Don’t Fall for the “I’ve Accessed Your Device” Email Scam
Written by: Thomas Orsolya
Published on:
The “I’ve accessed your device” email is a chilling message that no one ever wants to find in their inbox. It’s a scam that has been making the rounds recently, preying on people’s deepest fears and insecurities. The email claims that the sender has gained access to your personal devices, has compromising information about you, and threatens to expose it unless you pay a ransom. This devious scheme, also known as sextortion or blackmail scam, is designed to manipulate victims into parting with their money. But don’t panic just yet – in this article, we’ll dive deep into the mechanics of this scam, explore how it works, and let you know how to protect yourself from falling victim to these digital extortionists.
This article contains:
Scam Overview
The “I’ve accessed your device” email scam, also known as sextortion or blackmail scam, is a type of phishing attack that aims to manipulate victims into paying a ransom. The scammer sends an email claiming to have gained access to the recipient’s devices, including their computer, phone, and even webcam. They assert that they have obtained sensitive information, such as personal files, browsing history, and compromising video footage of the victim. The email often contains specific details, such as a password or a snippet of personal information, to lend credibility to their claims.
The scammer then threatens to release the alleged compromising material to the victim’s contacts, friends, and family, as well as post it on social media platforms and other public forums. They demand a ransom payment, typically in cryptocurrency like Bitcoin, within a specified timeframe to prevent the release of the information. The email is carefully crafted to instill fear and panic, pressuring the victim to comply with the demands.
What makes this scam particularly concerning is the psychological manipulation employed by the scammers. They prey on people’s deepest fears and insecurities, exploiting the idea that everyone has something to hide. By claiming to have access to private moments captured through the victim’s webcam, the scammers create a sense of vulnerability and exposure. They also use time pressure tactics, setting a deadline for payment and emphasizing the urgency of the situation.
Here is how the “I’ve accessed your device” email scam looks:
Your time is dwindling down to nothing.
I’ve accessed your devices through certain websites you’ve visited. Those sites made it possible for me to get in. One of them had a special code I used, which worked perfectly. Now, I can see everything happening on your screen and even around it.
If you don’t believe me, you can stop reading right now. I won’t waste my time with you, and I’ll just release all this information about you on every social media platform and send it to everyone you know.
I’ve saved copies of your most interesting files and have the contacts you interact with most frequently. I also have access to your entire browsing history. I have all the data I need. At first, I thought of deleting everything I found on your devices and moving on. But after reviewing the sites you regularly visit, I changed my mind. I’m referring to the sites with questionable content.
Then I came up with an idea. I took screenshots of the sites you visit when you’re alone. After that, I managed to capture video footage of you using your camera in some rather private moments. /* By the way, I had to wait for the right opportunity to capture you on camera */ But it was worth the effort, and it will leave an impression on everyone you know and anyone on the Internet.
Here’s the deal: you send me money, and I’ll delete all of this data about you, and we can both forget this ever happened. I’m asking for 750 USD in BTC. [ bitcoin adresss]
You have 40 hours from now to make the payment. I’ve already explained what will happen if you don’t comply. Honestly, it’s your choice. And don’t take this personally. It’s just business. A word of advice: Don’t leave your phone or computer unattended. Seriously, think about it!
The clock is ticking…
It’s important to note that in most cases, the scammers do not actually have access to the victim’s devices or any compromising information. They rely on social engineering techniques and publicly available data to craft convincing emails. However, the mere possibility of exposure is often enough to cause significant distress and prompt some victims to pay the ransom.
How the Scam Works
The “I’ve accessed your device” email scam follows a systematic approach to deceive and extort victims. Here’s a step-by-step breakdown of how the scam typically unfolds:
Step 1: Acquiring Email Addresses and Personal Information
Scammers obtain email addresses and personal information through various means, such as data breaches, phishing campaigns, or purchasing lists on the dark web. They may also use automated tools to scrape websites and social media profiles for publicly available information.
Step 2: Crafting the Scam Email
Using the collected information, the scammer crafts a personalized email designed to instill fear and panic. They claim to have gained access to the recipient’s devices, often providing a password or personal detail as “proof.” The email is written in a threatening tone, emphasizing the alleged compromising material they possess.
Step 3: Making Ransom Demands
The scammer demands a ransom payment, usually in cryptocurrency like Bitcoin, to prevent the release of the compromising information. They provide a specific Bitcoin address and set a deadline for payment, typically ranging from a few hours to a couple of days. The urgency is intended to pressure the victim into making a hasty decision.
Step 4: Psychological Manipulation
Throughout the email, the scammer employs various psychological manipulation techniques to heighten the victim’s fear and anxiety. They may claim to have captured video footage of the victim in compromising situations, such as visiting adult websites or engaging in private acts. They also emphasize the potential consequences of non-compliance, such as public humiliation and damage to personal relationships.
Step 5: Exploiting Fear and Uncertainty
The scammer relies on the victim’s fear and uncertainty to coerce them into paying the ransom. They bank on the idea that even if the victim suspects the claims may be false, the mere possibility of exposure is enough to prompt payment. The scammer may also use time pressure tactics, stating that the price will increase if the payment is not made within the specified timeframe.
Step 6: Collecting the Ransom
If the victim falls for the scam and makes the payment, the scammer collects the ransom in cryptocurrency. Due to the pseudonymous nature of cryptocurrencies, it is difficult to trace the funds and identify the perpetrator. Once the payment is received, the scammer typically disappears, leaving the victim without any further communication.
What to Do If You’ve Fallen Victim to This Scam
If you receive an email claiming that your device has been accessed and demanding a ransom, it’s crucial to remain calm and take the following steps:
1. Do Not Engage with the Scammer
Avoid replying to the email or attempting to communicate with the scammer. Engaging with them may provide them with additional information or encourage them to target you further.
2. Do Not Pay the Ransom
Resist the urge to pay the demanded ransom. Paying the scammer does not guarantee that they will delete the alleged compromising material. In fact, it may encourage them to target you again in the future, knowing that you are willing to comply with their demands.
3. Report the Email as Spam
Mark the email as spam or junk in your email client. This helps email providers improve their spam filters and prevents similar emails from reaching your inbox in the future.
4. Change Your Passwords
If the scammer mentioned a genuine password in the email, change it immediately across all accounts where you use that password. It’s also advisable to enable two-factor authentication wherever possible for added security.
5. Scan Your Devices for Malware
While it’s unlikely that the scammer has actual access to your devices, it’s still a good practice to run a malware scan on your computer and mobile devices. Use reputable antivirus software to ensure your devices are free from any malicious software.
6. Inform Authorities
If you feel threatened or believe you are a victim of a crime, contact your local law enforcement agency. Provide them with a copy of the email and any relevant information. They can advise you on the appropriate steps to take and investigate the matter further.
7. Educate Yourself and Others
Share your experience with friends, family, and colleagues to raise awareness about this scam. Educate them on the signs to look out for and the importance of not giving in to the scammer’s demands.
Is Your Device Infected? Check for Malware
If your device is running slowly or acting suspicious, it may be infected with malware. Malwarebytes Anti-Malware Free is a great option for scanning your device and detecting potential malware or viruses. The free version can efficiently check for and remove many common infections.
Malwarebytes can run on Windows, Mac, and Android devices. Depending on which operating system is installed on the device you’re trying to run a Malwarebytes scan, please click on the tab below and follow the displayed steps.
Malwarebytes For WindowsMalwarebytes For MacMalwarebytes For Android
Scan your computer with Malwarebytes for Windows to remove malware
Malwarebytes stands out as one of the leading and widely-used anti-malware solutions for Windows, and for good reason. It effectively eradicates various types of malware that other programs often overlook, all at no cost to you. When it comes to disinfecting an infected device, Malwarebytes has consistently been a free and indispensable tool in the battle against malware. We highly recommend it for maintaining a clean and secure system.
Download Malwarebytes for Windows
You can download Malwarebytes by clicking the link below.
After the download is complete, locate the MBSetup file, typically found in your Downloads folder. Double-click on the MBSetup file to begin the installation of Malwarebytes on your computer. If a User Account Control pop-up appears, click “Yes” to continue the Malwarebytes installation.
Follow the On-Screen Prompts to Install Malwarebytes
When the Malwarebytes installation begins, the setup wizard will guide you through the process.
You’ll first be prompted to choose the type of computer you’re installing the program on—select either “Personal Computer” or “Work Computer” as appropriate, then click on Next.
Malwarebytes will now begin the installation process on your device.
When the Malwarebytes installation is complete, the program will automatically open to the “Welcome to Malwarebytes” screen.
On the final screen, simply click on the Open Malwarebytes option to start the program.
Enable “Rootkit scanning”.
Malwarebytes Anti-Malware will now start, and you will see the main screen as shown below. To maximize Malwarebytes’ ability to detect malware and unwanted programs, we need to enable rootkit scanning. Click on the “Settings” gear icon located on the left of the screen to access the general settings section.
In the settings menu, enable the “Scan for rootkits” option by clicking the toggle switch until it turns blue.
Now that you have enabled rootkit scanning, click on the “Dashboard” button in the left pane to get back to the main screen.
Perform a Scan with Malwarebytes.
To start a scan, click the Scan button. Malwarebytes will automatically update its antivirus database and begin scanning your computer for malicious programs.
Wait for the Malwarebytes scan to complete.
Malwarebytes will now scan your computer for browser hijackers and other malicious programs. This process can take a few minutes, so we suggest you do something else and periodically check the status of the scan to see when it is finished.
Quarantine detected malware
Once the Malwarebytes scan is complete, it will display a list of detected malware, adware, and potentially unwanted programs. To effectively remove these threats, click the “Quarantine” button.
Malwarebytes will now delete all of the files and registry keys and add them to the program’s quarantine.
Restart your computer.
When removing files, Malwarebytes may require a reboot to fully eliminate some threats. If you see a message indicating that a reboot is needed, please allow it. Once your computer has restarted and you are logged back in, you can continue with the remaining steps.
Your computer should now be free of trojans, adware, browser hijackers, and other malware.
If your current antivirus allowed this malicious program on your computer, you may want to consider purchasing Malwarebytes Premium to protect against these types of threats in the future. If you are still having problems with your computer after completing these instructions, then please follow one of the steps:
Scan your computer with Malwarebytes for Mac to remove malware
Malwarebytes for Mac is an on-demand scanner that can destroy many types of malware that other software tends to miss without costing you absolutely anything. When it comes to cleaning up an infected device, Malwarebytes has always been free, and we recommend it as an essential tool in the fight against malware.
Download Malwarebytes for Mac.
You can download Malwarebytes for Mac by clicking the link below.
When Malwarebytes has finished downloading, double-click on the setup file to install Malwarebytes on your computer. In most cases, downloaded files are saved to the Downloads folder.
Follow the on-screen prompts to install Malwarebytes.
When the Malwarebytes installation begins, you will see the Malwarebytes for Mac Installer which will guide you through the installation process. Click “Continue“, then keep following the prompts to continue with the installation process.
When your Malwarebytes installation completes, the program opens to the Welcome to Malwarebytes screen. Click the “Get started” button.
Select “Personal Computer” or “Work Computer”.
The Malwarebytes Welcome screen will first ask you what type of computer are you installing this program, click either Personal Computer or Work Computer.
Click on “Scan”.
To scan your computer with Malwarebytes, click on the “Scan” button. Malwarebytes for Mac will automatically update the antivirus database and start scanning your computer for malware.
Wait for the Malwarebytes scan to complete.
Malwarebytes will scan your computer for adware, browser hijackers, and other malicious programs. This process can take a few minutes, so we suggest you do something else and periodically check on the status of the scan to see when it is finished.
Click on “Quarantine”.
When the scan has been completed, you will be presented with a screen showing the malware infections that Malwarebytes has detected. To remove the malware that Malwarebytes has found, click on the “Quarantine” button.
Restart computer.
Malwarebytes will now remove all the malicious files that it has found. To complete the malware removal process, Malwarebytes may ask you to restart your computer.
Your Mac should now be free of adware, browser hijackers, and other malware.
If your current antivirus allowed a malicious program on your computer, you might want to consider purchasing the full-featured version of Malwarebytes Anti-Malware to protect against these types of threats in the future. If you are still experiencing problems while trying to remove a malicious program from your computer, please ask for help in our Mac Malware Removal Help & Support forum.
Scan your phone with Malwarebytes for Android to remove malware
Malwarebytes for Android automatically detects and removes dangerous threats like malware and ransomware so you don’t have to worry about your most-used device being compromised. Aggressive detection of adware and potentially unwanted programs keeps your Android phone or tablet running smooth.
Download Malwarebytes for Android.
You can download Malwarebytes for Android by clicking the link below.
In the Google Play Store, tap “Install” to install Malwarebytes for Android on your device.
When the installation process has finished, tap “Open” to begin using Malwarebytes for Android. You can also open Malwarebytes by tapping on its icon in your phone menu or home screen.
Follow the on-screen prompts to complete the setup process
When Malwarebytes will open, you will see the Malwarebytes Setup Wizard which will guide you through a series of permissions and other setup options. This is the first of two screens that explain the difference between the Premium and Free versions. Swipe this screen to continue. Tap on “Got it” to proceed to the next step. Malwarebytes for Android will now ask for a set of permissions that are required to scan your device and protect it from malware. Tap on “Give permission” to continue. Tap on “Allow” to permit Malwarebytes to access the files on your phone.
Update database and run a scan with Malwarebytes for Android
You will now be prompted to update the Malwarebytes database and run a full system scan.
Click on “Update database” to update the Malwarebytes for Android definitions to the latest version, then click on “Run full scan” to perform a system scan.
Wait for the Malwarebytes scan to complete.
Malwarebytes will now start scanning your phone for adware and other malicious apps. This process can take a few minutes, so we suggest you do something else and periodically check on the status of the scan to see when it is finished.
Click on “Remove Selected”.
When the scan has been completed, you will be presented with a screen showing the malware infections that Malwarebytes for Android has detected. To remove the malicious apps that Malwarebytes has found, tap on the “Remove Selected” button.
Restart your phone.
Malwarebytes for Android will now remove all the malicious apps that it has found. To complete the malware removal process, Malwarebytes may ask you to restart your device.
Your phone should now be free of adware, browser hijackers, and other malware.
If your current antivirus allowed a malicious app on your phone, you may want to consider purchasing the full-featured version of Malwarebytes to protect against these types of threats in the future. If you are still having problems with your phone after completing these instructions, then please follow one of the steps:
Restore your phone to factory settings by going to Settings > General management > Reset > Factory data reset.
Frequently Asked Questions (FAQs) About the “I’ve Accessed Your Device” Email Scam
Q1. What is the “I’ve accessed your device” email scam?
A1. The “I’ve accessed your device” email scam, also known as sextortion or blackmail scam, is a type of phishing attack where scammers send an email claiming to have hacked into your devices, accessed your personal information, and recorded compromising video footage of you. They threaten to release this information unless you pay a ransom, usually in cryptocurrency like Bitcoin.
Q2. How do the scammers get my email address and personal information?
A2. Scammers can obtain your email address and personal information through various means, such as data breaches, phishing campaigns, or by purchasing lists on the dark web. They may also use automated tools to scrape publicly available information from websites and social media profiles.
Q3. Is it true that the scammers have access to my devices and compromising information?
A3. In most cases, the scammers do not actually have access to your devices or any compromising information. They rely on social engineering techniques and publicly available data to craft convincing emails designed to scare you into paying the ransom.
Q4. What should I do if I receive an “I’ve accessed your device” email?
A4. If you receive this type of email, remain calm and do not engage with the scammer. Do not reply to the email or attempt to communicate with them. Mark the email as spam or junk in your email client and report it to the appropriate authorities if you feel threatened.
Q5. Should I pay the ransom demanded by the scammer?
A5. No, you should never pay the ransom demanded by the scammer. Paying the ransom does not guarantee that they will delete the alleged compromising material, and it may encourage them to target you again in the future. Remember, in most cases, they do not actually possess any compromising information.
Q6. What steps can I take to protect myself from this scam?
A6. To protect yourself from the “I’ve accessed your device” email scam, follow these steps:
Be cautious when opening emails from unknown senders and avoid clicking on suspicious links or downloading attachments.
Use strong, unique passwords for all your accounts and enable two-factor authentication wherever possible.
Keep your software and operating systems up to date with the latest security patches.
Use reputable antivirus software and run regular scans on your devices.
Be mindful of the information you share online and adjust your privacy settings on social media platforms.
Q7. What should I do if the scammer mentions a genuine password in the email?
A7. If the scammer includes a genuine password in the email, it’s likely that the password was obtained through a data breach or phishing campaign. Change that password immediately across all accounts where you use it and enable two-factor authentication for added security.
Q8. Can I report the “I’ve accessed your device” email scam to the authorities?
A8. Yes, if you feel threatened or believe you are a victim of a crime, you should report the incident to your local law enforcement agency. Provide them with a copy of the email and any relevant information. You can also report the scam to the FBI’s Internet Crime Complaint Center (IC3) or your country’s equivalent.
Q9. How can I help prevent others from falling victim to this scam?
A9. You can help prevent others from falling victim to the “I’ve accessed your device” email scam by sharing your experience and knowledge with friends, family, and colleagues. Educate them about the signs to look out for and the importance of not giving in to the scammer’s demands. Encourage them to maintain good online security practices and to report any suspicious emails they receive.
Q10. What should I do if I’m feeling distressed or anxious after receiving this scam email?
A10. If you’re feeling distressed or anxious after receiving the “I’ve accessed your device” email scam, it’s important to remember that you’re not alone. Reach out to trusted friends, family members, or a mental health professional for support. You can also contact victim support services in your area for guidance and assistance in dealing with the emotional impact of this scam.
The Bottom Line
The “I’ve accessed your device” email scam is a disturbing trend in the world of cybercrime. By preying on people’s fears and vulnerabilities, scammers attempt to extort money through psychological manipulation and empty threats. It’s crucial to remain vigilant and informed about such scams to protect yourself and your loved ones from falling victim.
Remember, in most cases, the scammer does not actually have access to your devices or any compromising information. They rely on scare tactics and social engineering to pressurize victims into making hasty decisions. By staying calm, avoiding engagement with the scammer, and taking appropriate steps to secure your accounts and devices, you can safeguard yourself against this malicious scheme.
If you do fall victim to this scam, know that you are not alone, and there is no shame in seeking help. Report the incident to the authorities, inform your close contacts, and take measures to prevent future occurrences. Together, we can combat these scams by spreading awareness and supporting one another in the face of cybercrime.
How to Stay Safe Online
Here are 10 basic security tips to help you avoid malware and protect your device:
Use a good antivirus and keep it up-to-date.
It's essential to use a good quality antivirus and keep it up-to-date to stay ahead of the latest cyber threats. We are huge fans of Malwarebytes Premium and use it on all of our devices, including Windows and Mac computers as well as our mobile devices. Malwarebytes sits beside your traditional antivirus, filling in any gaps in its defenses, and providing extra protection against sneakier security threats.
Keep software and operating systems up-to-date.
Keep your operating system and apps up to date. Whenever an update is released for your device, download and install it right away. These updates often include security fixes, vulnerability patches, and other necessary maintenance.
Be careful when installing programs and apps.
Pay close attention to installation screens and license agreements when installing software. Custom or advanced installation options will often disclose any third-party software that is also being installed. Take great care in every stage of the process and make sure you know what it is you're agreeing to before you click "Next."
Install an ad blocker.
Use a browser-based content blocker, like AdGuard. Content blockers help stop malicious ads, Trojans, phishing, and other undesirable content that an antivirus product alone may not stop.
Be careful what you download.
A top goal of cybercriminals is to trick you into downloading malware—programs or apps that carry malware or try to steal information. This malware can be disguised as an app: anything from a popular game to something that checks traffic or the weather.
Be alert for people trying to trick you.
Whether it's your email, phone, messenger, or other applications, always be alert and on guard for someone trying to trick you into clicking on links or replying to messages. Remember that it's easy to spoof phone numbers, so a familiar name or number doesn't make messages more trustworthy.
Back up your data.
Back up your data frequently and check that your backup data can be restored. You can do this manually on an external HDD/USB stick, or automatically using backup software. This is also the best way to counter ransomware. Never connect the backup drive to a computer if you suspect that the computer is infected with malware.
Choose strong passwords.
Use strong and unique passwords for each of your accounts. Avoid using personal information or easily guessable words in your passwords. Enable two-factor authentication (2FA) on your accounts whenever possible.
Be careful where you click.
Be cautious when clicking on links or downloading attachments from unknown sources. These could potentially contain malware or phishing scams.
Don't use pirated software.
Avoid using Peer-to-Peer (P2P) file-sharing programs, keygens, cracks, and other pirated software that can often compromise your data, privacy, or both.
To avoid potential dangers on the internet, it's important to follow these 10 basic safety rules. By doing so, you can protect yourself from many of the unpleasant surprises that can arise when using the web.
Meet Thomas Orsolya
Thomas is an expert at uncovering scams and providing in-depth reporting on cyber threats and online fraud. As an editor, he is dedicated to keeping readers informed on the latest developments in cybersecurity and tech.
