Go to top of page

Beware of scam emails threatening to reveal personal and sensitive information

Priority Level: 
High
16 April 2020

What’s happened?

The Australian Cyber Security Centre (ACSC) is warning Australians to be alert to an email ‘sextortion’ campaign.

The ACSC has received more than 1,900 reports of the emails since 9 April. The cyber scammers responsible have threatened to release personal and sensitive information to the recipient’s contacts unless the scammer is paid in cash or bitcoin.

The ACSC has not received any reports of financial loss in relation to this scam.

How it works

This scam uses a tactic known as ‘sextortion’ – a form of online blackmail where a cyber scammer threatens to reveal intimate images of someone online, often to their friends and family, unless they pay a ransom quickly (often in cryptocurrency). Typically, the scammers have no compromising information.

The email scammers also may claim to have compromised a computer or other electronic device, and include either a full or partial password that the recipient has used in the past.

In this case, the name of the ‘sender’ was different in each instance of the email address.

How do I stay safe?

  • In most cases, there is no reason to be concerned. These emails are typically generated in their thousands by online scammers using limited personal details, with the aim of scaring recipients into paying the ransom. The information in the email is often collected from the internet from previously-known data breaches.
  • If you receive one of these emails, don’t give the perpetrator any money or images, and stop all contact with them.
  • If a blackmailer is threatening to reveal intimate images of you online, do not give in to their demands. Report it to the Office of the eSafety Commissioner.
  • If the email includes a password which you recognise, or is similar to one you are currently using, you should change all accounts which use this password.  Make sure to use a strong password and don’t reuse passwords across different accounts. Follow advice in our Small Business Cyber Security Guide.
  • To find out where your email may have been included as part of a data breach, visit Have I Been Pwned.
  • If you have concerns about your physical safety, call Triple Zero (000) or contact your local police.
  • Further information on securing your online accounts can be found in the ACSC’s Easy Steps Guides.
  • To report a cyber security incident or crime to police, visit cyber.gov.au/report.

We encourage you to share this information with your family, friends and colleagues.

More information

If you have experienced image-based abuse, you can also contact the Office of the eSafety Commissioner to report and seek support, including links to counselling support services.

You can report scams to Scamwatch.gov.au

See our Get Help page for more support resources.

To stay up-to-date on the latest online threats and how to respond, follow us on Facebook and sign up to the Stay Smart Online Alert Service.