of breached passwords to frighten and coerce victims into paying large “hush” sums. In typical form, the scammer demanded that she send .1 bitcoin (at the time, around $4,000 USD) to their BTC address or risk “sensitive information being sent to [her] friends and family.”

These emails play on shock value and manufactured feelings of guilt and shame. Often, the emails claim to have a compromising video of you that they threaten to send to your contacts. Sometimes, they claim to have caught you in an illegal act. Sure, you may know they have no such video, but your password in the subject line is enough to raise your blood pressure, and cyber criminals know it!

How do you tell if an extortion email is a phishing scam?

The vast majority of extortion emails are phishing attempts. The scammers don’t have a video of you, and they just got your password from a leaked list that is publicly available on the dark web.

Most extortion emails include one or more of the following elements:

1. Your password (current or past) in the subject line or first sentence of the email.

2. An opening such as, “I know everything about you,” and generally an assertion such as “I now have total control over your computer and webcam, and I’ve seen everything.”

3. An accusation of an embarrassing act caught on camera or photographed, generally explicit in nature.

4. A threat to send the media to friends and family in your contacts.

5. A demand for money, generally in the form of Bitcoin or Ethereum.

6. A sense of urgency, such as a deadline by which you must send the money in order to “delete” the content.

In fact, most of these emails follow the exact same template and formula—a quick Google search will show you some examples.

What should you do when you get a blackmail or extortion email?

So, what should you do when you get an extortion email like this? Stay calm and take the following measures to ensure your privacy and safety. Remember, these emails are becoming more widespread because they are highly effective. High-pressure tactics and embarrassment lead victims to send large amounts of money to prevent the dissemination of videos and photos that never existed at all.

1. Stay calm and assess the situation rationally.

When you receive an email that gets your heartrate up, the first step is to take some deep breaths and stay calm. Remember that you didn’t do anything wrong, and emails like these are sent out by the thousands every day.

2. Do not send money or cryptocurrency to anyone.

Never send money or cryptocurrency to scammers. It will not ensure your privacy nor will it prevent them from contacting you again. Rather, it will embolden them to ask for more money as they know they have you on the line.

3. Change your passwords.

Some blackmail emails use a password that was published during a data breach as the subject line. If you still use this password anywhere, change it immediately, on every site on which you’ve used it. Some password managers will flag sites on which you have used a password involved in a breach, which can be helpful. Use a different password for different sites–it may seem inconvenient, but it’s worth it! If you would like additional peace of mind, Facet offers dark web scans and monitoring which can be used to identify vulnerable passwords.

4. If you have any questions, contact a professional.

We are here to help if you ever receive an extortion or blackmail email. While most scammers are offshore and cannot be prosecuted in the US, we can help you take steps to avoid receiving those emails in the future, such as email filtering services and other cybersecurity safeguards.

You never have to feel uncomfortable about calling us—you can always ask to speak to a specific technician or employee who you trust. We are committed to your privacy and confidentiality.

Email filtration is one step to greater security. At Facet, we advocate the use of a layered security policy at every company. Even if a particularly good phishing or ransomware email makes it through the filter, other services can prevent data breaches and other disasters. The best security builds a fortress around your company and your data.

An important note:

This advice comes with a caveat: if you have reason to believe that you have received an actual blackmail attempt via email, you need to contact the police. Webcam monitoring malware exists, so I don’t want to downplay the possibility, but it is exceedingly rare for “average” people to be targeted and there’s not exactly a pulse on how often that happens. Again, a good cybersecurity protection plan and policies can help prevent such things. Some people cover their webcam with a small piece of tape for peace of mind, and many laptops now come with a physical shield that can be pulled over the camera.

If you have any questions or would like more information on spotting and avoiding blackmail or extortion emails, feel free to give us a call at (309) 689-3900 or fill out our contact form. We have many educational resources available to companies to help train their employees to identify phishing scams and common psychological tactics used in phishing.

How can we help you?