Webcam Blackmail / Sextortion Email Scam
Mass-spam emails falsely claim the sender hacked your webcam and recorded you watching adult content, then demand payment to suppress the footage. The footage does not exist.
Last reviewed: 11 June 2026
What this scam is
The webcam blackmail sextortion email scam is a form of mass-distribution extortion in which automated systems send millions of identical or lightly personalised threat emails per day. Criminals purchase leaked password databases from past data breaches and merge victim email addresses with their old passwords to manufacture a convincing proof of access. Recipients who recognise their own password naturally panic, which is exactly what the scammer counts on.
In reality, no intrusion has taken place. The scammer has not accessed your device, installed malware, or recorded anything. The password is simply recycled from a years-old breach. Security researchers who have analysed these campaigns at scale confirm the emails are sent in bulk using automation, with the rare payment representing a tiny fraction of total sends — but enough to make the campaign profitable.
How it works
First, criminals compile bulk email lists combined with plaintext passwords from public breach databases available on dark-web forums. Automated tools merge the two datasets, producing personalised-looking emails at massive scale with no manual effort.
Second, the email lands in the inbox and opens with the victim's password to simulate insider knowledge. It then describes a lurid scenario of dual-screen recording, claims the victim has a limited window to pay in Bitcoin or Monero, and provides a wallet address. Some variants include a Bitcoin QR code, countdown language, or a claim that the tracking pixel in the email has already confirmed the victim opened it.
Third, if the victim pays, they are simply added to a 'confirmed payer' list and will receive further demands. If they ignore the email, the scammer moves on. No footage is ever distributed because none was ever captured.
Why this scam works
The scam exploits shame and the universal fear of private moments being exposed to family, colleagues, or employers. Even a person who has never visited an adult website may briefly wonder whether the claim is plausible — and that moment of doubt is sufficient to generate compliance in a small percentage of recipients.
The inclusion of a real password dramatically increases believability. Most people do not know that billions of email-and-password pairs are freely available online from past hacks that had nothing to do with their current device. Seeing a password they recognise feels like hard proof of access, even though it proves only that they were in a breach database.
A typical pattern
The victim receives an unsolicited email addressed to them by name. The message claims the scammer installed malware on the victim's device months ago, secretly recorded the victim through their webcam during a visit to an adult website, and simultaneously captured the video playing on screen. The scammer threatens to send the 'split-screen' recording to every contact in the victim's address book and post it publicly unless a payment — typically a few hundred to a few thousand dollars in cryptocurrency — is made within 24 to 72 hours. To create urgency and false credibility, the email often includes a real password the victim has used in the past, sourced from a publicly available data-breach leak. After the deadline passes without payment, the scammer sends one or two follow-up threats, then goes silent. No video is ever distributed because none exists.
Common red flags
- Email opens with a password you have used — but likely an old or reused one
- Demand is for cryptocurrency only, to a specific wallet address
- Artificial urgency: 24, 48, or 72-hour deadline with threats of immediate distribution
- Claim that a tracking pixel has confirmed you read the email
- Generic, impersonal writing style despite personal details like your name or password
- No evidence provided other than the password itself
- Follow-up emails with escalating language if the first is ignored
- Bitcoin or Monero wallet address printed prominently in the email body
Sanitized example messages
Illustrative, sanitized examples. Personal details are replaced with placeholders such as [phone number] and [fake link].
"I know your password is [OLD_PASSWORD]. I installed malware on your device 6 months ago and have been recording your screen and webcam. Pay [AMOUNT] in Bitcoin to [WALLET] within 48 hours or I will send the video to all your contacts."
"Subject: [OLD_PASSWORD] — Payment required. Your password above proves I have full access. A split-screen recording of you and the site you were visiting is ready to be sent to your employer and family unless you comply."
"This is your final notice. The counter is at 24 hours. Your contacts list has been downloaded. The only way to delete the file is to send [AMOUNT] Bitcoin to the address below."
"I have your browsing history and a video of you. I am giving you a chance to pay quietly. If you try to contact police I will release everything immediately."
Common variations
- Password-in-subject-line variant: the victim's password appears in the email subject to maximise open rates
- Bitcoin QR code variant: a scannable wallet QR code is embedded to reduce friction for payment
- Countdown timer variant: email claims a 48-hour JavaScript timer is running and the scammer will 'auto-distribute' if unpaid
- Workplace contact threat: scammer claims to have scraped the victim's LinkedIn and will email their employer specifically
- Fake invoice attachment variant: a PDF attachment purports to be a 'final notice' to add perceived legitimacy
- Partial-image tease variant: a blurred or cropped screenshot is attached claiming to be a frame from the recording
How to verify before you act
Check whether the included password is current or old. If it is from an account you no longer use or a password you changed years ago, it was pulled from a breach list. You can search your email address on a reputable breach-notification service to see which data leaks you appear in.
If you are still unsure, place a piece of opaque tape over your webcam and scan your device with up-to-date security software. These steps will confirm no active compromise. Law enforcement agencies in multiple countries have publicly confirmed this specific email format is a bluff campaign with no genuine video.
Payment methods used
- Cryptocurrency
- Bank/wire transfer
- Gift cards
- Money transfer services
- Payment apps to 'friends & family'
Who is usually targeted
- General public — anyone whose email appears in a data-breach database
- Adults who fear reputational damage with family or employers
- People who reuse passwords across multiple sites
- Users with older email addresses appearing in multiple breach sets
What to do immediately
- Do not pay — payment only confirms you are a viable target and will invite further demands
- Do not reply to the email or attempt to negotiate
- Change any password that appeared in the email, especially if it is still in use anywhere
- Check your email on a reputable breach-notification site to understand which leak exposed your password
- Run a full security scan on your device with up-to-date software
- Report the email to your national fraud reporting body and mark it as spam
- Tell a trusted person so you are not isolated with the anxiety the scammer is trying to create
How to prevent it
- Use a unique, strong password for every account so a breach of one site does not expose others
- Enable two-factor authentication on all important accounts
- Place a physical webcam cover or tape over built-in laptop cameras when not in use
- Run reputable security software and keep your operating system patched
- Check your email address on breach-notification services and update any reused passwords that appear
- Do not click links or open attachments in unsolicited threat emails
- Treat any unsolicited demand for cryptocurrency payment as an automatic red flag
Evidence to preserve
- Full email headers (shows routing and origin server)
- The complete email body including the wallet address
- Any follow-up emails received
- Screenshot of the received date and sender address
Where to report it
- Action Fraud (UK) — UK national fraud & cybercrime reporting centre
- FTC ReportFraud (US) — US Federal Trade Commission fraud reports
- FBI IC3 (US) — US Internet Crime Complaint Center
- Scamwatch (Australia) — Australian competition & consumer reporting
- Your bank's fraud line — Use the number on the back of your card or in your banking app — never a number the caller gives you
Always verify reporting routes and emergency contacts on the official government or agency website for your country.
Frequently asked questions
Should I pay to make this go away?
No. Law enforcement agencies and security researchers universally advise against payment. There is no recording to suppress. Paying marks you as a confirmed target and will result in further demands, not silence.
How did the scammer get my password?
The password was obtained from a publicly available data-breach dump — a database of email addresses and passwords stolen from another website you used in the past, often years ago. It does not mean your current device was hacked.
What if I actually did visit an adult website — does that mean the video is real?
No. Visiting an adult website does not create a webcam recording. The scammer has no video. The claim is a bluff sent to millions of people simultaneously in the hope that a small number will pay.
Will the scammer really contact my family and employer?
In the vast majority of cases, no — this is an automated bulk campaign and the scammer has no intention of doing the manual work of contacting individual people. Reported cases where follow-through occurred are exceedingly rare and typically involve entirely different, targeted forms of sextortion rather than this mass-spam format.