Don't Fall Victim To A Sextortion Email

This week has been a bit like a blast from the past, having seen a significant increase in what's referred to as  "Sextortion" emails.  These used to be a common form of phishing but they dwindled into obscurity which is why it is interesting to see them make a resurgence.

Sextortion are typically phishing emails sent to millions of recipients hoping that one or two will get through and cause panic or alarm with the reader.  One of the tricks they commonly use is with less secure email configurations is to spoof the email address of the recipient so they can pretend they have taken over the computer with a message like "you can see I have hacked your computer because I have sent this email from your account", which couldn't be further from the truth.

Most of the time that one of these emails gets to someone's inbox is because of their email not having the correct settings or a proper security system in place.

The emails that claim to have recorded the recipient in a compromising situation and threaten to send the video to friends, family, or colleagues unless a payment is made in Bitcoin. These messages are designed to create panic and embarrassment, pushing people to act quickly without stopping to think. In most cases, however, this is nothing more than a scare tactic and a form of phishing. The sender is bluffing, hoping fear will do the work for them.

This Is Phishing, Not Proof of a Hack

The important message for anyone who receives one of these emails is simple: do not engage, do not reply, and do not pay. Guidance from the National Cyber Security Centre says these so-called “sextortion” emails are a type of phishing attack. Criminals send them out in bulk and rely on fear, shame, and urgency to trick a small number of people into transferring cryptocurrency. They usually do not know whether the recipient has a webcam, whether they have visited any adult sites, or whether any compromising video even exists at all. They are guessing, and they are hoping the threat alone is enough to make someone pay.  If they genuinely had compromised your computer they would use either a still or a video clip proving it rather than relying on pure panic and an old password scraped from a data breach alone.  

Sometimes these emails include an old password to make the threat seem more believable. That can be alarming, but it still does not mean the sender has access to your device or your camera. In many cases, those passwords have been taken from historic data breaches and are being reused as part of the scam. If a message includes a password you still use, change it immediately and make sure multi-factor authentication is enabled on the account. Otherwise, the email itself can usually be ignored, reported as phishing, and deleted.

What to Do If You Receive One

• Do not reply to the sender.
• Do not pay the Bitcoin demand.
• Mark the message as phishing or junk and delete it.
• If it includes a password you still use, change that password immediately.
• Enable multi-factor authentication wherever possible.
• If appropriate, report suspicious emails to your IT team or security provider.

Prevention Is Better Than Panic

While these emails are typically just phishing and can usually be ignored, organisations should not rely on luck alone. A far better approach is to harden email security so that spoofed and malicious messages are less likely to reach users in the first place. That starts with proper email authentication and strong filtering controls.

• SPF (Sender Policy Framework) helps receiving mail servers verify which systems are authorised to send email on behalf of your domain.
• DKIM (DomainKeys Identified Mail) adds a digital signature to outgoing mail so recipients can confirm the message has not been altered and really came from your domain.
• DMARC (Domain-based Message Authentication, Reporting, and Conformance) builds on both SPF and DKIM by telling receiving servers what to do when a message fails those checks, while also providing reporting that helps identify abuse and misconfiguration.
• A robust email security service that provides content filtering, threat detection and prevention and protects from SPAM.

Together, these controls make it much harder for attackers to spoof your organisation’s address and use your domain in phishing campaigns.

Alongside SPF, DKIM, and DMARC, every business should use a robust anti-spam and anti-phishing filter to catch malicious messages before they reach the inbox. No single control is perfect, but layered protection greatly reduces risk. When strong technical controls are combined with staff awareness, phishing campaigns like these become far less effective.

The bottom line is this: if you receive one of these threatening Bitcoin emails, treat it as phishing unless there is genuine, specific evidence to suggest otherwise. Do not panic, do not pay, and do not let embarrassment drive your decision-making. Delete the message, secure any affected accounts, and make sure your email environment is protected with SPF, DKIM, DMARC, and a dependable anti-spam filter.

What does this mean for my business?

If you are unsure if you have measures in place or want reassurance or any help with any of the above, call us on 01722 411 999 and we will be happy to help.  As we said earlier, prevention is better than panic.