Modern Workplace

Cyber security basics: Identifying and stopping sextortion emails

Posted on April 26, 2022

Estimated reading time 6 minutes

IT security is more than just data protection. It’s also about protecting users’ personal lives and being informed about what threats look like and what to do about them.

In our increasingly digital world, devices have become integral to personal lives. Phones and computers store everything from important work documents to precious family memories. Unfortunately, malicious threat actors seek to exploit these devices for personal gain.

Our internal data suggests that sextortion emails — one of the ugliest types of blackmail emails — . While sextortion can be extremely menacing, you can stop scammers easily.

In this guide, we’ll break down what sextortion emails are, how they work and how to stop them so you don’t fall prey to opportunist hackers. Read on to find out more.

What is a sextortion email?

Sextortion emails are a type of blackmail email where scammers try to extort a ransom from the recipient, usually in Bitcoin or another cryptocurrency.

Threat actors claim to have control over your device and data. As a result, the scammer will allege that they have a video of you visiting adult websites or a series of compromising pictures — this is where the ‘sex’ part comes from.

Impact of sextortion emails:

Unlike the financial damage from BEC emails, sextortion emails have more personal implications.

Sextortion emails can mislead victims into thinking the attacker has live access to their display, internet viewing history and webcam or microphone. Cleverly, sextortion emails often come from a ‘spoofed’ version of the victim’s own email address, which at a glance, makes the blackmail appear more genuine. Given the nature of the claims, victims can feel intimidated. However, in reality, these elements are scare tactics meant to make you worry and overlook the tell-tale signs of the scam.

How to identify sextortion scam emails

  • ‘Spoof’ the recipient: The threat actor attempts to spoof and intimidate you by making their email look like it was delivered from your own email address.
  • Claiming access: The threat actor then claims to hold control over your devices and data using a remote desktop or keylogger.
  • Threatening the victim – The attacker will threaten to expose images, videos or data to your family or friends.
  • Ransoming their silence: The attacker will demand cryptocurrency as payment because transactions are harder to trace.
  • Creating time pressure – The threat attacker will make their demands subject to a short window of time, forcing you to panic.

How to stop sextortion emails

As a leading security solutions provider, we strongly recommend the following:

  • Do not panic: Though the email appears to be sent by you and the scammer claims to hold control over your device and data, it’s just a spam email.
  • Do not answer: The threat actor wants to trick you into responding. The best way to tackle sextortion emails is silence.
  • Do not pay: The blackmail email is meant to scare you into paying so it’s vital to part with your money. The attacker demands bitcoins or other cryptocurrencies to avoid tracking. Paying won’t help you find the scammer and signals that you’re vulnerable to further exploitation.

What does an example sextortion email look like?

Here are some indicators of this type of blackmail email:

The address bar

‘From’ and ‘To’ addresses are the same (e.g. a spoofed sender name that is the same as the recipient, making it look like the account has been compromised)

The subject line

A direct and intimidating title, like “I have full control of your device”, “Do You Do Any of These Embarrassing Things?”,  etc.

The message body

Common phrases used in sextortion emails include:

  • “I am sorry to inform you but your device was hacked.”
  • “I have used a Zero Click vulnerability with a special code to hack your device through a website.”
  • “You only had to visit a website to be infected, and unfortunately for you it’s that simple for me.”
  • “You were not targeted, but just became one of the many unlucky people who got hacked through that webpage.”
  • “All of this happened [some time ago], so I’ve had enough time to collect the information.”
  • “To be clear, my software controlled your camera and microphone as well.”
  • “I believe, [an amount of money] is a fair price for our little secret. You’ll make the payment via Bitcoin to the below address (if you don’t know this, search “how to buy bitcoin” on Google).”
  • “BTC Address: 1Dvd7xxxxxBTbAcfTrxxxxxxxf4tsT8V72. It is cAsE sensitive, so copy and paste it.”
  • “You have 24 hours in order to make the payment. I have a unique pixel within this email message, and right now I know that you have read this email.”
  • “This is a non-negotiable offer, so don’t waste my time and yours by replying to this email.”

Is my account safe?

You may have common questions like, ‘how did the scammer get my password?’ and ‘how do I know if my account is safe?’

The scammer may mention your password in their email. In this instance, it’s likely that your password was part of a major data breach from another website and the threat actor is simply spamming many other accounts in the hopes that someone responds.

If the password mentioned is still correct, you only need to change it to re-secure your account. Also, remember to check your recent sent items to ensure no additional unknown emails were sent.

Next, report the email to your security team or external partner without responding to the original sender.

How Atech can prevent blackmail emails

Atech is a leading cloud services and Microsoft enterprise solutions provider.

With 9 Microsoft Gold Partner accreditations — including a flagship Gold Partnership in Security — we have expert scalable solutions available to revolutionise your workplace. We’ve migrated or refactored over 10,000 servers in Azure, meaning we’re well versed in a range of Microsoft technologies.

We offer a tailored suite of services to help transform your organisation, secure your data and protect your users from blackmail attempts. You can access modern tools to automatically block spam, phishing, and spoofed emails, preventing malicious emails from entering your environment.

Get in touch to speak to one of our experts to learn more, and see where cloud technologies can take your business today.

Atech Team Sitaram Chakilam
Sitaram Chakilam SOC Analyst

Sitaram Chakilam is at the post of SOC Analyst at Atech. He has an expertise on email security, endpoint security and identity protection. Sitaram has achieved various Microsoft security certifications such as; AZ900, SC900, SC200 and MS500.

How can we help?

As Microsoft accredited cloud service providers we’ve got the tools and talent to put the incredible potential of cloud technology at the heart of your operation.

Fill in the form to speak to one of our cloud consultants about your cloud project. Let’s get the conversation started.


    First name
    Last name