A large number of Australians are being impacted by an email ‘sextortion’ campaign in which the cyber scammers responsible have threatened to release personal and sensitive information to the recipients’ contacts unless the scammer is paid in cash or bitcoin.
The Australian Cyber Security Centre (ACSC) is warning Australians to be alert to the scam after receiving more than 1,900 reports of the emails since 9 April.
The email scammers may also claim to have compromised a computer or other electronic device, and may include either a full or partial password that the recipient has used in the past.
Sextortion is a form of online blackmail where a perpetrator threatens to reveal intimate images of someone online, often to their friends and family, unless they pay a ransom (commonly in cryptocurrency). Typically, the scammers have no compromising information.
The spam emails appear to have begun on 9 April, with most recipients receiving their messages on this or the following day. The name of the ‘sender’ was different in each instance of the email address, the ACSC has confirmed.
While the ACSC has not received any reports of financial loss, Australians are urged to not make payments, to cease all contact with the scammers, and delete the email.
What to do if you receive the email
In most cases, there is no reason to be concerned. These emails are typically generated in their thousands by online scammers using limited personal details, with the aim of intimidating recipients into paying the ransom. The information in the email is often obtained from the internet from previously-known data breaches.
If the email includes a password that you recognise, or is similar to one you are currently using, you should change all accounts that use this password. Make sure to use a strong password and don’t reuse passwords across different accounts. Follow advice in our Small Business Cyber Security Guide.
If you still have concerns, then lodge a report to the Office of the eSafety Commissioner, who will provide further advice and support.
To find out where your email may have been included as part of a data breach, visit Have I Been Pwned.
Refrain from giving the scammer money and cease all contact.
If you have concerns about your physical safety, call Triple Zero (000) or contact your local police.
Further information on securing your online accounts can be found in the ACSC’s Easy Steps Guides.
The ACSC manages ReportCyber, a place for individuals, businesses and large organisations to report a variety of computer-enabled crimes to law enforcement, including online frauds, ransomware, identity theft, romance scams, online image abuse and business email compromise. You can lodge a report at cyber.gov.au/report.