-
Cybercriminals are running a new extortion email scam, threatening to sell victims’ personal data on the dark web unless they hand over $640 in Bitcoin.
-
The threatening email opens with a calculated line engineered to manufacture panic: “I want to make you an offer that you can refuse, but only once.”
-
Cybersecurity experts and law enforcement confirm the sender almost certainly holds none of the data they claim, the campaign blasts identical scripts to millions of inboxes at once.
A new email extortion scheme is hitting inboxes worldwide, confronting recipients with a cold ultimatum, paying $640 in Bitcoin or watching your most sensitive personal data land on dark web marketplaces.
Local authorities picked up the scam after a recipient forwarded the threatening message for review, pulling back the curtain on a pressure campaign built entirely on manufactured fear.
The setup is straightforward and deliberate. Scammers engineer every word to overwhelm judgment before victims can stop and question whether any of it is actually real.
Scam Email Hits Victims with a Staged Ultimatum
The start of the message says “I have an offer for you that you may decline once.” The scammer claims to have a large personal record on you (including your full legal name, address, DOB, driver’s licence, SSN, as well as credit card information).
The email then introduces a staged binary choice. The sender states, “I can and intend to do two things with it. It is up to you to decide which one.” The two options are stark: criminals on the dark web purchase the victim’s data, or the victim pays $640 in Bitcoin to a wallet address embedded in the email.
The scammers are betting you don’t know that Bitcoin’s public ledger is actually a law enforcement asset, every transaction leaves a permanent trail that investigators can follow, making the criminals’ demand for crypto far less anonymous than they’d have you believe. The scammer reframes extortion as a simple transaction: pay to buy back what is already yours.
Bitcoin Payment Method Shields the Scammer from Detection
Bitcoin is popular amongst cyber thieves for collecting payments. Typically irreversible, very difficult to track, and so criminals use it to operate completely outside the normal banking and financial systems without raising any eyebrows. In the email, the bad actor places the preferred wallet address, a difficult channel that law enforcement can’t track easily.
The $640 price tag is equally strategic. Scammers set the amount low enough that many victims consider paying just to eliminate the problem, but high enough that even a tiny response rate converts a mass email blast into a profitable operation.
Security researchers note that these campaigns target thousands, sometimes millions, of addresses simultaneously. The script stays identical across every message. Only the Bitcoin wallet address rotates.
Law Enforcement Calls the Threat a Bluff: Here is What to Do
Cybersecurity professionals and law enforcement share one firm, unanimous conclusion: the sender almost certainly holds none of the personal data they describe.
These campaigns run entirely on psychological pressure, not actual intelligence. The criminals are not working from a personal file on each victim; they are firing off a mass template and betting that fear short-circuits rational thinking before the recipient asks a single question.
Do not respond to this email to avoid future attacks using that email address. Report to local authorities and also online through ic3.gov. Then delete the message and block the sender immediately.
The entire scam rests on one single bet, that the victim panics before they think. Understanding exactly how the mechanics work is already the most effective defense available.
