What is a ‘sextortion’ email?

Sextortion scams are a type of phishing attack whereby people are coerced to pay a BitCoin ransom because they have been threatened with sharing video of themselves visiting adult websites. These scams are made to appear all the more credible because they provide seemingly plausible technical details about how this was achieved, and the phish can sometimes also include the individual’s password.

Phishing emails are designed to play on people’s emotions so that they will behave in a way which is out of character, and scams such as sextortion is no different. The phisher is gambling that enough people will respond so that their scam is profitable; they do not know if you have a webcam, have been visiting adult websites, or the means by which you communicate with people – in short, they are guessing. The phisher hopes to emotionally trigger people so that they will ‘take the bait’ and pay the ransom – a typical modus operandi.

The most basic form of Sextortion email seen:

The following is a real-world example of a sextortion email received by an intended victim:

Did the basic sextortion email make any profit for the cyber criminal?

In a word, no. From the above email, a check on the associated bitcoin wallet shows there were no transactions, and no bitcoin sent to the cyber criminal:

So, although the basic phishing email isn’t very successful, cyber criminals don’t usually give up that easily!

A more sophisticated version using email address and password to add legitimacy:

Hello! I have very bad news for you.

–/–/20– [todays date] – on this day I hacked your OS and got full access to your account
email@address.com.  On this day your account email@address.com has the password: Password123

So, you can change the password, yes.. But my malware intercepts it every time. How I made it? In the software of the router, through which you went online, was a vulnerability. I just hacked this router and placed my malicious code on it. When you went online, my Trojan was installed on the OS of your device.

After that, I made a full dump of your disk (I have all your address book, history of viewing sites, all files, phone numbers and addresses of all your contacts). A month ago, I wanted to lock your device and ask for a not big amount of btc to unlock. But I looked at the sites that you regularly visit, and I was shocked by what I saw!!! I’m talk you about sites for adults. I want to say – you are a BIG pervert. Your fantasy is shifted far away from the normal course!

And I got an idea…. I made a screenshot of the adult sites where you have fun(do you understand what it is about, huh?). After that, I made a screenshot of your joys (using the camera of your device) and glued them together. Turned out amazing! You are so spectacular!

I’m know that you would not like to show these screenshots to your friends, relatives or colleagues. I think $715 is a very, very small amount for my silence. Besides, I have been spying on you for so long, having spent a lot of time!


You do not know how to use bitcoins? Enter a query in any search engine: “how to replenish btc wallet”. It’s extremely easy

For this payment I give you two days (48 hours). As soon as this letter is opened, the timer will work. After payment, my virus and dirty screenshots with your enjoys will be self-destruct automatically. If I do not receive from you the specified amount, then your device will be locked, and all your contacts will receive a screenshots with your “enjoys”.

I hope you understand your situation.
– Do not try to find and destroy my virus! (All your data, files and screenshots is already uploaded to a remote server)
– Do not try to contact me (you yourself will see that this is impossible, the sender address is automatically generated)
– Various security services will not help you; formatting a disk or destroying a device will not help, since your data is already on a remote server.

P.S. You are not my single victim. so, I guarantee you that I will not disturb you again after payment!  This is the word of honor hacker

I also ask you to regularly update your antiviruses in the future. This way you will no longer fall into a similar situation.

Do no hold evil! I just do my job!

Good luck.

Did the more sophisticated email make the cyber criminal money

Unfortunately, this time, it would appear the added ‘legitimacy’ of the email including a plausible exposure of a password has worked. A check of the associated bitcoin wallet shows 31 transactions in total, netting a total of 4.59627029 bitcoins, or if we use the value of bitcoin on the day of sending the email, the equivalent of £19,730 (~ $24,000). 

What can you do if you receive an email like this?

Treat this kind of email like any other phishing email – don’t respond to it, just delete it. You can report the email to Action Fraud, who will compile all the reports from around the country and potentially take action against the criminals.

  • Don’t pay the bitcoin ransom! Doing so will only encourage more scams in the future. You may find you get more phishing emails as a result, because the attacker knows you are a ‘willing’ customer to their crime!
  • If the email includes a valid password (as in the above example) – don’t panic! It is most likely to have come from a historic data breach, and not directly from a ‘hack’ of your system. You can check if your email address or password have been included in a data breach by visiting HaveIBeenPwned.com (don’t worry, it’s a legitimate website built by a respected security professional, and endorsed by the National Cyber Security Centre).
  • If the password used in the phishing email is a valid one, change it immediately wherever you have used it! Best practice for password use is to use a different password for each and every website or account you use, so if one password is compromised, other online accounts are still safe. This helps prevent attacks such as “credential Stuffing”, where an attacker uses a list of username and passwords stolen from one website to try and log into another! (you can get more advice on passwords by visiting CyberAware.gov.uk).
  • If you are reading this but have, unfortunately, paid bitcoin to a criminal in response to an email like this, report it to your local police force. This is a fraud/extortion crime, and should be reported like any other crime.

Action Fraud has published some useful guidance in relation to Sextortion scams. You can read their advice here:


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.