Extortion scams: what to do if a scammer has your data
An email that’s been circulated repeatedly now includes a worrying number of personal details about its targets — here’s what you need to know about this extortion scam.
While it might seem alarming to see an image of your home in a message from a scammer, it's nothing to worry about. This is known as spear-phishing, where scammers obtain your personal data in many ways – from data breaches to trawling social media. However, it's knowing how to react to these messages that will keep you and your data safe.
Below, we tell you what you can do if you’re targeted by a scam email like this.
Sign up for scam alerts
Our emails will alert you to scams doing the rounds, and provide practical advice to keep you one step ahead of fraudsters.
Sign up for scam alerts
Scam spear-phishing email
The email typically begins by saying ‘I've got some bad news to share with you’. It goes on to tell you that the writer of the email has gained access to your devices and has been monitoring your online activity.
The scammer will claim that malware has been installed on your device and they have ‘full control of your microphone, camera and keyboard’.
They then tell you they’ve downloaded all your data, including ‘your photos, browsing history, messages from your apps, social media, chat history and contacts’.
The email ends with a warning that to avoid compromising photos and videos of you being shared with your contacts, you should make a large payment to be transferred to the scammer in Bitcoin.
Recipients of the email have reported that it included their name, address, phone number and an image of their home. Some have even said that the email included an image of their passport as well as names of their contacts and the relationship they have with them.
Where do scammers get this information from?
With your name alone, scammers may be able to find out your home address, email addresses and other information about you from public records, phishing websites and your social media accounts.
The more you share on social media from public accounts, the more information a scammer is able to gather about you.
Data breaches provide another source for scammers to glean your data; the information is bought and sold on the dark web.
In these recent examples of scam emails, scammers have taken screenshots of houses on Google Maps’ street view after typing in addresses.
Read more: my data has been lost in a breach, what are my rights?
How to avoid being spear-phished
If you receive a scam email claiming to have access to your data, don't engage with the scammer. You can report the email by forwarding it to report@phishing.gov.uk.
In the age of social media, online profiles and our ever-growing digital footprint, scammers use a variety of ways to gather enough information to target you.
It's important to not respond to these scam messages, but instead you can take precautions to limit and protect your data:
- Check if your data has been leaked at haveibeenpwned.com. If you use Google, visit passwords.google.com/checkup to see if any of your username and password combinations have been breached.
- Ensure your new passwords are secure and use a password manager to organise and securely store your various passwords.
- Download antivirus software to protect your data from malware attacks and run a scan on your device.
- Keep your social media profiles private and avoid oversharing. Follow our tips to secure your social media account.
- Be wary of clicking links in unsolicited messages and entering your information into websites you’re not familiar with.
- Consider using temporary email addresses to register on websites. You can use Temp Mail, Guerilla Mail or Apple’s Hide My Email tool if you have an iCloud subscription.
- Exercise your right to be forgotten – under GDPR, you have the right to ask companies to erase your personal data.
If you lose any money to a scam, call your bank immediately using the number on the back of your bank card and report it to Action Fraud, or call the police on 101 if you’re in Scotland.
