How to handle blackmail emails

The concept of blackmail is almost as old as humanity, with the word itself dating back to the mid-16th century.

Unfortunately, the internet has given blackmail a new breeding ground.

Spam filters around the world are constantly battling a flood of messages claiming to have compromised user devices, filmed people watching porn or breached online accounts.

Receiving one of these emails in your inbox can be frightening, especially if your browsing history includes things you’d prefer the world didn’t know about.

Fortunately, blackmail emails are usually scams, distributed indiscriminately in the hope of conning people into either paying money or surrendering even more personal information.

Identifying blackmail emails

It’s extremely rare for a blackmail threat to be targeted at you specifically.

If it is, the sender is almost certainly someone you know, like a vengeful former partner with a grudge.

In the overwhelming majority of cases, the same email has been sent to thousands (or even millions) of email addresses on a random database which fell into the criminals’ hands.

They might attempt to personalise messages based on compromised passwords, with hacked lists of email-and-password combinations for sale on the Dark Web.

A simple mail merge adds the ‘correct’ password (though it rarely is) beside the email address associated with it, in the same way marketing emails include your first name but little else.

Blackmail emails are deliberately vague. They won’t use an introduction line which requires the use of a name, and they’ll talk about “your device” rather than “your iPad” or “your PC”.

The language is usually American rather than British, typically written by someone with a limited grasp of the English language, and riddled with typos and spelling errors.

After setting the scene with some vague statements about “knowing what you did”, the email will move onto its payload – a demand for payment.

This is generally through Bitcoin, an untraceable decentralised currency which can be traded anonymously, though less tech-savvy scammers may demand payment in dollars.

There will be threats about the consequences of non-payment – usually compromised webcam footage being leaked, or bank accounts being drained.

How should I respond?

The simple answer is to not respond at all.

Even if the scammers have correctly acquired a password linked to one of your online accounts, they’re almost certainly unaware of who you are.

Blackmail emails are simply a form of phishing, which we wrote about back in March.

Providing payment brings no guarantee that any threat will be rescinded. Indeed, the scammer is very likely to see you as gullible, and demand even more money.

Providing requested data will simply hand over sensitive or confidential information the criminals don’t currently have.

To maximise their chances of getting lucky, the people behind blackmail scams demand urgent responses, so prospective victims don’t have time to realise they’re being duped.

Always take a few moments to consider flaws in the scammers’ arguments. For instance, how could people have recorded you on a webcam if your desktop PC doesn’t have one?

Try copying and pasting part of the message body into a search engine, to see if it’s been reported or published by other people as a hoax.

Finally, blacklist the sender and forward their message onto anti-spam bodies like the Suspicious Email Reporting Service and the Information Commissioner’s Office.

That will help to shut down this particular scam, while preventing other people from falling victim to it.

Prevention is better than cure

The best way to manage the global epidemic of blackmail-related spam is by ensuring it doesn’t reach your screen in the first place.

Set inbox spam filters to a high level if you’re able to adjust them.

Install a robust antivirus package and permit automatic updates so it’s equipped to handle zero-day (brand-new) attacks. Consider a firewall as well, if you have the option.

Finally, mark any messages which do slip through the net as spam.

Better still, if you’re able to identify a message as junk before opening it, delete it and then empty your spam/trash/junk folder.