Extortion Attempt - Real Example

Extortion emails are often attempting to trick the victim into paying large amounts of money based on a threat to expose personal information to family, work and friends.

The majority of extortion attempts are false, the attacker does not actually hold the information or data they say they do. Head of Innovation at the Cyber Resilience Centre (CRC), Detective Superintendent Neil Jones received this email recently and wanted to share it as an example of what to look out for.

The Telltale Signs of a False Extortion Attempt:

1. Email address. Note the unusual name spelling and email address used. The alias does not match the email.

2. Subject. The attacker used an old password likely to have been gained from a data breach. This is used to make the email sound authentic and evoke panic.

The CRC recommends you change your password regularly and also check your email address from data breaches using https://haveibeenpwned.com. For information on how to create a strong password, visit the NCSC website here.

3. Urgency. Note the sense of urgency in the email. The attack wants the target to pay quickly, without taking a step back to question what is going on. This is often a sign of extortion and often the attacker does not actually have the ability to do what they say.

4. Cryptocurrency. Attackers often ask for the victim to pay in a cryptocurrency like Bitcoin to avoid being traced.

5. Spelling/Grammar/Punctuation mistakes. Note the highlighted mistakes in this email. This can sometimes mean that the attackers are not within the country, and so they can avoid getting caught if it is reported.

Extortion attempts should always be reported to the Suspicious Email Reporting Service by simply forwarding the email to report@phishing.gov.uk. This service has brought down hundreds of fake accounts and malicious website.

Never pay the demand! Once you have paid the attacker, there is little chance of retrieving the money and it may leave you open for more attempts.

The contents of this website are provided for general information only and are not intended to replace specific professional advice relevant to your situation. The intention of Cyber Resilience Centre for Greater Manchester (CRCGM) is to encourage cyber resilience by raising issues and disseminating information on the experiences and initiatives of others.  Articles on the website cannot by their nature be comprehensive and may not reflect most recent legislation, practice, or application to your circumstances. CRCGM provides affordable services and Trusted Partners if you need specific support. For specific questions please contact us.

CRCGM does not accept any responsibility for any loss which may arise from reliance on information or materials published on this website. CRCGM is not responsible for the content of external internet sites that link to this site or which are linked from it.


Cyber Resilience Centre GM, Manchester Technology Centre, Oxford Rd, Manchester, M1 7ED

0161 706 0940


Registered in England & Wales No.12309263.



  • LinkedIn
  • Twitter
Greater Manchester Logo Light.png

© 2021 - The Cyber Resilience Centre for Greater Manchester