Email scams that seek to trick recipients out of their money are rife, but a particularly nasty kind has been on the rise in recent years – sextortion emails. These exploit the fear of private or intimate information being exposed.
Sextortion scammers often claim to:
- Have intimate pictures or video of the recipient
- Have access to the recipient’s computer or webcam
- Know particular websites the recipient has visited (e.g. extramarital dating or pornography sites)
- Know (and even include) the recipient’s password to a site
If you get a sextortion email like this, don’t panic. These claims are often fabricated in an attempt to scare the victim into handing over money (often as Bitcoin) – or exploitative images of the victim. And if a data breach is a factor, it may be data from an old unrelated breach – not the site the scammer claims to know you’ve been using.
If a website you’ve used has been involved in a data breach, here’s what to do to stay as safe as possible.
Guard against data breaches
If you’ve received an extortion email, there’s a chance the scammer has gained your email address from a data breach, old or new. It’s possible they also have a password to go with it. Again, don’t panic: they’re likely to have emailed lots of addresses at once in the hope that some recipients will pay up.
Protecting yourself from email extortion amounts to protecting yourself from data breaches, so take a look at our related article: Learn how to protect yourself against the next big data breach.
In a nutshell, you should:
- Use strong, unique passwords for every account
- Turn on two-factor authentication wherever possible
- Change affected passwords immediately in the event of a breach
But there are some extra considerations so far as sextortion scams are concerned…
Seriously – use a strong, unique password for every site. Using a different password for every site you use means that if one site is breached, your other accounts aren’t affected.
Choose services wisely. Choose apps, websites and services carefully. Wherever possible, choose those which are well-reviewed, are listed in trusted App stores, and offer extra security measures like two-factor authentication. These choices might save you from being victim of a breach down the line. And choosing services which use two-factor authentication means that if your login details are ever exposed, it doesn’t mean hackers will be able to access your account.
These are sensible steps for everyone to take, but they are particularly relevant to sextortion scams. Adult websites are big business, but not all of them will have robust security or privacy, let alone security features like two-factor authentication.
Make the most of Watchtower
It may not be clear whether a scammer holds your password to a breached service. If you’re in any doubt, it’s worth checking Watchtower to see:
- If any sites you use have suffered a security incident
- If your email address has been caught in a data breach
- Whether you’re using any duplicate passwords
If there are any duplicates you should change them to unique passwords, and if any match the password or service the scammer has mentioned you should make sure you change them immediately.
If you want to, you can enable Watchtower notifications to be alerted of security issues right away.
Tip: If the scammer sends you a password that isn’t already flagged in Watchtower, you can create a new login item in 1Password using that password. That way, if any other logins use it, Watchtower will identify them.
Our support article has everything you need to make the most of Watchtower: Use Watchtower to find passwords you need to change.
What if things are more serious?
Hopefully you now have a good idea of how to deal with sextortion emails. But if you think the scammer genuinely has personal information or files about you, and is attempting to blackmail you or post revenge porn online, then you should contact the police.