Extortion Scams: What To Know & How To Protect Yourself

Understanding Extortion Emails and Scams

Extortion scams happen when cybercriminals threaten to harm you, your family, or friends unless you follow their demands. In 2023, the FBI reported over 48,000 extortion victims — the fourth most prevalent among all online crime types [*].

What these hackers want depends on the type of scam, but they’re usually after money, gift cards, or cryptocurrency. To get you to take the bait, they may threaten legal action, physical harm, or to leak compromising information.

To intimidate you and drum up a sense of urgency, they show you snippets of the allegedly stolen data, such as files or screenshots. Though it often seems like posturing, extortion scams can have serious consequences.

{{show-toc}}

The Karakurt Group

The Karakurt group is a data extortion gang that has broken into many victim networks and extracted vast amounts of files and information [*]. They threaten to release stolen data publicly unless they receive thousands of dollars in bitcoin ransoms.

Yet, even when victims paid, there have been reports of the group still breaching confidentiality. Karakurt's victims are diverse and widespread, but most were chosen because they were vulnerable from either: 

• Data breaches that exposed stolen or leaked login credentials
• Known vulnerabilities inside public-facing apps

Examples of Real-life Extortion Scams

Most extortion scams share similar motives, but their tactics and targets can vary. The following are examples of some of the more common types of extortion scams:

1. Financial sextortion scams

Sextortion or sexploitation scams involve cybercriminals blackmailing minors with illicit material. According to the FBI, there were more than 12,600 of these online scams reported over an 18-month period between 2021 and 2023 [*]. 

The Yahoo Boys, for instance, target victims through social media and messaging apps. Using a combination of fake social media accounts, generative artificial intelligence (AI), and advanced social engineering methods, these criminals pose as teenage girls or young women and catfish their male victims. 

The group has also been known to coerce minors into sending compromising photos, only to later threaten and extort them. 

2. Email-based extortion

Email-based extortion scams allege that they've accessed your webcam or infected your device with malware to excise data. These emails threaten to expose personal or embarrassing information or harm the victim's computer.

While there are exceptions, the majority of these scams are hoaxes. Scammers broadcast generic emails, waiting for the most pliable victims to respond. Despite their threats, it's unlikely they can actually harm you. 

After an analysis of more than 300,000 extortion emails, researchers found that the same 100 email addresses were responsible for over 80% of the attacks [*]. In 90% of these cases, the demands are for less than $2,000 — to be paid in Bitcoin.

{{show-cta}}

3. Romance scams

Similar to sextortion scams, romance scams contrive a fake persona to attract victims on social media and dating sites. These fraudsters painstakingly build relationships with their victims before eventually asking for money in some form. 

Depending on the scam, the scammers may apply emotional pressure or use blackmail to get what they want. To choose their victims, they may cast a wide net and see who responds. They may also pick individuals that meet certain parameters — such as being single and emotionally vulnerable — particularly among the elderly.  

When a New Jersey couple conned a 74-year-old-man, they posed as a famous actress interested in pursuing him [*]. The scammers then impersonated the FBI and threatened to pursue a sexual harassment lawsuit. They had been logging intimate conversations and photos to extort the victim.

How To Protect Yourself and Your Family

Extortion scams are designed to rush you into making decisions, but paying a ransom is almost never the solution. According to the FBI, this only encourages cybercriminals and in no way guarantees your safety.

In fact, those who paid lost an average of $575 each, totaling over $430 million in 2023 [*]. Here are some of the best ways to safeguard yourself and your family:

Protect your children online

Set up parental controls:

• On an Android device, filter content by using the built-in Parental Controls in the Family section of your device settings. You can also download Google Family Link and set restrictions for Google Play and Chrome [*].
• On an Apple device, you can monitor your child's online activity by using Screen Time. Set Content & Privacy Restrictions, such as blocking websites and refining gaming settings [*].
• On a Windows 10/11 PC, use Microsoft's Family Safety to create a child profile, set content filters, and restrict website access [*].

Review app privacy settings:

• For YouTube, enable Restricted Mode in your child's profile settings to filter out mature content. You can also download YouTube Kids and approve the content that your children can access. 
• For TikTok, enable the Family Pairing function in Settings and Privacy. Customize the commenting, messaging, and search settings on your child's account.
• For Xbox, use the Family Settings app to add or create a child account. Then set age, communication, and multiplayer gaming restrictions. 
• For Playstation, adjust privacy settings and permitted games under Family Management → Account Management. 
• For Nintendo Switch, you can choose preset restrictions based on your child's age. Or, create custom restrictions by using Nintendo's parental controls app. 

Set a universal screen time limit

• You can manually set time limits on your childrens' devices or manage them all together. Aura's parental controls allow you to create universal screen time limits (and content filters).
• Set one daily online time limit, or set individual limits for specific devices, sites, and apps.

Support seniors at home

• Add a trusted contact to your elderly loved ones’ financial accounts. If any suspicious activity is flagged in their bank or credit card accounts, the bank will inform this contact. 
• Limit what they share online. Scammers wield any information they can against their victims — including names, addresses, or even dates of birth. Show senior family members how to reduce the information that they share via social media. 
• Help seniors understand what phishing looks like. Go over common scams, red flags, and what to do if they receive a phishing email.

Other ways to stay safe

• Remove yourself from data broker sites. Data brokers publish and sell your personal data, including personally identifiable information (PII) and browsing history. You can manually remove your information from these sites or use Aura's removal service.
• Use strong passwords. Lock down your online accounts with unique passwords and a password manager. Also set up two-factor (2FA) or multi-factor (MFA) authentication for more protection.
• Keep your devices, apps, and antivirus up to date. Turn on automatic updates on all of your devices. Also use reliable antivirus software — like the program included with every Aura plan — across your devices.
• Shield your email address. Consider setting up a burner email address for online activities to keep your personal and work email addresses safe. MacOS users can use the Hide My Email feature to keep emails private [*], while Aura's email masking feature gives you an email alias to use on any device [*].

If You Think You May Have Been Scammed:

Extortion is a crime recognized by both state and federal laws [*,*]. Penalties, which can be severe, vary based on jurisdiction, the crime’s seriousness, and its methods. In California, for example, extortion is a felony, punishable by imprisonment and fines up to $10,000 [*].

If you or someone you know has been extorted, follow these steps to minimize damage:

• Refuse to pay any ransoms. However, if you have already paid by debit or bank card, contact your bank and try to stop or reverse the fraudulent transaction. If you paid by using a gift card, alert the issuing company and ask for a refund.
• Stop all communications with the scammer. Quickly save any messages for your records, and then cut the conversation short.
• Freeze your credit and bank accounts. Contact each of the major credit bureaus (Equifax, Experian, and TransUnion) and freeze your credit files. Also alert your bank about the scam and follow its procedure to freeze or close your accounts. 
• Run an antivirus scan. Sweep your computer for malicious files or programs in order to remove any access the scammer may have over your device.
• Secure your online accounts with new passwords to avoid being locked out by intruders.
• File a report with the Federal Trade Commission (FTC). Visit ReportFraud.ftc.gov to file a report and receive advice on next steps.
• Contact law enforcement. Depending on the nature of the crime, you can file a police report with your local police department or the FBI. If the crime involves a minor, visit tips.fbi.gov or call 1-800-CALL-FBI. You can also use the National Center for Missing and Exploited Children’s Take it Down tool to remove personal images from the internet.
• File a complaint with the Internet Crime Complaint Center (IC3). Visit ic3.gov to file a complaint. Your report will then be shared with the appropriate investigative organization.
• Use Aura’s Dark Web scanner to see if your information has been compromised. Aura will scour the Dark Web to see if your email address or personal information has been leaked. 

No matter how safe you are and how fast you respond to fraud, it may not be enough. Use Aura’s identity theft protection solution to monitor sensitive information, and online accounts for your entire family.

Let Aura stand sentry to your identity, information. Start a 14-day free trial.