/How Can I Tell if This Sextortion Email Is Legit?

How Can I Tell if This Sextortion Email Is Legit?

Tech 911Tech 911Do you have a tech question keeping you up at night? We’d love to answer it! Email david.murphy@lifehacker.com with “Tech 911” in the subject line.

Spam is annoying, but you shouldn’t see much of it in your actual inbox if you’re using a halfway-decent provider for your email. At least, I find that it’s rare for something to slip through Gmail’s mighty spam blockers and get me to consider opening it.

The flip side of that is when you receive an email that sounds pretty unpleasant, you second-guess yourself. If Gmail didn’t flag it as spam, even though it sounds like spam, is it actually spam? And then the sender ups the ante even more, as Lifehacker reader Liang describes:

“Hello, sorry to interrupt, I recently received a sextortion email from myself, I tried to block it but I can’t and when I replied the message went to my own account. May I please ask if I am hacked or is it just a spam. Also, how did the hacker send the email using my account?”

Here’s the good news, Liang. You’re not being sextorted. You’re just being spammed and, sadly, there are probably plenty of people who fall for this kind of bullshit and end up sending money, bitcoins, logins, or who knows what else to these scammers.

How do I know this? Well, let’s be honest with one another. Unless there’s some sort of malware on your system that’s triggering your webcam, making recordings, and then sending these recordings out to a third party that also knows exactly who you are, I don’t really think anyone has caught you doing anything you might not want to share for public consumption. And you can verify this by asking yourself a quick question: How many times have I been naked in front of my computer in the past few months?

As a corollary, you can then ask yourself this: If someone has incriminating photos or videos of me, why are they threatening me without showing me any proof? A vague “gotcha” feels like something that most people would ignore; an actual image of your naked butt arriving in an email from a stranger as evidence of a hack would be a lot harder to forget—and probably lead to more lucrative results for the attacker.

But the reason you aren’t getting proof of this sextortion is because it doesn’t exist. You haven’t been hacked. You can run a quick antivirus and antimalware scan on your system if you want, and change the passwords for any cloud-storage services you use for saving photos, but I wouldn’t spend too much time on this. You’re being baited with boring spam, but a random internet person doesn’t actually have any racy photos of you.

As for the bit about the email coming from yourself, that’s easy enough to do. A quick Google search reveals plenty of websites that you can use to spoof senders. So, again, I wouldn’t use the fact that you got an email from “yourself” as proof that someone has broken into your computer or email account and gotten their hands on your secret stash of sexy selfies. It is a clever trick that’s likely to fool some people, but not you—at least, not anymore.

In fact, I’m willing to bet that the email you received is probably one of “the usual” form letters, or “spray-and-pray” attacks, that spammers send out en masse. Even if 99.5 percent of the recipients ignore the message, the costs of blasting that spam to a group of millions of leaked email addresses are low, and the easy returns are worth the small amount of time it takes to blast out a ton of emails. You can see some examples of a typical sextortion email here; yours probably looks a lot like one of these.

While a few Lifehacker readers are probably sighing and wondering why we’re even bothering to talk about this—since it’s such an obvious bit of spam—I think it’s more useful to remember that not everyone has the same level of technological expertise. That’s why your grandparents probably hit you up all the time asking about various spam emails they get. Or, worse, why they’ve been hit with a few attacks themselves.

Spam like this taps into a primal, digital-era fear, and I bet it’s a lot more attention-grabbing than your typical “BUY thEsE PilLS for CHeAp!1!!” crap. That’s especially true if you know you’ve done anything on your devices involving your naked body, your semi-naked body, your friends’ naked bodies, or any other interesting combination. But scary spam is still spam; until someone coughs up a picture of you in a compromising position, which you should then discuss with your local police, delete the email and continue about your day. You’re fine.


Do you have a tech question keeping you up at night? Tired of troubleshooting your Windows or Mac? Looking for advice on apps, browser extensions, or utilities to accomplish a particular task? Let us know! Tell us in the comments below or email david.murphy@lifehacker.com.