Sextortion Threat Email Scam Script
This email claims the sender has secretly recorded you through your webcam while viewing adult content and threatens to send the footage to your contacts unless you pay a ransom in cryptocurrency, often within a tight deadline. To appear credible, the message may include an old password of yours pulled from a previous data breach. In reality, the scammer almost never has any actual footage; they're relying on shame and fear to make you pay quietly without telling anyone. The most important step is to not pay, not reply, and recognize a leaked password is not proof of a hack.
Last reviewed: 1 June 2026
Sanitized example messages
Illustrative, sanitized examples. Personal details are replaced with placeholders such as [phone number] and [fake link].
I have been watching you for some time. I placed malware on an adult site you visited and it activated your webcam. I have footage of you and your browsing history. Pay [amount] in Bitcoin to [wallet] within 48 hours or I send it to all your contacts.
You may not know me but I know a lot about you. I have recorded you using your own camera while you visited [type of site]. Send [amount] BTC to avoid having this shared with your employer and family.
Your password is [old leaked password]. I have access to your device and have captured footage of you. Transfer [amount] in cryptocurrency within 24 hours or the recording goes public.
I have access to your email because your password was compromised. I installed a keylogger and have footage. This will disappear for [amount] in Bitcoin. The clock is running.
What the scammer wants
To frighten victims into paying a crypto ransom through shame and fear. The scammer almost never has genuine footage — they use leaked passwords from old data breaches to appear credible.
Red flags in the message
- Email includes a real old password harvested from a public data breach
- Claims of webcam recording without any actual footage shared
- Demand for Bitcoin or other crypto to a specific wallet address
- Tight deadline — 24 or 48 hours to pay
- Threat to send video to your contact list
A safe response
Do not pay. These emails are mass-blasted using leaked passwords — the scammer has no footage. Change the exposed password if it is still in use, and mark the email as spam.
What not to send
- Cryptocurrency payments
- Any personal confirmation that you viewed adult content
- Replies engaging with the threat
What to do if you already replied
- Do not pay further — payments do not stop the emails, they mark you as a target
- Change the password that appeared in the email everywhere you use it
- Report to the FBI IC3 (ic3.gov) or Action Fraud
Evidence to preserve
- Screenshot the full message or call details
- Note the sender number, email, or profile
- Save any links (without clicking) and payment details
- Record dates and times
Frequently asked questions
They included one of my real old passwords — doesn't that prove they hacked my webcam?
No — that password almost certainly came from a previous, unrelated data breach that's been circulating online, not from hacking your device. It's used purely to scare you into believing the rest of the claim, even though there's no actual footage involved.
Should I pay just to be safe, since it's not that much money?
No — paying doesn't guarantee anything will stop, and scammers frequently demand more money afterward or continue threatening regardless of payment, since they have no real leverage to begin with in almost all cases. It's better to ignore and report the email instead.
I'm scared and embarrassed — who can I even tell about this?
You can report it to your email provider and to a national cybercrime or fraud reporting agency without needing to explain any embarrassing details, since the content described is a well-known scam template, not evidence of anything you actually did. Consider talking to someone you trust — this scam relies on isolation and shame to work.
Should I change my passwords because of this?
Yes, it's good practice to change the password that was mentioned, and any other account still using it, and enable two-factor authentication where possible, since that password being circulated is a real, if unrelated, security concern worth addressing.