Skip to main content
In light of recent global events, there is a heightened risk of cyber-attacks. We urge local organisations to exercise additional vigilance when monitoring IT infrastructure. Please report suspicious activity to us via our Cyber Concerns Reporting Tool.

What is a sextortion email?

Sextortion emails purport to be from a “hacker” that has compromised your computer system and found evidence of visiting pornographic websites. They threaten the recipient to pay money in exchange for not releasing webcam footage and other information to the public and contacts known to the recipient.

Why are they targeting me?

This is a scam and it is extremely unlikely that they have any information or footage. The email will often include a password that you may recognise to convince you that they have managed to gain access to your computer system. These passwords are usually taken from past data breaches and not acquired from compromising an individual account or computer system.

Sextortion campaigns are high in volume - sending thousands of emails at a time using a list of data from previous data breaches - and it is highly unlikely that you are specifically being targeted. Websites such a haveibeenpwned.com/ can help discover whether you've been a victim of a data breach.

Recommended Action

If you receive one of these emails, mark it as junk, forward it to SERS (click here for more information about SERS) and delete it.

Don’t click on links or open attachments - Malicious websites and files can install viruses and other malicious code resulting in personal data being stolen or computer systems being negatively impacted.

Never respond, even if you know it is a scam because this will only tell the scammer that your email address is active and could result in you becoming the recipient of abuse and other scam email campaigns.

If the password displayed in the email message is one you currently use, change the password on all accounts and systems that use it.

If you do not intend to use a service regularly, why not make use of the ’Guest’ option if available instead of creating a user account - less accounts means less chance of your data being breached.

If you received the email to a business email account, follow your organisation’s reporting procedures such as informing your technology department or provider.

Topics

  • Sextortion
  • Scam Alert