Is a 'we have your browsing history' extortion email real?
Almost never. These are mass-sent sextortion scripts designed to exploit fear — the sender almost certainly does not have your browsing history or webcam footage.
Last reviewed: 1 June 2026
Explanation
Sextortion emails follow a well-documented template: they claim the sender has installed malware on your device, recorded you via webcam, and will share the footage with your contacts unless you pay in Bitcoin within a short window. To appear credible, some versions include a real password you once used, sourced from a publicly available data breach database. The password inclusion is a psychological hook — it does not mean the sender has current access to your device or accounts. These emails are sent in bulk to millions of addresses with no actual surveillance behind them. Do not pay. Change any password referenced in the email if you still use it anywhere.
Common red flags
- Email claims to have webcam footage or compromising browsing data
- Payment demand in Bitcoin or another cryptocurrency
- Deadline of 24-72 hours to pay
- Email includes an old password to appear credible
- Sender threatens to contact all your email or social media contacts
What to do now
- Do not pay — payment does not stop the extortion and may invite further demands
- Change the password referenced in the email on any account still using it
- Check haveibeenpwned.com to find which breach exposed that password
- Report the email to your national fraud authority
Frequently asked questions
How did the sender get my old password?
Old passwords appear in data breach dumps that are freely traded on criminal forums. The inclusion of your real password in the email does not mean your current device has been compromised.