You may have arrived at this post because you received an email with an attached PDF from a purported hacker who is demanding payment or else they will send compromising information—such as pictures sexual in nature—to all your friends and family. You’re searching for what to do in this frightening situation, and how to respond to an apparently personalized threat that even includes your actual “LastNameFirstName.pdf” and a picture of your house.
Don’t panic. Contrary to the claims in your email, you probably haven't been hacked (or at least, that's not what prompted that email). This is merely a new variation on an old scam —actually, a whole category of scams called "sextortion." This is a type of online phishing that is targeting people around the world and preying on digital-age fears. It generally uses publicly available information or information from data breaches, not information obtained from hacking the recipients of the emails specifically, and therefore it is very unlikely the sender has any "incriminating" photos or has actually hacked your accounts or devices.
They begin the emails showing you your address, full name, and possibly a picture of your house.
We’ll talk about a few steps to take to protect yourself, but the first and foremost piece of advice we have: do not pay the ransom.
We have pasted an example of this email scam at the bottom of this post. The general gist is that a hacker claims to have compromised your computer and says[...]
In my case, they keep sending me pictures of my neighbors house. Oh well.
I want to reply to them telling them they should be paying me for my dick pics, but they are either using spoofed emails or compromised Gmail accounts. (They wouldn't care about a reply, even if they go to the trouble of looking for one.)
Seriously, I wish they would at least check my linked in profile first, which is yet another pointless ask because of the automation that is probably involved. I guess they don't want to talk to someone who has been in security for +20 years who's side hobby is wasting email scammers time with virtual machines that are goatse themed. Sigh.
I get one of these every few days and I report every one to gmail. As it's extortion, and illegal, I keep wondering if there's a way to encourage Google by looping in, I don't know... the FBI? Who's responsible for fraud?
Honestly, Google could so easily cut this off at their servers; the PDFs are form letters, nearly identical, and PDF is easily parsed. I'm sure we're all get the same form letter.
It's infuriating that Google doesn't seem to be putting any effort into blocking this.