How to Protect Yourself From Extortion Phishing Scams

Christian Cawley 05-02-2018

Sometimes it feels as though everyone online is out to get you. A cursory look at any spam folder will reveal a bunch of emails from scammers for any given day, all after a piece of you.


Perhaps they offer free Bitcoin, or the prospect of developing relations with an exotic partner How to Spot and Avoid an Online Dating Scammer: 8 Red Flags Do you date online? Here are several tips and red flags to help you spot and avoid scammers on online dating sites. Read More . Maybe it’s a fake tax demand Avoid IRS Scams: 7 Warning Signs to Watch Out For Do you really owe as much tax as the email says? Or is it an IRS scam? Here's how to avoid getting taken in by scammers impersonating the IRS. Read More , or a fake PayPal scam… the list goes on and on. And that’s before we even consider those with ransomware attachments A History of Ransomware: Where It Started & Where It's Going Ransomware dates from the mid-2000s and like many computer security threats, originated from Russia and eastern Europe before evolving to become an increasingly potent threat. But what does the future hold for ransomware? Read More , ready to lock the data on your PC until the ransom is paid.

Since late 2017, a new scam has been landing in mailboxes around the world. Coming under the label of extortion phishing, this scam — often with the subject line “You Should Be Ashamed Of Yourself” — invariably attempts to shame the recipient into paying up. Typically, the payment is via Bitcoin, so almost impossible to trace.

The Scam Behind Extortion Phishing

You probably know about “phishing” — a technique that scammers use to extract information from you by deception. Microsoft defines phishing as:

“A type of online identity theft. It uses email and fraudulent websites that are designed to steal your personal data or information such as credit card numbers, passwords, account data, or other information.”

Although there are methods you can use to block phishing, often it comes down to simply learning to recognize a phishing email How to Spot a Phishing Email Catching a phishing email is tough! Scammers pose as PayPal or Amazon, trying to steal your password and credit card information, are their deception is almost perfect. We show you how to spot the fraud. Read More or message.

Things are developing, however. Over the years, phishing has been evolved to embrace new platforms and attack vectors. Social networks are now targets, as are messaging apps, and the scammers will attempt to convince you that they represent banks, law enforcement, even healthcare providers.


And now, the scammers are pretending that they’re watching you, and what you get up to when you’re alone.

“You Should Be Ashamed Of Yourself”

It’s a very simple approach. Scammers send an email to their list of addresses, advising the recipient that they have captured footage of them visiting (and enjoying) an adult website. This is supposedly done thanks to their use of a “malicious program on a porn site” and plays into fears of adult websites leaking data 5 Ways Visiting Adult Websites Is Bad for Your Security & Privacy While pornography is often discussed in the context of morality, there's a huge security-and-privacy angle that is often overlooked. If you know what to look out for, the safer you'll be. Read More .

protect yourself against extortion phishing scams

The aim is clear: force you to pay up for their silence, or the footage will be shared with your social networks. Admittedly, the ransom is low ($290 sent via Bitcoin) but must be paid within 24 hours of receipt of the message.


Ultimately this is a typically insidious scam that could easily snare an unsuspecting user.

How Do We Know It’s a Fake?

Well, there are several problems with the email. First of all is the subject line, which reads like a support ticket:

  • ?i??et#186980138: <email_address> 29/01/2018 07:09:48 You were not clever

Several variants of this email scam have been recorded online. Other subject lines include:


While it is possible to watch webcams remotely (even without the light being activated), this message has been received by people who don’t use online porn. It’s also been received by users who do, but don’t use connect their email account with that activity.


And then there are the recipients who enjoy such material via other methods (such as a Kodi box).

Additionally, it’s unlikely that scammers would be able to force remote desktop (RDP) or keylogging without attracting the attention of security software. And they almost certainly don’t have enough storage space for so many videos from device webcams around the world.

Perhaps the most obvious, however, is the threat: “I give you exactly 24 hours since you open my message to finish a transaction.”

With no read receipt, and hence no idea when the email is opened, there’s no way this threat can hold any water.


This is a scam! You may have already received it, or a version with different text. Delete it, and move on. Let your friends and family know too, as it can hit literally anyone.

If you want to know more, this blog explores the background, and attempts to trace the perpetrators.

What You Can Do to Stop Extortion Phishing

You have several options to combat this. The first is to avoid adult material on any device with a webcam. Pretty easy. If you don’t want to do that, consider a cover for your webcam. These are inexpensive and can be bought online at Amazon.

Webcam Cover Slide 0.022in Ultra Thin Metal Magnet Web Camera Cover for MacBook Pro Laptops Smartphone Mac PC Tablets for Echo Spot Show Protecting Your Privacy Security Black(3 Packs) Webcam Cover Slide 0.022in Ultra Thin Metal Magnet Web Camera Cover for MacBook Pro Laptops Smartphone Mac PC Tablets for Echo Spot Show Protecting Your Privacy Security Black(3 Packs) Buy Now On Amazon $6.98

You should also disable your microphone, for additional security. And, of course, install a reliable, reputable online security suite The Best Computer Security and Antivirus Tools Concerned about malware, ransomware, and viruses? Here are the best security and antivirus apps you need to stay protected. Read More . Use its email integration to keep spam and scam emails in check, and employ its scanning software to track for camera-accessing malware.

It’s also worth following the links at the top of this article to discover more about phishing and recognising scams.

Could the Scam Become Real?

Fortunately, this scam isn’t currently practical. But it successfully taps into fear and paranoia about how we use our computers, online surveillance, and what data is being stored.

Unfortunately, it’s not beyond the realms of possibility. Adult websites have been hit by malware in the past. We know that smartphone, tablet, and laptop cameras can be enabled remotely by the security services. And we know that cybercriminals have used techniques used by the NSA and others to scam victims.

So yes, this scam could potentially become “real.” Hackers really could upload malware to sites streaming adult material, identify you based on your site logon, and target you. They wouldn’t have to record you, but if they wanted to, and had the storage space for the videos, they probably could. And if they’ve gone this far, identifying your friends and family on social network wouldn’t take too much effort.

However, all of that requires more time, effort and money than is found in a typical scam — for now, at least.

Don’t Let Them Scam You!

Extortion phishing is nasty. You really don’t want to be battling the feelings of guilt and shame while trying to make a logical decision. This confusion plays into the scammers hands, and leaves your wallet lighter.

Avoid and protect yourself against the “You Should Be Ashamed of Yourself” phishing scam by following these steps:

  • Stop, reduce, or modify your use of adult material.
  • Use a webcam cover for your phone, tablet, or laptop.
  • Disable your PC’s microphone when it is not in use.
  • Install a reputable, reliable antivirus suite.

Stay ahead of the game, and you won’t get scammed. You won’t even need cyber insurance Do You Really Need Cyber Insurance? 4 Questions to Ask Before You Get It Cyber-crime insurance is a burgeoning industry that many organizations are exploring. But is it a worthwhile investment? Read More .

Worried for your friends? Share this article with them! And let us know if you’ve ever been fooled by cybercriminal scams like this.

Image Credit: stokkete/Depositphotos

Related topics: Online Security, Scams, Surveillance.

Affiliate Disclosure: By buying the products we recommend, you help keep the site alive. Read more.

Whatsapp Pinterest

Leave a Reply

Your email address will not be published. Required fields are marked *

  1. David Martchouk
    February 5, 2018 at 11:53 pm

    I like your first idea, do not visit adult webcam websites. You are indeed abusing yourself if you masturbate to adult videos. Try to go cold turkey and you will see you get wet dreams instead, and eventually you can stop masturbating altogether, I haven't masturbated for years.

    • dragonmouth
      February 6, 2018 at 1:18 pm

      Thou shalt not spill thy seed in vain.

  2. dragonmouth
    February 5, 2018 at 9:04 pm

    "What You Can Do to Stop Extortion Phishing"
    Disabuse yourself of the belief that if it's on the Internet, it must be God's honest truth.

    "consider a cover for your webcam. These are inexpensive and can be bought online at Amazon."
    Which in itself is a scam. A piece of tape will work just as well and costs a lot less than a cover. And why the plug for Amazon? There are dozens of other places where the covers can be obtained. Was this article paid for by Amazon?

    • Mike Walsh
      March 10, 2018 at 12:17 pm

      Simplest way to disable your webcam on a desktop? Unplug it..!

      • dragonmouth
        March 10, 2018 at 1:33 pm

        It's very hard to unplug a web cam on a laptop.

  3. ACB23
    February 5, 2018 at 7:52 pm

    Fun fact: I know many people that received email like that and don't have webcam or microphone -- so you can be sure that these emails are fake. There is no way to record you via liquid crystals on you monitor ;).

    But there are some things that you can make to protect yourself:
    -make your FB, Twitter, whatever profile private - only friends can see content
    -install some kind of advanced spam filter for email clients such are MS Outlook, Windows Live Mail etc.
    -if possible, encrypt your personal stuff (contacts, passwords, important documents...) on your computer and if it's encrypted avoid syncing with your phone (if the phone isn't encrypted too)
    -disconnect from the internet - this one is optional and can be tricky in some circumstances (ex. if your computer is LAN server, etc.) but it can really improve privacy because it disables any communications with remote host so they cannot access your data.
    Have a nice day and stay safe :)