By Martin Edwards
The essence of the extortion scam is that you receive an email from
a stranger who claims to have gathered potentially embarrassing material about you by hacking
your computer, such as:
- Video recorded secretly via your webcam.
- Knowledge of websites you’ve visited.
They threaten to publish the material to your family, friends or colleagues if you don’t make a
The sender almost certainly does not have this material. Indeed, such material almost certainly
does not exist. You can safely ignore or delete the message.
One tactic employed by these scammers is to include real information about you in the email,
like your name, job title, place of work, or a password you really do
use—or have used in the past. For example:
“Dear [name], I know that your password is [password], and I’m sure you don’t want your
colleagues at [company] to find out [whatever…]”
They might do this by combining information leaked in historic
data breaches with information that’s publicly available anyway. But
the inclusion of real information about you in an unsolicited email should not make it more
believable. You are not being personally targeted, and thousands of other people will have
received an identical scam message—but with their password or whatever. You can ignore or
delete the message.
That said, this highlights the importance of using different passwords for different services.
And if you receive an email that mentions a password you’re currently using, you need to change