Phishing and Extortion Scams After Security Breaches

Attorney General Bill Schuette wants you to know about reports of a phishing and extortion scam using hacked information that came from a security breach. The Alert educates about how to SPOT and STOP this scam and, given the recent news about the security breach at Facebook, how to report suspicious Facebook emails and messages.

In the news:

A recent attack on Facebook’s computer network exposed the sensitive personal data of millions of users. That information could be used in phishing and extortion scams.

What you need to know

Phishing is a type of scam that starts with an email, text message, or phone call that pretends to be from a legitimate source. The message will tell a plausible story related to a need for you to verify or provide your personal information. The goal is to get you to enter your personal information into a fake website or extort money from you.

Phishing scammers try to get their hooks in you. Don’t take the bait. Learn the signs of a phishing scam and the steps you can take to avoid being scammed. Read our Consumer Alerts Fraudulent E-Mail Thieves Intend to Steal Your Personal Information and Data Breaches: What to Do Next.


These scams may use recently hacked data as well as data hacked years ago.

Recent extortion phishing scam

The Attorney General has received reports of a recent scam using hacked information threatening to expose the recipient’s alleged viewing of adult videos unless the sender is paid $1,000 in Bitcoin.  The email was fraught with misspelled words, grammar errors, and mismatched links. However, the email correctly cited the recipient’s password information for an online account.

Spot it: Watch out for phishing attempts.

Waving red flagLook for messages with misspellings, typos, and bad grammar.

Waving red flagLook for messages that use your password or some of your personal information.

Waving red flagLook for mismatched links that you can spot by hovering your mouse over a link that does not match the stated destination.

Waving red flagBeware any unsolicited message that asks you to click on a link, open an attachment, or verify your personal information.

STOP it: Consider what you share and who you share your personal information with.

Waving red flagNever reply to emails, calls, texts, or pop-ups that ask for verification or your personal information.

Waving red flagReview your privacy settings and take advantage of Facebook’s security options.

Waving red flagChange your passwords and security questions: do not recycle old passwords.

Waving red flagReport suspicious emails and Facebook messages to

To report a scam, file a complaint, or get additional information, contact the Michigan Department of Attorney General:

Consumer Protection Division
P.O. Box 30213
Lansing, MI 48909
Fax: 517-241-3771
Toll free: 877-765-8388
Online complaint form

The Attorney General provides Consumer Alerts to inform the public of unfair, misleading, or deceptive business practices, and to provide information and guidance on other issues of concern. Consumer Alerts are not legal advice, legal authority, or a binding legal opinion from the Department of Attorney General.