A New Email Scam Is Shockingly Realistic: Here's Everything You Need To Know About Protecting Yourself

Imagine receiving an email that makes you question your own privacy and security. An unknown sender sends you a message with a picture of your house and address, followed by a threatening tone: “Don’t even try to hide from this. You have no idea what I’m capable of….I’ve got footage of you doing embarrassing things in your house (nice setup, by the way).” Sounds like a scene out of a horror film, right? Instead, it's one of the latest phishing scams that uses specific personal information to deceive people into sending money.

The email convinces people that the hacker knows more about them and that they must exchange payment or Bitcoin in order to keep their information safe. “I received a PDF over email that included my address and photo of the address and made outrageous claims about my private behavior, and claimed to have video documentation captured from spyware on my computer,” Jamie Beckland, a chief product officer at the tech company APIContext, told HuffPost. “The scammer threatened to release the video if I didn’t pay them via Bitcoin.”

How Scammers Obtain Your Personal Information

According to Al Iverson, a cyber expert and industry research and community engagement lead at the software company Valimail, the sender likely found your address from a prior data breach that leaked personal data, and then used a Google Maps photo to put together an email. Beckland was able to confirm this is a scam by comparing the image in the PDF to the Google Maps street view of his house. Most images in these scams are pulled from online sources, so he recommends that people check to see if the image was copied from the internet.

Verify the Email Address and Check for Legitimacy

Iverson recommended checking the email address' legitimacy whenever you receive any correspondence from unknown users. “Check whether the sender’s email domain matches the official organization’s website,” he said as one example. “Also, if using Gmail, look for ‘show original message’ and review SPF, DKIM, and DMARC results.” These are essentially methods that verify the emailer's domain to prevent spam, phishing attacks and other email security risks.

Be Cautious of Links and Payment Demands

Scammers have become very sophisticated when masking domains. As a result, beware of “lookalike” domains with slight spelling variations. According to Iverson, if something seems too good (or too bad) to be true, it probably is. Another thing to keep an eye out for is if a scammer sends a message “from” your own email address. Oftentimes, they are just spoofing your email address in the “from” address header.

Zarik Megerdichian, founder of Loop8, a company that protects personal data and privacy from data breaches and hackers, strongly cautions against clicking on unfamiliar links, especially related to payments. Bitcoin transactions are irreversible, as are many other common payment methods including Cash App and Zelle. “Exercise caution any time you’re asked to click on a link in an email,” Megerdichian said.

Protect Your Data and Report Scams

Megerdichian also noted that if a hacker has obtained details about your financials, monitor your bank accounts closely and dispute fraudulent charges with your bank, cancel your cards and preventatively stop future charges. It’s also highly advisable when confronted with an elaborate scam to change all of your passwords.

Don't Engage with the Scammer

According to Yashin Manraj, CEO of Pvotal Technologies, a company that creates secure tech infrastructures for businesses, it's essential to protect your data right away if you suspect it’s been compromised. “Use a new email address if possible and move critical financial or utilities to it, and then start reporting the case to the local police, the FBI and making sure your family is aware of the potential threat of a public shaming in the unlikely event that they did manage to steal some compromising data,” Manraj said.

Final Tips for Staying Safe

Do not engage with the scammer. It might feel tempting to respond to an email (especially ones that seem very realistic) to negotiate with the scammer, but it's advisable to disengage and ignore these emails because responding can actually place you on call logs and target databases that will make you vulnerable to further attacks.

Isolate your home network via a separate Wi-Fi or router, using a VPN to connect to the internet. Most importantly, do not ask for specific help on public forums, especially when uploading logs or error messages. “Be especially careful when using virtual numbers and password managers on unpopular websites to avoid reusing personally identified information that could be used to access your important financial services,” Manraj explained.

Finally, be mindful about what data you are sharing in the future. Users should remember that data is a commodity, and businesses today collect too much information (often more than they need to complete the transaction at hand). When signing up for new websites or downloading apps, Megerdichian suggests avoiding oversharing. “Always ask yourself, do they really need to know that? It’s up to consumers to be proactive when it comes to their personal data,” Megerdichian said.

This article originally appeared on HuffPost. Stay safe online!