Extortion emails a go-go

Don’t believe everything you read.

Extortion emails a go-go

Recent months seem to have seen a rise in extortion emails, designed to scare users into handing over their money.

Last month, the folks at the My Online Security website warned of a sextortion email campaign that pretended to be from the CIA.

Fake cia extortion email

Sign up to our free newsletter.
Security news, advice, and tips.

The email claimed that your name, and personal details (including home, work and relatives’ details), had cropped up as part of an investigation into an international child abuse ring.

According to the email, the CIA knew that you had distributed and stored child abuse material, along with 2,000 others.

But never fear! Because a CIA operative working on the case has sent you this email, saying that he knows you’re good for a few quid and that for the knock down price of just $10,000 in Bitcoin he’ll remove our details!

Obviously delete the scary emails as they are nonsense: don’t respond to them, don’t pay. And ask yourself is it really likely someone from the CIA would contact you like this? (And would it be the CIA investigating such a case anyway? Somehow I don’t think so…)

But if that scheme didn’t fool you, maybe another one will.

Bleeping Computer warned of another extortion email earlier this month.

Here’s how the email began:


We Hacked network.
We Caught Communications.
We send this mail to you in YOUR account.

After analyzing documents. We found Illegal activity – HIDING TAXES.

That we want?

I want two (2) Bitcoin
To wallet Bitcoin.

That we do if you don’t pay bitcoin?

We send these Documents and roofs to your Tax Department.

You may like the idea that someone else is backing up your data for you (saves you a job, right?), but it’s not so good to hear that they have snooped through your files, and determined that your company has been cheating the taxman.

The email goes on to demand that two bitcoins are paid (currently about $10,000). If you aren’t prepared to pay? The alleged hackers say they will send the incriminating information they uncovered to the authorities, lock computers, DDoS your network, and install the WannaCry ransomware for good measure. And they’ll increase the ransom demand every day!


It’s enough to give you the jeebies… but again, it’s utter nonsense. They haven’t hacked your computers, they’re just trying it on.

The good news is that I expect most firms wouldn’t be scared into coughing up that kind of cash, and if they took the threat seriously at all would go straight to the police instead.

It’s easy for anybody with an internet account to send you an email claiming that they have done something, or found out some incriminating information about you. It’s even trivial (because of the way the internet works) for the extortionist to forge their email address so it might appear as if it comes from a law enforcement agency or even your own email account.

Don’t believe everything you read.

Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

One comment on “Extortion emails a go-go”

  1. Matt Parkes

    Our company is having a speight of sextortion emails at the moment where the extortionists claim they have caught the user doing naughty things on their web cam while visiting porn sites. Funny thing is, we block adult sites and no one has web cams on desktops, despite this we still have users checking in with me to check. The other element to this is that the bad guys are spoofing the recipients company email address so to our mail proxy the sender is the same as the recipient, it's only when you look at the headers that you can see it was sent by another address completely which is why it gets through SPF, so the next question we get asked is, if a business contact gets this type of email supposedly from our user, doesn't this make us look bad because even if the recipient is savvy enough to know this is a ridiculous spam email, they could think that our email system has been compromised. All I can say is that this is a common occurrence today and that if you do get contacts asking then assure them there has been no breach of our system, what I usually find is their business email has been found in a breach file processed by Troy Hunt's HaveIBeenPwned service.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.