Following the recent data breach involving our vendor Canvas in April 2026, we anticipate an increase in fraudulent extortion emails targeting our users. These emails often use leaked information such as old passwords or contact details to create a false sense of urgency and trick you into paying a ransom. It is important to remember that these are automated bluff campaigns designed to incite panic. The sender does not have control of your device or access to your private files. This guide will show you how to identify these threats, why you should ignore them, and the correct steps to take if one reaches your inbox.
Example of an Extortion Email
Subject: Information about your online security
Hello,
We are the ShinyHunters hacking group.
A few months ago, we gained access to your devices and started monitoring your online activities.
What happened:
We gained access to the Amtrak.com database where you have an account and easily accessed your email.
You weren't very careful about the links you opened.
A week later, we installed an exploit on your devices, including your phone, giving us access to your microphone,
camera, keyboard, and all your data.
We have your photos, browsing history, conversations, and contact list.
Among other things, we discovered that you frequently visit adult websites and watch explicit videos.
We managed to record you and created videos of you pleasuring yourself.
With a few clicks, we can share these videos with your friends,
colleagues, and family or even make them public.
Proposal:
Send us $2000 in Bitcoin to the following wallet:
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
We'll delete everything immediately.
You have 48 hours from the moment you open this email.
Once the payment is received, we'll remove the malware from your devices.
What you should NOT do:
Do not reply (email was sent from a hacked account).
Do not contact the police or anyone else—we'll release the videos along with other stuff all over the internet.
Do not try to reset your devices—everything is stored on remote servers.
What you don’t need to worry about:
We will see your payment immediately—the wallet is generated specifically for you.
We will not share your videos or other things after payment—there is no reason to continue causing problems.
How to Identify an Extortion Email
Every extortion email is different but most contain some of the following:
-
Evidence of Compromise: The email includes a legitimate password or phone number used in the past to convince you the sender has accessed your personal accounts.
-
Malware Claims: The sender asserts they have infected your computer with a "trojan" or "virus" that gave them remote control over your screen and camera.
-
Sensitive Content Threats: A claim that they have recorded a split-screen video showing you and the specific websites you were visiting simultaneously.
-
Social Shaming: Threats to send this footage to your entire contact list, including family, friends, and professional colleagues, if you do not comply.
-
Cryptocurrency Demands: Specific instructions to send a payment to a unique Bitcoin or other digital currency wallet address.
-
Artificial Deadlines: A short window of time, usually 24 to 48 hours, intended to create panic and prevent you from consulting others or verifying the threat.
-
Monitoring Warnings: A claim that the email contains a "tracking pixel" so they know exactly when you opened it, designed to make you feel watched.
-
Spoofed Sender: The "From" field may be manipulated to look like it was sent from your own email address to "prove" they have access to your account.
How to Respond to an Extortion Email
Ignoring these emails is the single most effective defense because extortion scams are built entirely on social engineering and low-cost volume, rather than actual hacking.
Here is the breakdown of why silence is your best weapon:
1. Lack of Evidence ("The Bluff")
In the vast majority of cases, the attacker has nothing. They rely on "spraying and praying" by sending millions of emails hoping a small percentage of people happen to be doing something they’d rather keep private at that exact moment.
-
The "Proof" is Public: If they show you a password, it’s usually from a 5-year-old data breach (like LinkedIn or Adobe).
-
The "Video" doesn't exist: If they actually had a video of you, they would attach a screenshot of it to prove their leverage. They don't, because they don't have it.
2. Avoid Being "Flagged" as a Target
The moment you reply, even to say "leave me alone" or "I know this is a scam", you have confirmed several things to the attacker:
-
Your email address is active.
-
You read the messages.
-
The message evaded your spam filter.
-
You are vulnerable enough to be bothered by it. This moves you from a "random list" to a "high-value target list," which they may sell to other scammers or use to ramp up the pressure on you.
3. Payment Never Guarantees Silence
Extortion is a "sunk cost" trap. If you pay once, you have proven that you have money and that you are susceptible to fear.
-
The Follow-up: Attackers often return weeks later demanding more money, claiming they "found more files" or that the first payment only covered a "temporary delay."
-
No Honor Among Thieves: There is no "contract" that says they will delete the (non-existent) data once you pay.
4. It Is a Numbers Game
The economics of these scams rely on automation. It costs a scammer almost nothing to send 100,000 emails. If they get 5 people to pay $500, they’ve made a huge profit. By not engaging, you become a "dead lead" that isn't worth their manual time to pursue.
What else can you do along with ignoring?
While you shouldn't talk to the scammer, you shouldn't do nothing internally. Instead:
-
Check Have I Been Pwned: Search your email to see which old data breach they got your password from.
-
Ensure Multi-Factor Authentication is on every important account so that even if they did have your password, they can't get in.
-
Report as Phishing to help train Hancock College's email filter to catch the similar messages for everyone on campus.