Alert Priority HIGH: Beware of scam emails threatening to reveal intimate images

Updated: Oct 7, 2019

What’s happened?

Members of the public have reported receiving scam emails that appear to come from their own email account, threatening to reveal intimate images of them unless they pay a fee.

This email scam is widespread, with the Australian Cyber Security Centre, Office of the eSafety Commissioner and Scamwatch receiving over 300 reports from the public this week.

How it works

This scam uses a tactic known as ‘sextortion’ – a form of online blackmail where a cybercriminal threatens to reveal intimate images of someone online, often to their friends and family, unless they pay a ransom quickly (often in cryptocurrency).

The scam uses ‘spoofing’ to make the email look like it’s come from your own email address. Email spoofing occurs when email addresses are manipulated to come from a different source, but display as a legitimate address. This is a technique commonly used by cybercriminals to make their scam seem real.

How do I stay safe?

  1. If a blackmailer is threatening to reveal intimate images of you online, do not give in to their demands, it is most likely a fake threat.

  2. Report it to the Office of the eSafety Commissioner. (you can find the matching eSafety agency in your country by googling: cybersecurity government agency in <country name>)

  3. If you receive one of these emails, don’t give the perpetrator any money or images, and stop all contact with them. In Gmail you can open the scam email and tap on the 3 dots menu and select Report phishing (similar options will be found in other email programs). This will alert your email account company and they will warn others and block such emails from coming to other users.

  4. If you’re concerned about your physical safety call Triple Zero (000) or contact your local police.

  5. Change your passwords for all social media and online accounts – including your email account – straight away, and review your privacy and security settings.

  6. Cybercriminals can use your personal details to their advantage, like manipulating your email address if it has been caught up in a data breach.

  7. You can check if any of your email addresses have been in a data breach by visiting and type in your email address. If there are some that come up gop to those websites and change your password.

  8. Additional Setup from Cyberkite: Visit Cyberkite website and select Book a Cybersecurity Healthcheck to book us for a cybersecurity healthcheck or select Request a Quote of you need an overhaul of your small business IT security.

More information

If you have experienced image-based abuse, you can also contact the Office of the eSafety Commissioner to report and seek support, including links to counselling support services. You can report scams to Scamwatch: (you can report a scam in a similar way in your country by googling: report an email scam in <country name> )


© 2019 Australian Government. All rights reserved.

Republished by Cyberkite with additional notes.

97 views0 comments

Recent Posts

See All

About our Authors: 

Michael Plis

IT Intern

Do you want to listen to this blog? 

If you are using Chrome install Read Aloud extension & and let it read for you. 

Or paste the text to Google Translate and hit read aloud. 5000 word limit - so you may have to split. 

  • RSS Social Icon
  • Follow us on Google
  • LinkedIn
  • Instagram
  • YouTube
  • Facebook
  • Twitter

© ™ Cyberkite & Logo - All Rights Reserved - Updated 2021 - ABN: 78346678744 - Australia - Site Feedback