You probably get more emails in a day than you know what to do with. At least, that’s the case for most folks on the internet. Because of this, it’s not uncommon to just delete what comes through willy-nilly — no matter how enticing or alluring the subject line might be.
But imagine you’re cleaning up your inbox and something catches your eye that you weren’t expecting: a subject line containing your password. When you open the email, a threatening message claiming to be from a hacker says that your webcam has been compromised — and that they’ve caught you in a moment of intimacy. Now, it’s time to pay up in Bitcoin, or else the hacker will expose you publicly.
If this sounds familiar to you, then you’re probably aware of how nightmarish “sextortion” scams can be. What’s worse, though, is the fact that sextortion emails are actually on the rise once again — and they’re getting more aggressive. If you’ve ever had anyone try to extort you via email, or you’re afraid that you might be a target, here’s what you need to know to stay out of harm’s way.
Scams and fear on the rise
According to a new report from threat analysts at antivirus firm Symantec, nearly 300 million extortion emails were blocked or discovered by programs associated with the company. After a lull in frequency prior to 2019, these types of threatening emails have roared to life with a vengeance — and range in subject matter from sexual extortion to literal bomb threats.
Symantec suspects that there are at least two organized cybercrime groups sending the emails, but acknowledge there may be more involved that have yet to be discovered.
These extortion emails typically follow a few select patterns. They’ll often contain a provocative subject line that’s either threatening in nature or contain a piece of personal information like a password or partial phone number.
When they follow the personal data route, the scams typically are sexual in nature and attempt to blackmail the recipient. The other variations, such as the bomb threats, are more overtly violent — and promise injury and devastation unless demands are met.
One common thread to every one of these scam emails is the fact that the cybercriminals ask for their payment in cryptocurrency. This isn’t unusual, since crypto is decentralized and anonymous, which would make it extremely difficult for law enforcement to follow the money trail back to the perpetrators.
It’s also common to see poor spelling or grammar in these messages — which can point to a foreign or overseas origin.
How can I protect myself if I get one of these messages?
There is some good news to this story, surprisingly. When we report on “scams” here at Komando.com, we’re referring to fraudulent attempts to gain something of value from the victim. And this scheme, thankfully, is only pretending to have leverage over its victims — which clearly defines it as a scam as opposed to a real wave of criminal hacking.
This, however, does raise the question of how the hackers obtained the passwords and phone numbers they’re putting in subject lines. As it turns out, this information is usually pulled from archived copies of previous large-scale data breaches.
So if your old password was leaked in Yahoo’s massive data fiasco, for example, it has the potential to be misused and repurposed for an extortion scam against you. This fact alone can make it difficult to tell whether the extortionist actually has your information or not.
But in any case, the answer is usually no. In fact, due to the rise in extortion emails, Symantec is strictly advising internet users to be on alert to avoid these threatening messages — even if they contain familiar data. By forgoing opening these emails altogether, you’re reducing your risk for actual dangers like phishing links and malicious attachments.
So in short, if you see an email threatening to expose you if you don’t pay a ransom, don’t sweat it — even if your personal data is attached. Remain calm, delete the message, and go on with your life. The best part is, by doing this, you’re depriving a cybercriminal of their meal ticket. That’s a reward in and of itself.