Close up of computer keyboard with payment button (Cyber Extortion Concept)
Online extortion scams, where fraudsters make threats and demand to take your money, are becoming more common. In 2023, the FBI recorded more than 48,000 victims of extortion—a 22% jump from the previous year—ranking it as the fourth most common online crime.
Fraudsters are constantly inventing new blackmail tactics. While early extortion emails were often written in poor English with many grammatical errors, scammers now use artificial intelligence to correct language errors and make their messages more convincing.
Although these scams are becoming more sophisticated, there are still warning signs you can look out for that distinguish non-threat mass emails from targeted attacks:
- The message is full of threats and ultimatums, using high pressure tactics.
- You are given some time to comply with their demands.
- They often ask for payment via bitcoin or other cryptocurrencies.
In addition to email scams, reports show an increasing number of phone threats and extortion scams. Call-based scams often involve threats from someone impersonating a government official, such as a police officer, Social Security Administration worker, or Internal Revenue Service. The scammer may threaten you with arrest, deportation, or prison for unpaid taxes, visa issues, or a mail package that allegedly contains illegal material. They often leave an “urgent” voicemail, demanding that you call immediately.
Despite the increase in call-based scams, email scams remain more common. When email scams first appeared, they were extremely profitable, with scammers accounting for $50,000 in one weekaccording to BleepingComputer. These scams were subtle, exploiting the fear of embarrassment, and at the time, were not widely recognized.
Here are more details about the different types of extortion scams.
Blackmail
Sextortion Type 1
The most common online extortion scam is the takeover. Among the various redemption scams, one of the most common involves an email in which the attacker claims to have stolen your password using malware supposedly installed on an adult website you visited. The scammer claims to have recorded the recipient via webcam while watching a video and demands around $3,000 in bitcoins to keep the video secret. If payment is not made within a day, the scammer threatens to share the video with all the victim’s contacts. Remember, this is a prank. no malware or video. Recipients of such emails should change compromised passwords and avoid paying the ransom. To check for stolen passwords, use services like I’ve been caught and file a complaint with law enforcement.
Sextortion Type 2
Scammers send an email claiming to be from the CIA or the police, stating that the recipient is under investigation for accessing illegal websites. The scammer pretends to be an officer who offers a deal: the victim will personally pay him $2,000 (in some cases $10,000) in bitcoins and remove the recipient’s details from a criminal case to avoid arrest. The email includes threats of legal action and exposure unless payment is made.
Sextortion Type 3
The scammer claims to have hacked the victim’s computer and says he knows all his passwords and daily activities. To increase the pressure and appear credible, the scammer includes the most popular passwords found on various lists on the internet. Many people recognize their own passwords. The email threatens to reveal the recipient’s sexual secrets unless $4,000 is paid in bitcoin. During the pandemic, scammers would also threaten to infect the recipient’s family with COVID-19 and reveal more secrets if payment is not made.
Sextortion Type 4
Another sex campaign scam impersonates the adult site YouPorn, claiming that someone has uploaded an indecent sexual video of the recipient to its network. The scam emailpurportedly from info@youporn.com, warns that the video will be published in seven days unless a removal is requested. Includes a link to free video removal. However, it redirects to the YouPorn home page. Email also offers paid removal services ranging from $199 to $1,399, with various levels of protection, including digital fingerprints and facial recognition.
Sextortion Type 5
A new blackmail email campaign claims that the sender had sex with you a long time ago and secretly recorded it. The message says that unless the victim wants their sex tape sent to all their contacts, they must pay $1,500.
The assassin was hired to target you
The sender claims to have a dark website that offers various services for a fee. The email further states that someone used the site to hire an assassin to hunt down the recipient. The sender is threatening to send an assassin unless the recipient pays $4,000. The scammer offers to cancel the contract if payment is made.
Bomb extortion
The scammers claim to have planted a bomb in the recipient’s building and demand payment to avoid detonation. The emails threaten to detonate the bomb unless the recipient pays $20,000 in bitcoins by the end of the day.
While scams like the campaign threatening to post a video of you on a porn site can be annoying, bomb threats pose a more serious risk. Every report must be investigated by law enforcement and businesses must remove people in the vicinity during the investigation.
When scammers threaten physical harm, recipients are more likely to report life-threatening emails to law enforcement rather than quietly send some bitcoins to avoid sexual embarrassment. As a result, these types of scams have gained visibilitythe control of law enforcement and the awareness that previous forms of fraud have not succeeded.
Tax evasion extortion
Scammers claim that your computer was hacked and they found documents that indicate you are hiding taxes from the IRS or another tax authority. They are asking for money to keep these documents from being released. In addition, they threaten to infect your computer with ransomware.
DDoS extortion cases
Attackers threaten to launch a distributed denial of service attack on a personal or corporate website. They sometimes contact small website owners through web forms on their websites and launch short-term, low-volume DDoS attacks to prove they can follow through on their threats. However, these cases are rare and usually do not escalate into large-scale DDoS attacks, as carrying out multiple high-volume attacks is very expensive and attracts the attention of law enforcement.
Permanent threat of website blocking
This scam threatens to block your hosting account and domain, flood your email with spam, and ruin your reputation with negative reviews unless you pay $2,400. The attacker claims to send multiple messages to millions of website forms and email addresses using your website information. This will result in your hosting provider and domain registrar permanently banning your account and domain.
Staying safe
As scary as these emails may seem, recipients should not send payments to the scammers. If you receive emails like those described above, they are just scams and you are not under attack. Instead, extortionists target you, sending thousands, if not millions, of emails to scare you and make a quick buck. Mark these emails as spam and forget about them.
Here are some safety tips:
- Do not click on links sent by extortionists. They may claim that the link leads to sensitive information or images they have on you, but you could end up with malware installed.
- If you feel scared or threatened, go to the nearest police station for help. Never give in to the scammer’s demands.
- If you receive an unexpected or disturbing message from someone, verify their identity by contacting them directly through a trusted phone number.
- If the scammer sends you some photos, do a reverse image search to see if it appears in connection with other scams or stories online.
- Update your social media security settings to private.
- If you’re not sure if an email is a scam, copy a few lines of text and look them up online to check if they match known scams.
- Talk to your family members, especially elderly relatives and children, about the warning signs of cyber extortion. Explain what to do if scammers contact them.
