What To Do If a Phishing Email Tries to Blackmail You

In Knowledge Base Blog by ShawnLeave a Comment

It’s an email to make your heart sink.

“I’ve hacked {your webcam, your email, your device} and filmed you. Send $795 in Bitcoin to the following address … or I will share this footage with everyone in your contacts list.”

This message will raise the hairs on your neck. What if you have done something to put yourself in a compromising position? Here’s what to do if a message ever lands in your inbox.

How To Respond To Webcam Blackmail

Millions of phishing emails hit inboxes every day. Your spam filter should catch the majority, but sometimes one can slip through the net. It takes just one terrified email recipient to pay for the scammer to profit.

Reports of “webcam blackmail”  have increased in recent months as scammers try more personal tactics. While it’s safe to ignore such emails, you might want assurances that the threat is not real.

The first action to take is to copy/paste a section of the email into a search engine. Fake scams typically appear in forum discussions. One search, then you can rest a little easier knowing others have received the exact same bogus threat.

Personalizing the Attack

Impersonal emails lack impact, meaning spam messages are rarely successful. However, blackmailers are using more sophisticated tactics to personalize phishing emails and make them more believable. Here’s how:

Email spoofing

Few email providers can authenticate the “From” and “Reply to” fields in an email, so spammers use these fields to add an address they think will make you believe the message is real - and any familiar information can do the trick.

You can set up a service called DMARC to check the authenticity of a domain or try typing the address into this online tool if you suspect a message is fake.

Sensitive information

A password - or just part of a phone number - is a second way to make an email look authentic. Scammers often add this detail to push you into just enough of a state of panic that you consider making the payment.

Fraudsters obtain these details from security breaches: such as the Yahoo hack that revealed the personal information of 3 billion users in 2017. Hacks happen more often than you might think, so it is always possible your personal data can be used.

How To Check Your Data is Secure

If you’re concerned your data was hacked, type your email address into Have I Been Pwned?. This is a database of all accounts that have been compromised through major security breaches, listing some 5.7 million accounts from 339 separate websites.

If you find out your data was compromised - change your password on all sites that suffered a security breach. Moreover, if you use the same password on other sites, update your information there as well.

For added peace of mind, test your password security using Dashlane: an online tool that tells you how long it would take to crack your password. Just bear in mind, if you’ve already been hacked in a separate security breach, your password is useless no matter the result.

How To Report a Scam

You’ll likely receive so many scam emails that you choose not to report most of them. However, major websites like PayPal, Apple, and others, offer you an email address to which you can quickly forward suspect messages. Doing so helps others avoid falling suspect to fraudulent messages.

If you lose money through extortion or blackmail, you can report it as a crime. You’ll need to contact your local law enforcement agency for the appropriate advice.

The most effective way to deal with phishing emails is to delete them on sight.

  • Do not open them
  • Do not reply to them
  • Do not click any links
  • Do not open any attachments

Never enter personal information if you’re redirected to a form - and under no circumstances should you send money.

Hidden Threats of a Scam

Other risks to be aware of are single-pixel images known as beacons: the email can use these to alert the attacker that your email is a working address. While Gmail pre-fetches images to avoid sending the alert - not all email providers offer the same protection.

There’s also the risk of spam email downloading malware onto your device. It’s imperative you keep your antivirus software and operating system up-to-date so that your computer can detect if this happens. As recently as 2017, WannaCry ransomware caused global chaos by infecting over 230,000 computers. Robust security is your only protection against such risks.

Keep Calm, Carry On

If you receive a phishing email or blackmail attempt, the most important action to remember is: do not panic.

Thousands of people receive the same message every day. Just delete the email and move on  - and if you still have concerns, give us a call.