Extortion Scams: How to Avoid The Risk

Extortion scams are on the rise. As a result, more and more people are suffering emotional and financial damage.

While many people are aware of what to do or how to react when they’re the target of a blackmail email, others are still falling foul of these malicious tactics. So, what should you do if you’re the victim of attempted extortion scams, and what proactive steps can you take to minimize the risk of one affecting you? This article tells you all you need to know.

What are extortion scams and how do they work?

Extortion scams are a type of cybercrime where a person is targeted by communications that demand payment from the victim, without which there will be some consequential action.

Those actions could be the release of embarrassing or sensitive information into the public domain (which could be real or fabricated), technical disruption, malware affecting the victim’s devices, or other actions that are likely to cause fear and distress to the victim and/or the people around them.

It’s important to remember that many of the claims that are made by extortion scammers are false. While they may be able to gain some initial level of personal data to make contact in the first place, many of the threats they make around sensitive material or dire consequences are empty. Instead, they hope to scare the victim into paying the ransom fee before the stated deadline or action ever has to be used.

Online extortion examples

There are different types of extortion emails from a hacker, and they vary depending on the motivation of the cybercriminal and the amount of data about the victim they have already been able to obtain. The most common cases include:

Financial extortion emails

This can refer to any type of extortion scam where the financial affairs of the victim are involved. Hackers, for example, may claim to have gained access to the victim’s bank accounts and want a payment in exchange for not going in and emptying those accounts. Alternatively, a hacker may claim they are from the tax authorities and ask for a payment so that they don’t pursue a bogus case of tax evasion.

Sextortion emails

This is one of the most personally invasive types of money extortion scams involving threatened exposure of embarrassing or illegal activity. This can range from alleged proof that the victim has been accessing types of pornography, has been having an affair, is featured in sexually explicit material (including sex tapes with former partners), or has been recorded on their webcam. In all of these cases, hackers will demand payment or release the information they purportedly hold.

In the United Kingdom, the National Crime Agency issued a warning in April 2024 to education professionals due to a significant rise in global sextortion cases. This came after the number of global sextortion cases reported to the US National Center for Missing Exploited Children (NCMEC) more than doubled in 2023.

Romance scams

Related to the previous point, many people are still targeted by supposedly impoverished people in foreign lands looking for love and a new life. In an online dating scam, the scammer will generally ask for money as payment to help them solve a dire personal situation or to help them book transport to the victim’s home country. Once the payment has been made, the cybercriminal will disappear without a trace, and the victim will not be able to make any more contact.

Ransomware

Ransomware is a particular threat to businesses because hackers can potentially attempt to extort much larger sums of money than they would be able to from individual citizens. As part of their threats, they will suggest installing malware into the organization’s systems or staging a distributed denial of service (DDoS) attack if the ransom isn’t paid within their defined timeframe.

Symptoms of extortion scams: what to look out for

Sometimes extortion scams can be clear and assertive in their approach, but others can be more cunning and subtle. Either way, if you’re unsure whether a message you’ve received is a blackmail email, there are three main symptoms to look out for:

Urgent demands

Cybercriminals like to try to put victims under pressure because it makes them more likely to panic and make irrational decisions. Therefore, it’s common for them to set urgent, arbitrary deadlines within their extortion scams, typically asking for payments to be made within 24 to 72 hours.

Threats of violence or doxxing

For similar reasons, they will face threats of very severe consequences if payments aren’t made, or deadlines aren’t met. These will include physical or sexual violence against the victim, or ‘doxxing’ where personal data and identification details will be leaked into the public domain or to other cybercriminals.

Suggestions of payment through cryptocurrencies

Cryptocurrencies like Bitcoin are very popular among cybercriminals as it gives them extra anonymity and makes it harder for authorities to track them down. If an email suggests that the payment should be made through a cryptocurrency, then this should be treated as a major red flag that suggests malicious activity.

What should you do if targeted by Internet extortion scams?

Firstly, the most important thing is ‘don’t panic’! It’s when people become fearful of the consequences that they become more likely to do what the hacker wants them to do. Instead, we recommend taking a deep breath and doing the following:

Do not give them any money

Don’t give in to the cybercriminal’s demands. Don’t send them any money, real or crypto, and don’t send them any extra information that would allow them to seize funds themselves.

Avoid clicking on any links or continuing contact

Connected to the previous point, you should avoid replying to any messages or making any further contact. Some attacks will be random and target thousands of people, so replying will let the hacker know they have a lead they can work on. Similarly, don’t click on any links or download any attachments, such as PDFs, in the messages.

Do your own investigation work

If you’re suspicious about a message, you can do some quick and simple tests to verify whether it’s likely to be a scam or not. These can include reverse image searches on romance scams to see if pictures have been used elsewhere or pasting lines of text into a search engine to see if others have reported the same tactics being used against them.

Report online extortion to the police if you feel threatened

If you feel that your personal safety, sensitive information, or finances are at significant risk, it is important to contact local authorities and report any online extortion attempts. For example, in the UK, you can report to Action Fraud, while in Brazil, you can report to the Federal Police or use the SaferNet Brazil platform for online crimes. You may also want to alert your internet and security providers, as they may be able to provide further support.

Change all your passwords and credentials

While many cybercriminals are bluffing about the information they’ve obtained, you should take precautions in case they have got your data for real. Change all your passwords across all your devices, applications, and accounts so that any credentials they might have got hold of no longer work and ensure these are strong.

Lock down your social media profiles as private

Much of the data that cybercriminals exploit can be easily gleaned from publicly available information on victim’s social media profiles. A good way to avoid this is to set all social accounts private so only verified, trusted people can access and view your pages.

Keep trusted people aware of the situation

If you’re the target of extortion scams, you should keep family and friends aware of what’s going on. This is not only so that they can give you some support but also because the information they’ve gained about you may lead hackers to target them as well.

What can you do to minimize the risk of extortion scams?

The best way to avoid being affected by extortion scams is to be proactive and eliminate the risk at the earliest opportunity. You can do that with these top tips:

Take a zero-trust approach

The principle of Zero Trust, as used by businesses in their cybersecurity, can also be applied here. Assuming all messages are suspicious until you can verify that they’re from legitimate senders ensures you can’t be duped by realistic-looking fakes.

Set up and maintain parental controls

Children and teenagers can often be targeted by extortion scams because cybercriminals believe they’re more easily led and are more likely to share compromising information on social media. As well as educating them about the risks, parental controls on websites such as Kaspersky Safe Kids can prevent them from becoming too exposed.

Get your data removed from data brokerage sites

You may not be aware that data brokers have obtained some of your personal information and browsing history and are selling it to third parties who may or may not be malicious. Getting this data removed shuts down another way for hackers to obtain information they can use against you.

Reconsider what you share online

While you may like to share videos, images, and posts online, you may be unwittingly exposing your details to cybercriminals in the process. Only sharing content, you feel comfortable being in the public domain can help you stay safe online while still having fun.

Help friends and relatives who need security support

Some people, such as older relatives who aren’t as comfortable with technology, may be unaware of the risk of extortion scams or how to adopt security best practices. You can share the wealth of your knowledge to help keep them safe online (sharing this article is a good place to start!).

Stay up to date with extortion scams and tactics

The online world never stands still, and new tactics and extortion scams are emerging all the time. Keeping abreast of news around cybersecurity breaches and new threats through places like the Kaspersky Resource Center can help you make informed decisions,

Use security solutions with anti-extortion features

While you should have good security and anti-virus software in place anyway, there are many solutions on the market, which include functions that specifically target extortion scams and other types of blackmail emails. For example, Kaspersky Premium  includes Remote Access Detection, an Identity Protection Wallet, a Data Leak Checker, and Stalkerware Detection, all of which can ensure that would-be extortion scammers can’t get the personal data they need to launch an attack against you.

Related Articles:

• Social media and AI: is it safe?
• How to stay safe on online dating apps
• What to do if your personal privacy is breached

Related Products:

• Download Kaspersky Premium Antivirus with 30-Day Free Trial
• Parental Control - Kaspersky Safe Kids