top of page
  • Writer's pictureMehran Jalaei

Extortion Attempt - Real Example

Extortion emails are often attempting to trick the victim into paying large amounts of money based on a threat to expose personal information to family, work and friends.

The majority of extortion attempts are false, the attacker does not actually hold the information or data they say they do. Head of Innovation at the Cyber Resilience Centre (CRC), Detective Superintendent Neil Jones received this email recently and wanted to share it as an example of what to look out for.

The Telltale Signs of a False Extortion Attempt:

1. Email address. Note the unusual name spelling and email address used. The alias does not match the email.

2. Subject. The attacker used an old password likely to have been gained from a data breach. This is used to make the email sound authentic and evoke panic.

The CRC recommends you change your password regularly and also check your email address from data breaches using For information on how to create a strong password, visit the NCSC website here.

3. Urgency. Note the sense of urgency in the email. The attack wants the target to pay quickly, without taking a step back to question what is going on. This is often a sign of extortion and often the attacker does not actually have the ability to do what they say.

4. Cryptocurrency. Attackers often ask for the victim to pay in a cryptocurrency like Bitcoin to avoid being traced.

5. Spelling/Grammar/Punctuation mistakes. Note the highlighted mistakes in this email. This can sometimes mean that the attackers are not within the country, and so they can avoid getting caught if it is reported.

Extortion attempts should always be reported to the Suspicious Email Reporting Service by simply forwarding the email to This service has brought down hundreds of fake accounts and malicious website.

Never pay the demand! Once you have paid the attacker, there is little chance of retrieving the money and it may leave you open for more attempts.


How can we support your business?

Phishing 292 x 219px.png

Raise your staff's awareness of phishing emails and guard your business against the growing trend of social-engineering threats.


Training your employees on what a phishing attack looks like makes them more likely to identify and report scams.

security awareness training.png

Our training package is designed and delivered by cyber experts giving you access to the most up-to-date information in an ever-changing cyber landscape.

You can purchase single-place training spots or a cyber security workshop.

Community Members

Our premium membership package is aimed at medium-sized businesses and includes bespoke security awareness training sessions.


This allows your business to train several cyber security champions and an assessment of your cyber risk. 

bottom of page