An e-mail with a threat and a demand for money suddenly flutters into the inbox? The police urge prudence: as a rule, the blackmailers have nothing in their hands.

Their approach is simple and yet sophisticated: scammers try to extort money via email. The Lower Saxony State Criminal Police Office (LKA) warns that they use leverage that they often freely invent and combine in the hope that their potential victims will jump on it.

Common stitches at a glance:

password trick

In the email, the criminals claim that they hacked the recipient. You name a weak, insecure password that the person addressed actually uses or has used. However, it is very likely that it came from other hacker attacks and can usually be found freely on the Internet anyway, explains the LKA.

So far, no cases are known in which blackmail e-mails also contain complex, secure and actually used passwords. The perpetrators are therefore mostly free riders.

The password tag is followed by a fantasy text in the email. It describes which devices, accounts and areas of life the attackers have allegedly already penetrated and which secrets they claim to have already discovered. Of course, if you don’t already know or have not done so, the following applies here: the compromised password.

sender trick

It looks as if you got an email from your own account – and concludes that the blackmailers really have access to it. But behind it is a simple technical trick called mail spoofing, explains the LKA.

In this way one can – like on an envelope – name any sender of the respective e-mail. The aim is to confuse those addressed in order to make the content appear more credible. In fact, the criminals never have and never had access to the mail account.

Porn Sites Trick

In this case, the e-mails claim that they have proof of visiting pornographic websites and that they want to send these to friends and relatives. The perpetrators rely on the random principle. Since porn sites are among the most visited websites on the web, there is a high probability that you will message someone who actually visits such sites more or less often. Of course, the claimed evidence does not exist.

Webcam-Trick

It is also possible that the criminals claim to have access to their own webcam and, in particular, to have collected intimate pictures. Here, too, there is a threat of disclosure. According to the LKA, webcam access is not completely out of the question, there have already been such cases, for example when the computer is infected with malware. In the context of the blackmail wave, the investigators consider the threats to be fictitious. There are no known cases in which the blackmailers have sent “proof pictures”.

With all scams, whether alone or in combination, the criminals demand a certain sum, for example in cryptocurrency, so that they do not pass on any supposedly compromising material or so that they stop their supposed surveillance.

The LKA strongly advises to report any form of extortion to a local police station or to the responsible state police and never to respond to demands for money. The investigators also warn against answering the blackmailers: In the worst case, criminals could use these emails against the sender.

Users can also proactively check regularly whether the e-mail addresses and passwords they use to log in have fallen victim to hacker attacks or data leaks and can be found online. With the help of the Identity Leak Checkers Hasso Plattner Institute or on the Haveibeenpwned.com website. Because that is where such data sets are collected.