Alert Priority HIGH: Beware of scam emails threatening to reveal intimate images

24 July 2019

What’s happened?
Members of the public have reported receiving scam emails that appear to come from their own email account, threatening to reveal intimate images of them unless they pay a fee.

This email scam is widespread, with the Australian Cyber Security Centre, Office of the eSafety Commissioner and Scamwatch receiving over 300 reports from the public this week.

How it works
This scam uses a tactic known as ‘sextortion’ – a form of online blackmail where a cybercriminal threatens to reveal intimate images of someone online, often to their friends and family, unless they pay a ransom quickly (often in cryptocurrency).

The scam uses ‘spoofing’ to make the email look like it’s come from your own email address. Email spoofing occurs when email addresses are manipulated to come from a different source, but display as a legitimate address. This is a technique commonly used by cybercriminals to make their scam seem real.

How do I stay safe?
  • If a blackmailer is threatening to reveal intimate images of you online, do not give in to their demands. Report it to the Office of the eSafety Commissioner.
  • If you receive one of these emails, don’t give the perpetrator any money or images, and stop all contact with them.
  • If you’re concerned about your physical safety call Triple Zero (000) or contact your local police.
  • Change your passwords for all social media and online accounts – including your email account – straight away, and review your privacy and security settings.
  • Cybercriminals can use your personal details to their advantage, like manipulating your email address if it has been caught up in a data breach. You can check if any of your email addresses have been in a data breach by visiting //haveibeenpwned.com

More information
If you have experienced image-based abuse, you can also contact the Office of the eSafety Commissioner to report and seek support, including links to counselling support services.
You can report scams to Scamwatch: //www.scamwatch.gov.au/report-a-scam

See our Get help page for more support resources.

The information provided here is of a general nature. Everyone’s circumstances are different. If you require specific advice you should contact your local technical support provider.
Feedback
Thank you to those subscribers who have provided feedback to our Alerts and Newsletters. We are very interested in your feedback and where possible take on board your suggestions or requests.

Disclaimer
You may have noticed we’ve updated our branding, to incorporate the Australian Cyber Security Centre (‘the ACSC’) logo, and complement the ACSC colours. This is to better reflect that Stay Smart Online is a part of the ACSC.

This information has been prepared by the ACSC. It was accurate and up to date at the time of publishing.
This information is general information only and is intended for use by private individuals and small to medium sized businesses. If you are concerned about a specific cyber security issue you should seek professional advice.
The Commonwealth and all other persons associated with this advisory accept no liability for any damage, loss or expense incurred as a result of the provision of this information, whether by way of negligence or otherwise.
Nothing in this information (including the listing of a person or organisation or links to other web sites) should be taken as an endorsement of a particular product or service.
Please note that third party views or recommendations included in this information do not reflect the views of the Commonwealth, or indicate its commitment to a particular course of action. The Commonwealth also cannot verify the accuracy of any third party material included in this information.