In these spear-phishing emails, scammers typically claim to have gained full access to the recipient’s device, often through malware. They may assert that they control the device’s microphone, camera, and keyboard and have downloaded sensitive data, like photos, browsing history, messages, and social media contacts. Finally, the scammer demands a ransom, typically in cryptocurrency, threatening to release the data or compromising photos unless payment is made.
While these emails can be unsettling, understanding how scammers obtain this information — and knowing what to do if you’re targeted — can help you stay safe.
Where Do Scammers Get This Information?
Scammers gather personal information from multiple sources. Public records, data breaches, and social media accounts can all provide personal data that scammers then use to build a profile on their targets. When people share their location, family relationships, or frequent activities on social media, scammers can use these details to make their threats seem more credible.
In some cases, scammers even use Google Maps’ street view to find an image of a person’s home after locating their address. Other tactics include purchasing compromised data on the dark web, where entire databases of personal information are frequently traded.
What to Do If You’re Targeted
1. Stay Calm: The fear tactic is central to the scam. Staying calm can help you assess the legitimacy of the claims. Remember that scammers often use outdated or publicly accessible information and do not have control over your device.
2. Don’t Engage: Responding to the email can validate your contact information for scammers, potentially leading to further targeting. Avoid replying or paying any ransom.
3. Strengthen Your Security: If the email includes accurate information, take this as an opportunity to update your security practices. Visit sites like HaveIBeenPwned to check if your email or phone number has been part of a breach. If so, change your passwords immediately and consider using a password manager to maintain unique passwords across accounts. Enabling two-factor authentication (2FA) is also highly effective for preventing unauthorized access.
4. Report the Scam: In the UK, you can report phishing emails to report@phishing.gov.uk. Reporting these scams helps authorities track and address fraudulent activity.
5. Be Mindful of Online Sharing: Keep your social media profiles private, avoid sharing overly personal details publicly, and consider using temporary email addresses for website registrations. Tools like Apple’s “Hide My Email” can help minimize exposure.
In a digital age, where our personal data is more accessible than ever, remaining vigilant is essential. Taking precautions, such as limiting public sharing, using strong passwords, and knowing how to react to extortion attempts, can help you safeguard your data and feel confident against online threats. If you suffer financial loss from a scam, contact your bank immediately and report the incident to authorities for further assistance.
