Action Fraud and Cyber Protect Officers have received reports about sextortion phishing emails in Derbyshire and Nationally. They are similar to the example below.
Sextortion scams are a type of phishing attack whereby people are coerced to pay a BitCoin ransom because they have been threatened with sharing video of themselves visiting adult websites. These scams are made to appear all the more credible because they provide seemingly plausible technical details about how this was achieved, and the phish can sometimes also include the individual’s password.
Phishes are designed to play on people’s emotions so that they will behave in a way which is out of character, and scams such as this are no different. The phisher is gambling that enough people will respond so that their scam is profitable; they do not know if you have a webcam, have been visiting adult websites, or the means by which you communicate with people – in short, they are guessing. The phisher hopes to emotionally trigger people so that they will ‘take the bait’ and pay the ransom.
– As with other phishes, the advice is not to engage with the phisher, delete the email and report to: https://www.actionfraud.police.uk/report-phishing.
– Do not be tempted to pay the BitCoin ransom, doing so will likely encourage more scams as the phisher will know they have a ‘willing’ customer.
– Do not worry if the phish includes your password; in all likelihood this has been obtained from old data breaches. You can check if your account has been compromised and get future notifications by visiting: https://haveibeenpwned.com/
– If the phish does include a password you are still using then change it immediately, advice on passwords and how to enable other factors of authentication here: https://www.cyberaware.gov.uk/passwords
– If you have been a victim of a sextortion scam and have paid the BitCoin ransom, then report it to your local police force by calling 101.