Skip to main content

How do filters detect ransom or blackmail patterns?

Content patterns: threatening language, urgency, cryptocurrency payment demands, claims of surveillance or hacking, and specific ransom amounts. These elements create recognizable fingerprints.

Structural signals: messages from unfamiliar senders claiming access, lack of legitimate business context, and patterns matching known campaigns. Filters learn from confirmed reports.

Reputation signals: sending infrastructure associated with extortion campaigns, links to known scam wallets, and patterns across multiple recipients. Coordinated campaigns are easier to detect than isolated messages.