What are Extortion Emails?

What are Extortion Emails?

Aimed at:  Everyone

What are extortion emails?

An extortion email is an attempt by an attacker to force you into performing an action, such as transferring money to them. It is designed to make you react rashly in a panic, due to the embarrassing or uncomfortable content of the email, however in virtually all cases it is an empty threat.

How can you recognise an extortion email?

In the email the attacker will often claim that they’ve taken over control of your computer without your knowledge, that they’ve been monitoring your activities for some time and have gathered material that you may find embarrassing or sensitive, for example webcam recordings and browser histories. The attacker then threatens to release or misuse the material, unless you comply with their demands e.g. for payment. To make their email seem authentic, the attacker may offer "proof", such as stating that they sent the email to you from your own account (the From: address is your own email address) or including one of your actual passwords in the email. Notably the "proof" never seems to include any samples of the material that they claim to be in possession of.

How did the attacker send the email from my account?

They almost certainly did not. The original standards for email date back to 1982 and some of the design choices would never be repeated today. In particular, it is possible for the sender of an email to put anything they like as the ‘From:’ address, even if the address doesn’t actually belong to them. While it is possible that they may have gained access to your email account, it’s more likely that they’ve simply forged the sending address of the email.

How did the attacker get hold of my password?

Assuming that you recognise the password as being one that you have used yourself, there are several ways that it may have ended up in the hands of the attacker. None of these necessarily implies that the person sending you the extortion email has taken over control of your computer.

It’s an unfortunate reality of life on the internet that online services and websites will be breached from time to time, or that people will fall victim to phishing attempts. If either of these events happens, even the strongest passwords are exposed to an attacker.

  • Perhaps it was a common password such as "Passw0rd" or "letmein" etc. and the attacker got lucky when they paired it with your email address.
  • The password may have been used with an online service or website that had subsequently been breached, leading to the contents of their account database being exposed. The attacker took the email address and password from the breach and used it to personalise the extortion email.
  • The device that the password was entered on had previously been compromised by an attacker and malicious software ("malware") was installed on it, which captured the password when it was entered and transmitted it to the attacker. Usernames and passwords gathered in this manner may be reused by the same attacker e.g. for sending out emails like this one, or may be traded or sold to other cyber criminals for their use.
  • The password was accidentally revealed to the attacker by entering it into a fraudulent website, which masquerades as a legitimate one – a phishing website. These sites pretend to be either commonly-used services such as Google, Microsoft, Amazon, etc. or the organisation that the victim works for or has an association with. Usernames and passwords gathered in this manner may be reused by the same attacker e.g. for sending out emails like this one, or may be traded or sold to other cyber criminals for their use.

What should I do if I receive an extortion email?

  • Do not respond to the attacker or follow their instructions. Seek assistance from a trusted source if you need to.
  • If there are any other online services or websites that use this password, you must login to them and change the password immediately. Once an attacker discovers a valid username and password combination, they will try using it at a number of popular online services and websites to see if they can access those accounts as well.
  • To limit the damage that an attacker can do with a compromised password, every account on every separate online service or website should have its own unique password. Remembering unique, strong passwords for the many accounts that a person might have is impractical, but this is where Password Manager applications can help. See https://ask.napier.ac.uk/article.php?id=241 for further information. 
  • Ensure that all your devices have reputable anti-malware software installed and that it is both operational and fully up-to-date.
  • If you have any other questions or are worried about any other suspect emails, contact the IS Service Desk.


There are no attachments for this article.
Related Articles RSS Feed
Can I use the Tor anonymity network on the University network?
Viewed 16037 times since Fri, May 26, 2017
How do I avoid ransomware?
Viewed 20132 times since Wed, Apr 13, 2016
What is a phishing email?
Viewed 37347 times since Fri, Mar 11, 2016
What should I do if my computer has received ransomware?
Viewed 19548 times since Wed, Apr 13, 2016
What is Ransomware?
Viewed 26823 times since Wed, Apr 13, 2016
What is a virus hoax?
Viewed 19582 times since Tue, Apr 12, 2016
I have a New University owned Device – What must I do to secure it?
Viewed 207 times since Thu, Jan 23, 2020
How do I change DNS settings on Windows 10?
Viewed 5379 times since Wed, Jan 30, 2019
How do I report suspicious email via Office 365 Outlook?
Viewed 1455 times since Mon, Sep 23, 2019
What is legacy authentication?
Viewed 317 times since Mon, Oct 5, 2020