Call us on: 02920 887 362
Insights /

How to deal with Sextortion: Cyber Security Email Advice

How to deal with Sextortion

 

How to deal with Sextortion

What is Sextortion?

Online Sextortion is where non-physical forms of intimidation are displayed to steal money from the victim. Using the threat of releasing sensitive imagery, audio or video they have of the victim to scare enough, the victim pays the demanded fees.

Although it’s not an entirely new term, varying degrees of Sextortion have existed since before the internet’s birth. In these instances, local news has reported issues of criminals, who refer to themselves as the apt hacking group, blackmailing individuals using private and sensitive information. It places these cases somewhere between sexual exploitation and sexual blackmail.

Sextortion Email

Sextortion emails, also known as an sexploitation email, fake emails are one of the most popular ways of sextortion, and in 2024, this is still the case.

“I got an email saying I was hacked and recorded”

The email will likely contain poorly worded English, demanding the victim to pay a large sum of money to protect the content from being shared and distributed. A threatening email asking for bitcoin is often sent as part of the sextortion scam. 

Within the email, it is very common for the cybercriminal to give you an hourly countdown, making this play on your mind and worry you, enhancing your chances of paying the fee.

Cybercriminals often mention you’re defenceless and contacting the police will do more harm than good, as the email from the hackers claim they have an inappropriate video of you they will send to your friends and family. Sextortion emails often contain there is no way the police can help you and they cannot be tracked.

“The police cannot help you. I am an professional hacker from the apt hacking group” to try and instill fear.

An Example of a Sextortion Email

Here’s an example of a Sextortion email or Sexploitation email. They are not all the same, but this real-life example gives you a heads-up on the content you may have received.

Sextortion Email Example

 

Sextortion Email Example

There are other examples of sextortion emails that often state, “I regret to inform you about some sad news for you. Approximately a month or two ago, I have succeeded to gain a total access to all your devices utilized for browsing the internet. Moving forward, I have started observing your internet activities on a continuous basis.”

Another example of a real Sextortion Email from Which?

https://www.youtube.com/watch?v=vJgyAf_gXBg&ab_channel=Which%3F
Another example of a real Sextortion Email

How to deal with Sextortion?

To deal with Sextortion, you must start by avoiding clicking links and sharing details. Then, block and report the email address.

These emails often have no truth to them. We recommend checking out quick ways to detect if an email is fake. Hopefully, it is clear that this email is a sextortion scam, and the information on the email is entirely made up. 

Similar to other phishing attacks, we advise against engaging with the perpetrator. If you receive a suspicious email, please forward it to the NCSC’s Suspicious Email Reporting Service (SERS) at report@phishing.gov.uk, then delete the email.

Should I Ignore Sextortion?

Yes, first of all, delete the email straight away. You can block the email through your Inbox tool, but no matter what, delete the email and do not respond.

How Long Does Sextortion Last?

Sextortion can last for days, weeks or even months. The length of sextortion varies, and scammers usually put time restraints on the email to make your panic and pay, as soon as possible.

In our example email, the cybercriminal threatened to take act within 30 hours. However, they added the option to increase the time required. Very kind of them, right?

We’ve heard of sexploitation emails going on for days, even weeks. So, we recommend blocking and deleting emails as soon as possible and ignoring them.

Should I Be Worried About a Sextortion Email?

No, you should not be worried about a sextortion email. They have no truth in them 99.9% of the time.

It can be worrying when you first receive a sextortion email, but please follow the appropriate steps to ignore them, and do not send money or bitcoin to the ‘professional hackers’.

However, there may be personal circumstances where sextortion can be real.

Suppose you have previously interacted with an individual on a personal level. They could have sensitive information involving you – it’s essential to consider whether the criminal is someone you have a history with.

Check the sender and see if you recognise the email address. Double-check to see if you have emailed their address before or interacted with them in any way.

In most cases, the cybercriminal is extremely unlikely to have any dangerous information about you if you do not recognise the sender.

What if the Sextortion email includes lots of correct information?

If the email includes a lot of correct information, this may be due to a data breach, social engineering or purchased data. If the email displays a worrying amount of information and sparks fear, here are some reassuring facts:

Sextortion Email Includes Old or Current Password

If the sextortion email contains an old password and no action has been taken, the hacker cannot get into anything valuable. It may seem scary, but most passwords are taken from data breaches. An old password from a data breach demonstrates that the password hasn’t been stolen directly from you and is invalid. We recommend creating a password with a minimum of 12 characters, including uppercase and lowercase letters, symbols and numbers. Make sure the password is something other than your dogs name, as pet names are extremely common in passwords. Cybercriminals can utilise social engineering to gain access to more information.

Sextortion Email Includes Phone Number

If the sextortion email includes your phone number, this is likely due to a data breach resulting in sold data or through social engineering. Like how hackers find out email addresses and phone numbers are taken from exposed data breaches. Often, these are paired up with data from the email address, as you would have entered this data into a website previously involved in a data breach. It is not uncommon for data to be revealed, with companies like Facebook still experiencing breaches as of 2021. 

Your data may have also been involved in a breach many years ago. It’s common for people to keep their phone numbers the same, so Adobe in 2013 and Yahoo in the same year may be responsible for your phone number being publicly available. Unfortunately, there’s not much you can do about it other than swapping to a new number, and this can be a pain, especially for the new number to become part of a data breach again.

Is the email from my email address?

If the email is from your email address, this is due to manipulating the name in the ‘from:’ field. Whilst this can look scary, it means nothing. Hackers can manipulate the name in the ‘from:’ field, making the sextortion email look scarier. So, if the sextortion email seems like it comes from you, do not panic. This is a typical manipulation for cybercriminals.

Could a random person record my webcam?

There is a possibility that a random person can record your webcam, yes. Your webcam may be accessed remotely, but only if you allow a malicious site to unload the malware onto your computer.

A type of malware called Remote Access Trojans allows the hacker to turn on a webcam remotely.

Simple steps like having the Webroot Chrome extension can keep malicious sites at bay, as well as routinely updating your password, so any information hacker does have are useless.

However, this is usually just another way for cybercriminals to exploit you and play into your emotions. It’s a tactic used to spark fear, as there’s always that doubt in people’s minds. More often than not, it’s unlikely to be true unless there is malware on your computer.

We recommend running anti-virus software on your computer if you are worried about malware.

Conclusion

Try not to panic if a potential Sextortion scam email or sexploitation email enters your inbox. Follow the steps outlined in this blog as a priority. If an email arrives with sensitive information in your inbox, approach cautiously.

Once again, similar to other phishing attacks, we advise against engaging with the perpetrator. If you receive a suspicious email, please forward it to the NCSC’s Suspicious Email Reporting Service (SERS) at report@phishing.gov.uk, then delete the email.

 

If a business is receiving these emails, we recommend checking out our advanced email protection software. Using the software and our experts, we can help filter these emails to stop putting your staff at risk.

 

If you have any concerns, contact your IT supplier, and if the sender is linked to you, the authorities should be alerted.

Excellence IT is a cyber security-first Managed Service Provider (MSP) based outside Cardiff, UK. With over 20 years of experience, it has helped transform hundreds of businesses.

Secure IT Icon

 

Secure IT – Our cyber security training platform offers affordable and interactive courses.

Sextortion is a form of cybercrime where attackers threaten to share private or sensitive material unless a ransom is paid. For businesses, it can lead to financial loss, damage to reputation, and legal issues.

Employees should receive training on recognising phishing and scam emails, the importance of using strong passwords, and maintaining digital privacy and security. Our Cyber Security Training Platform, Secure IT, is the perfect solution at only £2 per user per month.

Regular training sessions, security briefings, and encouraging open discussions about cyber threats can help foster a culture where cyber security is everyone’s responsibility.

Yes, 2FA adds an extra layer of security, making it harder for attackers to access your accounts and sensitive information even if they have your password.

Cyber security services can provide robust email filtering, threat detection, employee training, and incident response planning to help safeguard your business against sextortion and other cyber threats. Contact our cyber security experts today.

Do not respond or pay any ransom. Disconnect your device from the internet, run a security scan, change your passwords, and report the incident to your IT department or a cyber security expert.

Calum Edwards

As the Digital Marketing Lead at Excellence IT, I write content, create guides, and infographics on IT Support, Cyber Security, and Artificial Intelligence (AI) for business.

You might also be interested in:

All you need to know about Employee Ownership Trust (EOT)

Discover the benefits of working with Excellence IT as a newly transitioned Employee Ownership Trust (EOT). Learn how our unique structure enhances service quality, local expertise, and long-term stability.

Windows 10 Support Ends October 2025: Start Planning Now

Prepare for Windows 10 end of support in October 2025! Learn why upgrading is crucial for cyber security and how we can help ensure a smooth transition.

OneDrive vs Google Drive – What’s best for your business?

OneDrive and Google Drive are both popular cloud storage services, but each has its own strengths and weaknesses. Choosing the right online storage model is important for sustained success and optimal productivity.