Gmail, Yahoo, and Outlook users in the UK have received a new email advisory that should not be overlooked as it could lead to serious consequences. The recent alert was issued by the team at Action Fraud, who have noted a significant increase in ‘extortion scams’ targeting email users.
Reports indicate that there were only 133 instances of these deceptive emails detected in February 2025, but this number surged to 2,924 reports in the following month of March.
The alarming messages typically allege that hackers have been monitoring the victim’s computer and possess evidence of visits to adult websites. Some recipients are even threatened with the release of videos recorded via their webcam during browsing sessions if a ransom is not paid.
Moreover, the new wave of emails often contains personal details such as authentic passwords or home addresses, which are suspected to have been acquired from previous data breaches.
A victim shared his encounter with an extortion email demanding a payment of $500. Recognizing the scam, he deleted the emails. However, he later discovered that his social media and bank accounts had been hacked, and he was locked out of them.
Detective Chief Inspector Hayley King, Head of Prevention at the National Fraud Intelligence Bureau, emphasized the lengths to which criminals go to make such scams convincing. She advised recipients of suspicious emails to forward them to report@phishing.gov.uk and delete them promptly. If genuine personal information is found in an email, it may have been sourced from a historical data breach, prompting users to verify if they have been impacted previously.
In the event of extortion, individuals are urged to contact their local police force or call 101 if they suspect someone possesses compromising images of them. Action Fraud recommends refraining from engaging with phishing emails and advocates forwarding them to report@phishing.gov.uk.
The presence of legitimate passwords or personal data in phishing emails can indicate a potential past data breach impacting users. If a password included in a phishing email is still in use, immediate action to change it is advised.