Con sextortion scam spoofing social engineering attacks

Sextortion Scam Breakdown: How Email Header Analysis Exposed a Fake “Hacker” Threat

The Email That Claimed to “Hack My Webcam”

This week, I received a classic sextortion email — the type that claims to have hacked your device, recorded you through your webcam and threatens to publish videos unless you pay a Bitcoin ransom. These scams rely on fear, urgency and embarrassment. But instead of reacting, I analysed it.

What the Scammer Claimed

The message followed the standard script:

  • “I installed a Trojan on your device.”
  • “I recorded you through your webcam.”
  • “Send $1250 in Bitcoin to avoid exposure.”
  • “I will publish the videos if you contact the police.”

None of this was true — but the scammer was counting on panic, not logic.

The Real Evidence Was in the Email Headers

The most valuable lesson came from analysing the email headers. While the “From” address appeared to be a legitimate blueyonder.co.uk account, the authentication checks told a different story:

  • SPF: softfail — the sending server was not authorised
  • DKIM: none — no cryptographic signature
  • DMARC: fail — the domain rejected the message
  • Source IP: 187.73.200.111 — traced to a Brazilian host, not Virgin Media

These indicators confirmed the email was spoofed. No hack. No Trojan. No access to my device.

Why These Scams Work

Sextortion emails are designed to bypass technical defences and attack human psychology. They use:

  • Fear of embarrassment
  • Urgency (“48 hours to pay”)
  • Technical jargon to sound credible
  • Bitcoin wallets to avoid traceability

For many people, the emotional shock is enough to trigger payment — which is exactly what the attackers want.

How to Protect Yourself

  • Do not reply to the email
  • Do not pay the ransom
  • Check the email headers for SPF/DKIM/DMARC failures
  • Change any old or reused passwords
  • Enable multi-factor authentication on all accounts
  • Run a malware scan for peace of mind

These scams are mass‑mailed. They are not targeted and the attacker has no access to your device.

Turning This Into a Teachable Moment

This experience reinforced something I teach SMEs regularly: cyber security is not just about tools, it’s about understanding how attackers manipulate trust, identity and emotion.

Email header analysis is a powerful skill — and once you know what to look for, scams like this become easy to spot.

Call to Action: Strengthen Your Cyber Security Decision-Making

At Lockdown Market, I help SMEs build a structured, defensible approach to evaluating cyber threats and vendor risks. If you want to move beyond gut feeling and guesswork, explore the SME Cyber Security Vendor Evaluation Framework.

Explore the framework

If you’ve received similar emails or want help analysing suspicious messages, reach out. Raising awareness is one of the simplest ways to strengthen our collective security.

Tags

Comments