You open your inbox and find a threatening email: someone claims they've hacked your webcam, recorded you in a compromising situation, and will send the footage to your contacts unless you pay them in Bitcoin. It's alarming — but in nearly every case, it's a scam. Here's exactly what to do.
What Is a Sextortion Email?
Sextortion emails are a form of phishing scam where attackers send mass emails claiming they've recorded you through your webcam while you were visiting adult websites. They threaten to release the footage to your friends, family, and coworkers unless you pay a ransom — usually in cryptocurrency.
These emails often include personal details to make the threat seem credible:
- Your real password (usually from an old data breach)
- Your email address appearing as both sender and recipient (spoofed to look like they hacked your account)
- Your full name or phone number
- A partial home address or even a Google Street View image of your home
Despite these convincing details, these emails are almost always completely fake. No recording exists. The scammers are using personal information from past data breaches to scare you into paying.
How Scammers Get Your Information
The personal details in sextortion emails — passwords, phone numbers, addresses — typically come from data breaches. Your information may have been exposed in breaches from LinkedIn, Adobe, Dropbox, or countless other companies, and is now available on dark web marketplaces. Scammers buy this data in bulk and use it to craft more convincing threats.
What NOT to Do
When you receive a sextortion email, resist the urge to panic. Here's what you should never do:
Don't Pay the Ransom
This is the most important rule. Never pay. Scammers send millions of these emails and have no actual compromising material. Paying only confirms you're a responsive target and often leads to increased demands for more money.
Don't Respond to the Email
Any response — even an angry one — confirms that your email address is active and monitored. This makes you a more valuable target for future scams.
Don't Click Any Links or Attachments
Sextortion emails may contain malicious links or attachments that can install malware, keyloggers, or ransomware on your device. Never click anything in the email.
Don't Forward It to Friends or Family
Don't spread the scam by forwarding it. If you need to share it for reporting purposes, take a screenshot instead.
What TO Do: Step-by-Step
Step 1: Don't Panic
Take a deep breath. Remember that these emails are sent to millions of people using automated tools. The scammer has no footage of you. The personal details they included came from old data breaches, not from hacking your computer.
Step 2: Mark as Spam and Delete
Mark the email as spam in your email client and delete it. This helps train your spam filter to catch similar messages in the future.
Step 3: Change Your Passwords
If the email included one of your actual passwords, change that password immediately on every account where you used it. This is critical — it means your password was exposed in a data breach and could be used to access your accounts.
- Use a unique, strong password for every account
- Use a password manager to generate and store complex passwords
- Never reuse passwords across multiple sites
Check If Your Passwords Are Compromised
Visit haveibeenpwned.com to check which of your accounts have been involved in data breaches. This free service maintained by security researcher Troy Hunt will show you exactly which breaches exposed your information, so you can prioritize which passwords to change first.
Step 4: Enable Two-Factor Authentication
Add two-factor authentication (2FA) to all important accounts, especially your email, banking, and social media accounts. Even if a scammer has your password, 2FA prevents them from accessing your account without a second verification code.
Step 5: Report the Scam
Report the sextortion email to the appropriate authorities:
- FBI's Internet Crime Complaint Center (IC3): File a report at ic3.gov
- Federal Trade Commission (FTC): Report at reportfraud.ftc.gov
- Your email provider: Use the "Report Phishing" option in Gmail, Outlook, or your email client
- Your local police: If you feel physically threatened or if the scammer has your home address
Step 6: Scan Your Computer
While sextortion emails are almost always bluffs, it's good practice to run a full malware scan on your computer. Use reputable antivirus software to check for keyloggers, remote access trojans (RATs), or other malware that could genuinely compromise your privacy.
When to Take It More Seriously
In rare cases, a sextortion threat may be real. Take additional precautions if:
- The email includes actual photos or screenshots of you (not just generic claims)
- The scammer references specific recent online activity that couldn't come from a data breach
- You've recently shared intimate content with someone online
- The threat comes from a known individual rather than an anonymous email
In these cases, contact law enforcement immediately and preserve all evidence.
Protect Yourself From Future Scams
The best defense against sextortion scams is reducing the amount of personal information available about you online:
- Remove your data from data brokers — Sites like Spokeo, BeenVerified, and Whitepages expose the personal details that scammers use to make their threats credible
- Use unique passwords for every account and enable 2FA everywhere
- Cover your webcam when not in use for peace of mind
- Monitor for data breaches so you know immediately when your information is compromised
PrivacyOn helps protect you by removing your personal information from 100+ data broker sites, monitoring the dark web for your exposed credentials, and alerting you to new threats. With 24/7 monitoring and plans starting at just $8.33/month, PrivacyOn reduces the personal data that scammers can weaponize against you.