Advice around 'sextortion' phishing scams

We have recently received an increased number of calls from people who have been contacted by cyber scammers who threaten to share videos of victims visiting adult websites.

This is known as sextortion, which is a type of phishing attack where people are coerced to pay a bitcoin ransom in exchange for not having any potentially compromising or embarrassing videos of themselves shared.

These scams are made to appear all the more credible because they provide seemingly plausible technical details about how this was achieved, and the phish can sometimes also include an individual’s password.

As with most phishing emails they’ll often contain poor grammar and spelling and sometimes using a different font so they don’t get filtered to your junk mailbox.

Such phishing emails are sent out on mass, but password details can make them seem very real. Usually old password details have been obtained during a past data breach.

It is extremely unlikely that your password has been taken as a result of any kind of malware on your computer or mobile device. It does, however add a degree of credibility to the threat, making some people believe that they really have been spied on. 

• Do not respond, pay the demanded fee or click on any links / open attachments in the email
• Don’t panic: remember that this is a mass email
• Do not worry if the phish includes your password; in all likelihood this has been obtained from historic breaches of personal data. You can check if your account has been compromised and get future notifications by visiting: https://haveibeenpwned.com/ 
• Flag the email as spam/junk and delete
• Perform password resets as soon as possible on any accounts where you’ve used the password mentioned in the email.
• Always use a strong, separate password for important accounts, such as your email. Where available, enable Two-Factor Authentication (2FA) and consider using a password manager to help use and remember a different password for every account
• Always install the latest software & app updates. Install, or enable, anti-virus software on your laptops & computers and keep it updated
• If you have received one of these emails and paid the fine, report it to us
• If you have not paid, report the email as a phishing attempt to Action Fraud
• If you need emotional support this is available from charities such as Victim Support by calling 0808 168 9111 or visiting: https://www.victimsupport.org.uk/

You can contact us via one of the following methods.

• Facebook – send us a private message to /DerbyshireConstabulary
• Twitter – direct message our contact centre on @DerPolContact
• Website – complete the online contact form www.derbyshire.police.uk/Contact-Us.
• Phone – call us on 101.