- Password Trick:
In the email, the criminals claim that they have hacked the recipient. You name a weak, insecure password that the person you are writing to actually uses or has used. However, it most likely comes from other hacker attacks and can usually be found freely on the net anyway, according to the LKA.
So far, no cases have been known in which complex, secure and actually used passwords have been in extortionist emails. The perpetrators are usually free riders.
After the password hanger, there is a fantasy text in the mail. It describes which devices, accounts and areas of life the attackers have allegedly already penetrated and which secrets they allegedly want to have already found out. Of course, if it is not yet known or has happened: Change the compromised password.
- Sender Trick:
It looks like you got an email from your own account – and concludes that the blackmailers really have access to it. But behind it is a simple technical trick called mail spoofing, explains the LKA.
In this way, you can – as on an envelope – name any sender of the respective e-mail. The aim is to confuse the written ones in order to make the content seem more credible. In fact, at no time did the criminals have and did not have access to the mail account.
- Porn Sites-Trick:
In this case, the emails claim that they have evidence of visiting pornographic websites and want to send them to acquaintances and relatives. The perpetrators rely on the random principle. Since porn sites are among the most visited websites on the net, there is a high probability of contacting someone who actually visits such sites more or less often. Of course, the alleged evidence does not exist at all.
- Webcam Trick:
It may also be that the criminals claim to have access to their own webcam and, in particular, to have also collected intimate images. Here, too, a transfer is threatened. According to the LKA, webcam access is not completely absurd, there have already been such cases, for example if the computer is infected with malware. In the context of the extortion email wave, however, the investigators consider the threats to be fictitious. There were no known cases in which the blackmailers had sent “evidence pictures”.
In all cases, whether alone or in combination, the criminals demand a certain amount, for example by cryptocurrency, so that they do not pass on any allegedly compromising material or so that they stop their alleged surveillance.
The LKA strongly advises to report any extortion to a local police station or to the online guard of the responsible state police and in no case to respond to monetary claims. The investigators also warn against answering the blackmailers: in the worst case, criminals could use these emails against the sender.
Proactively, users can also regularly check whether the e-mail addresses and passwords they use for log-ins may have fallen victim to hacker attacks or data leaks and can be found on the net. With the help of the Identity Leak Checker of the Hasso Plattner Institute or on the website Haveibeenpwned.com . Because it is there that such records are collected.