Online extortion scams, when scammers make threats and demands to get your money, are becoming more frequent. In 2023, the FBI recorded more than 48,000 extortion victims—a 22% jump from the prior year—ranking it as the fourth most frequent online crime.
Scammers are constantly coming up with new extortion tactics. While early extortion emails were often written in poor English with many grammar mistakes, scammers now use artificial intelligence to correct language errors and make their messages more persuasive.
Even though these scams are becoming more sophisticated, there are still warning signs you can notice that distinguish mass emails that will not follow through on threats from targeted attacks:
- The message is filled with threats and ultimatums, using high-pressure tactics.
- You are given a short amount of time to comply with their demands.
- They frequently request payment through bitcoin or other cryptocurrencies.
In addition to email scams, reports indicate a growing number of phone-based threats and extortion scams. Call-based scams often involve threats from someone impersonating a government official, such as a police officer, a Social Security Administration or Internal Revenue Service employee. The scammer might threaten you with arrest, deportation or imprisonment for unpaid taxes, visa issues or a mail package allegedly containing illegal material. They often leave an “urgent” voicemail message, demanding that you call back immediately.
Despite the rise in call-based scams, email scams remain more common. When sextortion email scams first appeared, they were highly profitable, with scammers making up to $50,000 in a single week, according to BleepingComputer. These scams were discreet, capitalizing on the fear of embarrassment, and at the time, they were not widely recognized.
Here are more details about the different types of extortion scams.
Sextortion
Sextortion Type 1
The most common online extortion scam is sextortion. Among the various sextortion scams, one of the most prevalent involves an email in which the attacker claims to have stolen the your password using malware supposedly installed on an adult website they visited. The scammer claims they recorded the recipient via their webcam while watching videos and demands around $3,000 in bitcoin to keep the video secret. If the payment is not made within a day, the scammer threatens to share the video with all the victim’s contacts. Remember, this is a hoax; no malware or video exists. Recipients of such emails should change compromised passwords and avoid paying the ransom. To check for stolen passwords, use services like Have I Been Pwned and file a complaint with law enforcement.
Sextortion Type 2
Scammers send an email claiming to be from the CIA or police, stating that the recipient is under investigation for accessing illegal websites. The scammer pretends to be an officer who offers a deal: the victim will pay him personally $2,000 (in some cases $10,000) in bitcoin, and he will remove the recipient’s details from a criminal case to avoid arrest. The email includes threats of legal action and exposure unless a payment is made.
Sextortion Type 3
The scammer claims to have hacked the victim’s computer and says they know all their passwords and daily activities. To increase the pressure and seem credible, the scammer includes the most popular passwords found on various lists across the internet. Many people recognize their own passwords. The email threatens to expose the recipient’s sexual secrets unless $4,000 in bitcoin is paid. During the pandemic, scammers would also threaten to infect the recipient’s family with COVID-19 and reveal more secrets if the payment is not made.
Sextortion Type 4
Another sextortion scam impersonates the adult site YouPorn, claiming that someone has uploaded a sexually explicit video of the recipient to its network. The scam email, supposedly from [email protected], warns that the video will be published in seven days unless removal is requested. It includes a link for free video removal; however, it redirects to the YouPorn home page. The email also offers paid removal services ranging from $199 to $1,399, with various tiers of protection, including digital fingerprinting and facial recognition.
Sextortion Type 5
A new extortion email campaign claims that the sender had intercourse with you a long time ago and secretly recorded it. The message says that unless the victim wants their sex tape sent to all of their contacts, they need to pay $1,500.
Killer Hired To Target You
The sender claims to own a dark web site that offers various services for a fee. The email further states that someone used the website to hire a killer to go after the recipient. The sender threatens to send a hitman unless the recipient pays $4,000. The scammer offers to cancel the contract if the payment is made.
Extortion Via Bomb Scares
The scammers claim to have planted a bomb in the recipient’s building and demand payment to avoid detonation. The emails threaten to detonate the bomb unless the recipient pays $20,000 in bitcoin by the end of the day.
While scams like sextortion threatening to publish a video of you on a porn site can be embarrassing, bomb threats pose a graver danger. Every report must be investigated by law enforcement, and businesses must evacuate people nearby during the investigation.
When scammers threaten physical harm, recipients are more likely to report life-threatening emails to law enforcement instead of quietly sending some bitcoin to avoid sexual embarrassment. As a result, these types of scams have gained visibility, the scrutiny of law enforcement and an awareness that previous types of scams did not achieve.
Tax Evasion Blackmail
Scammers claim that your computer was hacked and they found documents indicating you are hiding taxes from the IRS or another tax authority. They demand money to keep these documents from being released. In addition, they threaten to infect your computer with ransomware.
DDoS Extortion Cases
Attackers threaten to launch a distributed denial of service attack on a personal or company website. They sometimes contact small website owners through web forms on their sites and initiate short-term, low-volume DDoS attacks to prove they can follow through on their threats. However, these cases are rare and usually do not escalate into large-scale DDoS attacks, as launching multiple high-volume attacks is very expensive and attracts law enforcement attention.
Website Permanent Blocking Threat
This scam threatens to block your hosting account and domain, flood your email with spam and ruin your reputation with negative reviews unless you pay $2,400. The attacker claims they will send numerous messages to millions of website forms and email addresses using your website details. This will cause your hosting provider and domain registrar to block your account and domain permanently.
Staying Safe
As scary as these emails may seem, recipients should not send any payments to the scammers. If you receive emails like the ones described above, they are just scams, and you are not being attacked. Instead, extortionists are targeting you, sending thousands, if not millions, of emails to scare you and make quick money. Mark these emails as spam and forget about them.
Here are some safety tips:
- Do not click any links sent by extortionists. They may claim the link leads to sensitive information or images they have on you, but you could end up with malware installed.
- If you feel scared or threatened, go to the nearest police station for help. Never give in to the scammer’s demands.
- If you receive an unexpected or alarming message from someone, verify their identity by contacting them directly through a trusted phone number.
- If the scammer sends you some photos, do a reverse image search to check if it appears in connection with other scams or stories online.
- Update your social media security settings to private.
- If you are uncertain whether an email is a scam, copy a few lines of the text and search them online to check if they match known scams.
- Talk to your family members, especially elderly relatives and children, about the warning signs of cyber extortion. Explain what actions to take if scammers contact them.