Earlier this week I was contacted by an old friend who was nervous about potentially having been hacked. The message read something like this:
“I got this email saying they caught me doing something disgusting. They claim to have hacked my accounts and want Bitcoin, or they’ll share everything with my friends and family. They sent it from my own email address! Is this real? Am I screwed?”
We met up at a café in a grey and rainy Helsinki, her laptop and phone between us, the screen still displaying that unsettling subject line many of us have received at some point: I Caught You, Pervert.
It’s one of the oldest tricks in the book—sextortion scams— If you don’t know it by now, this is where scammers claim to have compromising footage of you and demand ransom not to release it out there on the world wide web. This one had all the classic markers of phishing: a spoofed email address, a generic message with just enough personal data to create panic, and, of course, the demand for cryptocurrency.
As we went through the usual cyber hygiene checklist—checking her security settings, scanning for leaks, and ensuring no real breaches had occurred—I was reminded of why my work as CEO of VALEGA Chain Analytics matters. Cybercrime isn’t just a story on the news; it’s right here in our inboxes, our phones, our lives. And despite the countless articles out there, people still fall for these scams.
Repetition is key. The more we hammer in security practices, the harder we make it for cybercriminals to succeed.
A recent Hoxhunt Phishing Trends Report confirms what we already know: phishing isn’t slowing down. Scammers are getting smarter, their tactics more polished. The report highlights that AI-generated phishing emails have become frighteningly realistic, and that people—no matter their background—are still the weakest link in cybersecurity. My own experience tracking financial crime and cyber threats in the crypto world backs this up: human error remains the biggest entry point for fraud.
So, what can you do to safeguard yourself from ending up in a hacker’s crosshairs? Start with these five key steps:
1. Change Your Passwords Regularly and UPDATE YOUR DEVICES
It’s a simple but powerful habit. Use a password manager if needed to keep track of unique, strong passwords across accounts. And no, “password123” is not a good one. Neither is “Iloveyou.” Try using a couple of random unrelated words and numbers. Similarly, make sure your devices are up to date as soon as the updates pops up, especially your phone, they carry a lot of sensitive information and for many it’s their whole lives. Updates carry with them important security patches which help safeguard your online life.
2. Close Your Tabs and Log Out
Keeping multiple tabs open—especially logged-in accounts—can expose you to session hijacking and other browser-based attacks. Shut down what you don’t need. Always log out of important accounts when you’re done. As a rule of thumb I’ll avoid having more than 10 tabs open at a time and if I have had that one tab regarding an exclusive discount deal on a “super-nice-jacket-I-wanna-buy-but-will-think-about-it” for more than 15 days, then I likely never will make a move it, so close it. Your phone or computer’s memory will thank you too.
3. Check If Your Data Has Been Leaked
Use a site like Have I Been Pwned (a safe, trusted resource) to see if your email or passwords have been exposed in data breaches. If they have, change them immediately. And don’t worry, everyone will likely have something exposed somewhere, it’s almost inevitable.
4. Enable Multi-Factor Authentication (MFA)
Even if a scammer gets your password, MFA adds an extra layer of protection by requiring a second verification step—like a code sent to your phone or something like Google Authenticator.
5. Trust No One (Online, at Least)
Got an urgent email from “your bank” or a “friend in trouble”? Verify before you act. Scammers use fear and urgency to bypass logic. If something feels off, it probably is. Remember that high level authorities like the FBI, or a Financial Supervising authority will rarely contact a private individual to help them recover your accounts and definitely won’t ask you to download software or give your passwords through the phone or whatsapp.
As my friend sipped her coffee, reassured that she hadn’t been hacked, we talked about how much cybercrime has evolved and I showed her how bad it can go for some by sharing a recently published article on YLE (Finland’s national broadcaster) of some of our work. The scammers behind these phishing attacks don’t just disappear—they evolve, adapt, and often funnel stolen funds into crypto transactions to fund even more heinous crimes, making tracking them a nightmare for traditional financial investigators.
That’s where VALEGA Chain Analytics steps in. We connect the dots between phishing scams, financial fraud, and crypto-related crime, helping law enforcement and businesses track down cybercriminals.
Because at the end of the day, it’s not just about stopping one scam—it’s about staying ahead of the next one.