Sextortion emails: what you need to know
Extortion, particularly sextortion, emails are becoming a bigger headache every year. It has reached a point where the majority of email users have received such an email at some point. While completely ridiculous to those familiar with such scams, they can seem very alarming to those unaware. Extortion emails can evoke intense fear and feelings of shame, allowing users to be manipulated into paying hundreds, if not thousands of dollars.
Over the last couple of years, thousands of users have reported receiving extortion emails demanding money in exchange for not doing something. Some emails claim to have users’ private videos and threaten to publicly release them, while others threaten to bomb buildings or assassinate users. The emails are essentially blackmailing users into paying money.
The most common extortion emails are ones that claim a video of users watching pornography will be released online if a certain sum is not paid. These emails are known as sextortion scams. They are much more successful attempts to extort money compared to some other email campaigns. They can cause serious distress to users and could cause them to lose thousands of dollars.
The purpose of this article is to explain the different types of extortion emails, their most common traits, and what to do if you ever receive one.
Different types of extortion emails
Sextortion types of extortion emails are by far the most common nowadays. They’re relatively low-effort but can seem alarming enough to trick some users. A sextortion email is an email that contains a sexual element. In most cases, these types of emails claim that a user’s computer has been hacked and a video of them watching pornography has been made. The emails essentially threaten to publicly expose a user’s “shameful habits” and release the supposed video if payment is not made.
Bomb extortion emails
While sextortion scam emails can seem believable depending on the circumstances, some extortion emails are outright ridiculous. The so-called “bomb extortion email” is a great example. This campaign was going around in 2018 and claimed that a bomb has been placed at the place of a user’s employment. Supposedly, the bomb would go off unless a payment of $20,000 in Bitcoin was made to the provided wallet address.
At the time, these kinds of emails were rather new so when one threatening to bomb buildings started spreading, it caused quite a commotion. Users all over the US started reporting possible bomb threats to law enforcement, causing universities, schools, media organizations, private businesses, etc., to be evacuated while bomb disposal teams checked them for explosives.
Hitman extortion emails
One of the more ridiculous extortion email campaigns is one that threatens to essentially assassinate users unless they pay. Supposedly, the sender is some kind of hired hitman and is emailing users to inform them that a hit has been placed on them. However, they are offering users a deal. If they agree to pay $1200 in Bitcoin within 38 hours, the “hitman” would not only not assassinate them but also reveal information on who placed the hit. It’s a ridiculous attempt to extort money, and scammers likely realize this as not many variations of the “hitman extortion email” can be found.
COVID-19 extortion emails
As soon as the COVID-19 pandemic began, scammers switched from sextortion emails to ones that threaten to infect users with the virus. These emails started appearing right as the virus was causing widespread panic all over the world but even under such circumstances, it’s rather ridiculous. Scammers claim that they have been watching users and know their schedules, allowing them to come in close contact with users. With claims like “If i want, i could infect your and your whole family with the corona virus (COVID-19)”, the sender tries to evoke fear among users. One particular COVID-19 extortion email we’ve encountered asks for $500 to be paid to the provided Bitcoin address. If the payment is not made within 72 hours, the sender would supposedly spread the virus to the user and their family.
Common extortion email traits
Because sextortion emails are the most commonly encountered extortion emails, this article will focus on them in particular. The majority of sextortion emails follow the same pattern and have identical traits. So even if the emails are worded differently, they’re still more or less the same. The most common sextortion email traits are:
- Eye-catching subject lines
In order to catch users’ attention, scammers use rather flashy subject lines. Some examples are: “For some time now, I have been watching you”, “Within 96 hours I’ll ruin your prestige”, “Unfortunately, there are some bad news for you”, “If you want us to be silent, read”, and “I am sorry to inform you but your device was hacked”. For users familiar with spam, these subject lines are an immediate giveaway of spam. However, for unsuspecting users, they may seem convincing enough.
- Personal information disclosure
The first few sentences of such emails usually reveal users’ personal information. That includes a full name and even a password. This serves to alarm users enough to keep reading and increase the credibility of the email.
- An explanation for how the supposed hack was carried out
Sextortion emails, in great detail, explain how the supposed hack of the computer was carried out. It’s usually more or less the same in all sextortion emails. Supposedly, users were browsing a pornographic website that had concealed malware on it. The malware was then supposedly downloaded onto users’ computers, which allowed the malicious actor complete access to the computer.
- Psychological distress affliction
To afflict psychological distress, malicious actors then reveal that a private video of the user watching pornography has been made. Furthermore, users receive threats that the video will be sent to family, coworkers, and friends. Users are repeatedly shamed in sextortion emails for supposedly visiting sites with pornographic content, further causing distress. Some emails also emphasize how disappointed people will be to receive the user’s private video.
Sextortion emails often use humiliating words like “nasty”, “dirty”, “perverted”, etc., to evoke shame in users for their supposed pornography viewing habits. Repeated usage of such words causes further distress to users. Here are a few examples of sentences that could cause distress to users: “The only person to blame in this situation is you, since you are a big fan of adult websites and also have an uncontrollable desire to indulge yourself with another orgasm”, “I have filtered out the worst perverts from the list. Yeah, you are one of them. Not everyone chooses to watch such hardcore videos”, “I was shocked by what I saw!!! I want to say that you are a BIG pervert. Your fantasies are shifted far away from normal course”. Even if users weren’t actually watching any kind of pornographic content, the idea that someone may have a private video of them (even if it’s edited) would cause significant distress. Combined with repeated shaming by the malicious actor, it may be enough to convince users to pay the requested sum.
- Payment demand
The whole point of sextortion emails is to extort money from users. To not sent the supposed video of users watching pornography, malicious actors demand a payment. It usually ranges between $500 and $1500, to be paid in cryptocurrency.
- A time limit
To create a sense of urgency, scammers usually give a time limit. Fear with a sense of urgency is a powerful emotion but it’s rather short-lived. Giving a time limit allows scammers to take advantage of users while they’re still irrational, before they start thinking more clearly. Users are generally given 24-48 hours to send the cryptocurrency.
- Instructions on how to purchase cryptocurrency
The majority of emails also include instructions on how to buy and transfer cryptocurrency.
- Poor grammar and spelling mistakes
Despite being written in English, sextortion email campaigns seem to originate from non-English speaking countries. This is quite obvious from the abundance of grammar/spelling mistakes and awkward phrasing.
How did the scammer get your personal information?
Whenever you start seeing spam emails in your inbox, know that your email address has been leaked by some service. You can check on haveibeenpwned which data breaches your email address is part of. In addition to email addresses, it’s not uncommon for other personal information, including a full name, to be leaked as well. So despite what the email might say, the reason you received a sextortion email is that your email address and personal information have been leaked. It’s certainly not because someone was able to hack your computer and steal your data.
In an effort to increase the credibility of the sextortion email, malicious actors often include users’ passwords. For an unsuspecting user, the password would mean that hackers were indeed able to infect their computer with malware, allowing them to steal the login credentials. Because in their mind, how else would they have gotten it. This has proven to be a somewhat effective technique because some users do fall for it.
In reality, malicious actors and scammers obtain the passwords the same way they do any other personal information. They buy them from hacker forums. In many cases, if cybercriminals are able to successfully hack some service and gain access to customers’ personal information, they would still not get passwords because they’re not stored in plain text and are encrypted. However, not all companies have great security practices and passwords are not always protected. So if your password was included in a sextortion email, the service you used it for had very poor security and was hacked. When users’ personal information is stolen during an attack, it usually ends up being sold on hacker forums. Other malicious actors can buy that information to use in, for example, sextortion campaigns.
What to do if you receive a sextortion email
Instructions for what to do if you receive a sextortion email by UK’s NCSC
- Do not panic
If a sextortion email lands in your inbox, you need to remain calm and carefully inspect the contents. If the email is very generic and matches all of the traits discussed in this report, you can safely delete the email from your inbox.
- Do not engage with the scammer(s)
It goes without saying that there is no reason to pay the requested sum of money because there is no video of you, nor has your computer been hijacked. Paying would only be a waste of money. You should also not reply to the scammers to avoid escalation in the off chance it’s not an automated campaign.
- Change your password(s) if it’s revealed in the email and enable 2FA
If a sextortion email includes a password you currently use, you need to change it immediately because it’s been leaked. You can check your other passwords to see whether they’ve been leaked as well on haveibeenpwned. Make sure your passwords are unique for all accounts, no matter how insignificant. If a password is leaked once, other accounts with the same password would get accessed as well. Passwords should also be difficult to guess and be made up of upper and lowercase letters, numbers, and symbols. The more random a password is, the longer it will take for it to be cracked. It’s also a good idea to enable two-factor authentication (2FA) for your accounts whenever possible. Even if a password is leaked, 2FA will prevent unauthorized access to your accounts by requiring additional verification.
- Do not open any attachments or click on links
In most cases, sextortion emails do not have attachments or links but if the one you received does, do not open or click on it. Attachments are very likely to contain some kind of malware, while links could lead to phishing/malicious websites.
- If you sent cryptocurrency, contact the police
The nature of cryptocurrency is that once it’s transferred, it’s not possible to recover it. But even if you won’t get your money back, it’s still recommended to contact your local law enforcement to file a report. Filling reports help law enforcement agencies keep track of what scams are going around, allowing them to prevent more victims by issuing warnings. Furthermore, on the off chance the scammers are ever apprehended, you may have a chance of getting your money back.