NEWYou can now listen to Fox News articles!
You open your inbox and see a message that instantly makes your stomach drop. Someone claims they have your passwords, your files, your credit card details and your entire digital life. They say they will sell everything on the dark web unless you pay them quickly.
One reader, Bobby D, wrote to us after receiving a message exactly like this.
"I received the attached email, and I'm wondering what to do. I have the capability to mark it as Spam with my email provider, Earthlink. Because of its threatening nature, is there any other type of action you can recommend? I was wondering if just designating as spam, there really would be no deterrence for the sender?"
It feels personal. It feels urgent. And it feels terrifying. Then you actually read the email. "I have your complete personal information... I will send this package to dark net markets... Or you can buy it from me for 1000 USD in Bitcoin..."
If this looks familiar, you are not alone. This exact extortion scam email is hitting inboxes everywhere right now.
Get my best tech tips, urgent security alerts, and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join my CYBERGUY.COM newsletter.
Extortion scam emails often claim hackers stole your data and demand Bitcoin, but they rarely include any real proof. (Kurt "CyberGuy" Knutsson)
Why this extortion email is a scam
At first glance, the message sounds confident and detailed. That is intentional. Once you slow down, the warning signs are obvious.
The sender claims they stole everything but provides no real evidence. There are no screenshots, no passwords and no files attached. Scammers rely on fear, not facts.
Phrases like "a multitude of files" and "your devices" sound dramatic but say nothing specific. Real breaches include details. Scams stay vague.
Any email demanding Bitcoin while warning you not to tell anyone follows a classic scam formula. Legitimate companies do not operate this way.
This email is not personal. It is part of a large campaign sent to thousands of addresses at once. The goal is to scare a few people into paying.
MICROSOFT 'IMPORTANT MAIL' EMAIL IS A SCAM: HOW TO SPOT IT
These messages rely on fear and urgency to push people into acting before they have time to think. (Photo by Annette Riedl/picture alliance via Getty Images)
How scammers got your email address
Here is the uncomfortable truth. Your email address likely appeared in an old data breach somewhere online. That does not mean your computer, phone or accounts are hacked. Scammers buy leaked email lists, then send threatening messages in bulk. Even one payment makes the entire operation profitable. They are playing the odds, not targeting you.
If you receive an email like this, here is the correct response.
Responding confirms your address is active and can lead to more threats.
Step 2: Do not send money
Paying does not make you safer. It only signals that the scam worked.
Step 3: Mark it as spam or phishing
Flagging the email in EarthLink or any provider helps train spam filters. It reduces how often these messages reach you and others.
Once it is reported, remove it and move on. To Bobby's question, yes, marking it as spam absolutely helps. It does not stop the sender directly, but it protects you and others from future scams.
APPLE APP PASSWORD SCAM EMAIL WARNING
Slowing down and verifying information independently is often all it takes to break the scam’s grip. (Kurt "CyberGuy" Knutsson)
Ways to stay safe from extortion scam emails
You cannot stop scammers from trying. You can stop them from succeeding. These steps reduce risk and remove the fear factor.
1) Use unique passwords for important accounts
Reused passwords make old data breaches more dangerous. A password manager helps you create and store strong, unique passwords.
Next, see if your email has been exposed in past breaches. Our #1 password manager (see Cyberguy.com) pick includes a built-in breach scanner that checks whether your email address or passwords have appeared in known leaks. If you discover a match, immediately change any reused passwords and secure those accounts with new, unique credentials.
Check out the best expert-reviewed password managers of 2026 at Cyberguy.com.
Two-factor authentication (2FA) adds a second layer of protection even if a password leaks.
3) Keep devices and software updated
Updates close security gaps scammers rely on. Automatic updates offer the strongest protection.
4) Remove your personal data from the web
Data removal services help limit how much personal information scammers can find and misuse. By limiting the information available, you reduce the risk of scammers cross-referencing data from breaches with information they might find on the dark web, making it harder for them to target you.
Check out my top picks for data removal services and get a free scan to find out if your personal information is already out on the web by visiting Cyberguy.com
Get a free scan to find out if your personal information is already out on the web: Cyberguy.com
