Extortion scams

The essence of the extortion scam is that you receive an email from a stranger who claims to have gathered potentially embarrassing material about you by hacking your computer, such as:

They threaten to publish the material to your family, friends or colleagues if you don’t make a payment.

The sender almost certainly does not have this material. Indeed, such material almost certainly does not exist. You can safely ignore or delete the message.

Scare tactics

One tactic employed by these scammers is to include real information about you in the email, like your name, job title, place of work, or a password you really do use—or have used in the past. For example:

“Dear [name], I know that your password is [password], and I’m sure you don’t want your colleagues at [company] to find out [whatever…]”

They might do this by combining information leaked in historic data breaches with information that’s publicly available anyway. But the inclusion of real information about you in an unsolicited email should not make it more believable. You are not being personally targeted, and thousands of other people will have received an identical scam message—but with their password or whatever. You can ignore or delete the message.

That said, this highlights the importance of using different passwords for different services. And if you receive an email that mentions a password you’re currently using, you need to change it!