Language selection


Extortion phishing scams: what they are and how to protect yourself

Scams like phishing are a big threat to your digital identity. With new types of scams popping up all the time, it’s important to know the latest methods cyber criminals are using to steal your personal data and your money – like extortion scams.

a dialogue window, surprised emojis, cursor, exclamation marks and notification with an eye on it

Extortion phishing scams are a more targeted version of phishing and are used to gain more information or money from you by using threats. Here’s a rundown of what extortion phishing scams are, what to do if you’re targeted and how to prevent them.

What is extortion phishing

Common phishing scams often use rewards to trick you into offering up personal information or downloading malware (e.g., “you’ve won a free cruise – click here!!!”). Extortion phishing messages do not offer fake incentives. Instead, they threaten you to get you provide sensitive information or money. Extortion emails will often contain some of your personal information, usually a password or another piece of private information like your date of birth. The message will state that they have more of your confidential information and will expose it online or use it unless you pay.

Although they seem very targeted, most extortion scams cast a wide net. Cyber criminals collect lists of passwords or other info through data breaches or by buying them on the dark web. They will then send an email to everyone on their list to see if someone will take the bait and respond. Often, they will ask for payment in Bitcoin or another form of cryptocurrency, which is harder to trace.

One of the most common forms of extortion is sextortion, where the cyber criminal obtains a private image or message from the sender and uses it to extort them. For more information about sextortion, check out

What to do if you’re targeted

If you think you are being targeted by an extortion phishing scam, don’t panic! Most likely, the cyber criminal doesn’t have any of your personal information other than what they are using as bait to try to extort you. You can perform an online search for some of the phrases in the extortion message to see if it’s a common scam. You should never reply to the email and never do what the email is telling you to do. If you’re still using the password that is being used to extort you, change it immediately. The best course of action is to ignore the message. If you’ve taken the proper steps to make sure your online accounts are safe, you shouldn’t have to worry about it.

If you suspect or are concerned that you have fallen victim to a cyber scam, don’t hesitate to contact the Canadian Anti-Fraud Centre to report it. You can also report the cyber incident to the Canadian Centre for Cyber Security.

How to protect yourself

Many of the same practices that apply to staying cyber safe in other areas of your online activity will protect you from extortion messages. Always use strong and complex passphrases or passwords, and never use the same password for multiple accounts. This will limit the impact if one of your passwords is stolen. A password manager can help you make your passwords strong and unique and will keep all your passwords organized.

You should be installing a reputable anti-virus software to prevent viruses from infecting your devices. It’s also important to know the signs of scams like phishing. This way, if you are targeted, you can recognize the scam and not become a victim.


Cyber criminals are always trying to find new ways to steal your information. Extortion phishing is one method that has been on the rise lately. As long as you know what to look for and what to do when you encounter an extortion phishing message, you will be less likely to become a victim.

Report a problem on this page
Please select all that apply:

Thank you for your help!

You will not receive a reply. For enquiries, please contact us.

Date modified: