Sextortion Email Script
An email claims the sender hacked your webcam and recorded compromising footage while you visited an adult website, often including an old password of yours as "proof," and threatens to send the footage to your contacts unless you pay in cryptocurrency within a deadline. In the vast majority of cases, no such recording exists — the password shown was taken from an old, unrelated data breach, not from live access to your device. The scammer relies on shame and fear of exposure to make you pay quickly without telling anyone. The most important step is to not pay, not reply, and change the password shown if you still use it anywhere.
Last reviewed: 1 June 2026
Sanitized example messages
Illustrative, sanitized examples. Personal details are replaced with placeholders such as [phone number] and [fake link].
I have full access to your device and have been monitoring you. I recorded footage via your camera while you visited adult sites.
Your contact list is ready. If you don't send [amount] in Bitcoin to [wallet address] within 48 hours, everyone will see the video.
To prove access, your password is [old leaked password]. Don't try to change it — I have full control.
Delete this email and I release it to your contacts. Pay and it disappears. The choice is yours.
What the scammer wants
To use fear and shame to make you pay quickly without stopping to think. The password shown is typically from a historical data breach, not live device access — no recording exists in the vast majority of cases.
Red flags in the message
- Email opens with a real old password — sourced from a data breach, not your device
- Claim of webcam recording with no actual evidence provided
- Demand for cryptocurrency payment to a wallet address
- Short deadline to prevent you pausing and thinking
- Shame and isolation tactic — 'don't tell anyone'
- Mass-sent template with minor personalisation
- No actual screenshot or clip provided as proof
A safe response
Do not pay. This type of email is sent en masse using old breach data. Cover your webcam if it makes you feel better, change the exposed password, and mark the email as spam. Paying does not guarantee any outcome.
What not to send
- Cryptocurrency payments
- Any reply to the sender
- Personal information
What to do if you already replied
- If you paid, document the wallet address and report it to your national cybercrime authority
- Change the password that appeared in the email and any account using the same password
- Enable two-factor authentication on key accounts
- Contact a support line if you are feeling distressed — you are not alone
- Report the email to your email provider
Evidence to preserve
- Screenshot the full message or call details
- Note the sender number, email, or profile
- Save any links (without clicking) and payment details
- Record dates and times
Frequently asked questions
They quoted my real password in the email — doesn't that prove they hacked my webcam?
No, that password almost certainly comes from an old, unrelated data breach where your email/password combination was leaked and is now being reused in these mass-sent emails, not from any live access to your device. Change that password anywhere else you've reused it.
How do I know for sure they don't actually have a recording?
These emails are sent identically to enormous numbers of people using leaked password lists, and virtually none involve any actual recording or spyware — it's a bluff designed to sound personal. This mass pattern is characteristic of the scam.
Should I pay just in case it's real, since the amount feels manageable?
No, paying doesn't make the threat go away — scammers often continue demanding more once they know you'll pay, and payment confirms your email is worth targeting again. Not paying is the recommended response in the vast majority of these cases.
What should I actually do after receiving one of these emails?
Don't reply or pay; change the leaked password anywhere you reused it, enable two-factor authentication on important accounts, and check if your email appears in known data breaches using a reputable breach-checking service. You can also report the email to your provider as phishing.