Email Scams and Extortion

Emails that threaten disclosure of personal or embarrassing information or illicit footage have been turning up in inboxes again recently. These emails are often known as “sextortion” scams.

The good news is that they are empty threats. There has been no evidence that any devices have been hacked by the perpetrators, or that they have obtained the footage they claim to have.

The Office of the eSafety Commissioner issued a statement in August 2018 that reads in part:

“Recently, we’ve also been sent a number reports about an email scam where the sender claims they’ve hacked into an individual’s device and recorded intimate footage of them visiting a porn site. In an endeavour to add legitimacy, the sender often includes a password which the person recognises as a current or former password.

It’s important to know, this is simply a scam and there is no intimate footage.”

The eSafety Commissioner advises that anyone receiving this email or a variation should consider the following actions:

  • Don’t give them any money or give in to any other demands—this is very important as paying any sum of money will only result in more demands.
  • Don’t reply to the scammer and block the email address that’s contacted you.
  • Delete the scam email from your inbox.
  • Secure any online accounts associated with the password included in the email, and remember to update these regularly.
  • Make sure anti-virus software is installed on your device and is up to date.
  • If the scam email is from an Outlook email address (in our experience many are) – report the email address to Microsoft. You’ll find instructions on how to report Outlook accounts as phishing scams and abuse here. If the email address is from a different provider, the major email platforms generally have clear advice online about how to report a user.

You might also consider reporting the email to Scamwatch and taking a look at the advice on the Stay Smart Online website where you can sign up to their alert service to be kept up to date about online threats and how to manage them.

Some versions of the email include a password that the recipient may recognise as one they currently use or have used in the past. This does not confirm the legitimacy of the email – many large, reputable services and sites have experienced data breaches over the last decade, and passwords from these breaches have been leaked online. Defend yourself from this by using different passwords for every site and service you subscribe to.

Additional resources: 

Simple Internet Security Measures
Virus and Malware Guide
You Need A Passphrase, Not A Password