Protect yourself from extortion scams
While there are real cases of criminals extorting money from people online, scammers sometimes run blackmail or extortion scams, hoping to exploit your fear of having your private information or explicit images being made public.
Why it matters
Scammers will try scaring you into sending them money, threatening they will go public with your images or some damaging information if you do not pay. It is easy to believe their threats because they have your password and seem to know a lot about you.
This type of scam can be emotionally harmful and quite scary. In most cases the scammers don't have what they claim. Instead, they have found your email and password in a data breach or when you clicked on a phishing link and entered your credentials without realising it was a scam website.
If you are the target of a real extortion attempt, you can report to New Zealand Police. If you aren’t comfortable approaching the Police directly, CERT NZ or Netsafe can do so on your behalf.
Report to CERT NZ(external link)
Visit Netsafe for more information on what to do if you are being blackmailed by someone who has your intimate images or other sensitive information.
Sextortion - Netsafe(external link)
The risks
If the extortion email contains an actual password you use, the scammer could access your other accounts that use the same password and email combination.
Scammers will often imply they have information or evidence of you looking for pornography. They know this makes you less likely to ask for help because it could be embarrassing to report.
Even if you don’t completely believe the scammer, these emails can generate some fear and anxiety and you may consider sending them what they ask for.
How to protect yourself
-
Learn to identify an extortion scam
There are telltale signs that you can look out for in an email to identify it as a scam.
-
Change your passwords and make them unique
Change passwords for the email that was compromised and for all your different accounts that use the same password. CERT NZ’s advice is to have a unique password for every account. That way even if scammers get one password, they can’t get into your other accounts.
-
Check if you've been caught in a breach
If you think your other passwords may have been compromised, you can check this on the Have I Been Pwned website, which contains information about known data breaches.
-
Turn on two-factor authentication
Enable two-factor authentication (2FA) on your important accounts, including your primary email. That way, even if a scammer gets hold of your password, they cannot access your account.
-
Run antivirus
If you are worried that scammers may have access to your data through software they claim to have installed, you can run an antivirus scan to check for malware.
Get help now
Do not send money to anyone who is threatening you online. It is likely they do not actually have what they claim to. It is also unlikely they will stop at one payment and will come back asking for more.
If you think you are being targeted in an extortion scam or know someone who is, you can report to CERT NZ using our reporting tool. We can also help you figure out if the scammer’s threats are real.
Report to CERT NZ(external link)
Sextortion
If you are being threatened by someone you know who has your intimate images, you can report it to New Zealand police. Netsafe has a guide on their website on what to do if you are being threatened this way.
If you know which of your images are being used to threaten you, you can use the tools on stopncii.org to prevent someone threatening you from sharing your image on many popular sites. If you have explicit images taken before you were 18 years, takeitdown.ncmec.org has a service that helps remove or stop the sharing of these images.