Fake OSINT Exposure Threat Scam via Email
Scammers email targets claiming to have compiled a damaging open-source intelligence dossier — home address, workplace, family details — and demand payment to prevent its release, when in reality the 'dossier' is often bluffed or built from already-public information.
Part of: Fake OSINT Exposure Threat Scam
Last reviewed: 5 July 2026
Publicly available records, old social media posts, and data broker listings mean almost everyone has some findable personal information online, and email extortionists exploit this by presenting a curated list of those already-public details as if it were a dangerous, secret exposure they are uniquely capable of releasing.
How this scam works on Email
An email arrives listing some combination of the target's home address, workplace, phone number, family members' names, or other identifying details, framed as evidence the sender has compiled a thorough 'open-source intelligence' profile that will be published, sent to employers, or shared publicly unless a payment is made. The information cited is frequently pulled from data broker sites, old public records, or previously leaked breach data rather than through any special hacking or investigative effort, but the framing is designed to make the sender appear far more capable and threatening than they actually are.
Because the details included are often genuinely accurate — since they came from real public sources — the target can feel the threat is more credible than it is, even though publishing already-public information typically has limited real-world impact and the sender frequently has no actual additional damaging material beyond what was listed. The demand is usually for cryptocurrency payment within a short deadline, with vague threats about the consequences of non-payment designed to prevent the target from taking time to verify how serious the claim actually is.
Common red flags
- Email cites personal details that are findable through a basic public records or data broker search
- Threat to 'expose' information that, on inspection, is not actually private or sensitive
- Payment demanded in cryptocurrency within a short deadline
- Sender provides no verifiable additional evidence beyond publicly available information
- Language is generic and could plausibly apply to many different targets with minor edits
- No specific, credible sensitive material is actually described beyond vague threats
How to protect yourself
- Do not pay; verify what information is genuinely public before assuming the threat has real substance
- Search your own name and details to understand what data broker or public record information is already accessible
- Use data broker opt-out services to reduce your publicly findable personal information going forward
- Do not engage or reply to the sender, since responding confirms the email address is active and monitored
- Report the email rather than negotiating, since payment does not guarantee the sender will not repeat the demand
- Tighten social media privacy settings and remove old posts that may have contributed to the compiled information
How to report it
- Report the email to your email provider's spam and phishing reporting tool
- Report the extortion attempt to the FBI's IC3 (ic3.gov) or your national cybercrime reporting center
- Report the wallet address, if cryptocurrency payment was demanded, to crypto fraud tracking services
- Contact local law enforcement if the threat includes specific, credible harm beyond generic exposure claims
Frequently asked questions
Is the information in these emails usually real or fabricated?
It is often genuinely accurate but sourced from already-public records, data broker listings, or old breach data rather than from any special investigative or hacking effort, which makes the threat far less serious than it initially appears.
Should I respond to try to negotiate with the sender?
No. Responding confirms your email is active and monitored, which can invite further extortion attempts rather than resolving the situation.