Don’t Fall for the “I Gained Control of Your Devices” Email Scam
Written by: Thomas Orsolya
Published on:
Picture this: you’re going about your day when suddenly, a chilling email appears in your inbox. The subject line reads, “I gained control of your devices.” Your heart races as you click to open the message, only to find a faceless stranger claiming to have gained control of your devices, accessed your most intimate moments, and threatening to expose you unless you pay a ransom. This is the reality of the “I Gained Control of Your Devices” email scam, a sinister scheme that has left countless victims feeling vulnerable, afraid, and unsure of what to do next. In this comprehensive article, we’ll unmask the inner workings of this scam, provide step-by-step guidance on how to protect yourself, and explore what to do if you find yourself in the clutches of this digital nightmare.
Scam Overview
The “I Gained Control of Your Devices” scam typically begins with an email appearing in your inbox from an unknown sender. The subject line is often designed to grab your attention and instill a sense of urgency or fear, such as “Your account has been hacked” or “I have your private information.”
Upon opening the email, you’re confronted with a disturbing message claiming that the scammer has gained access to your devices, including your computer, smartphone, and even your webcam. They assert that they have been monitoring your online activities, particularly focusing on your alleged visits to pornographic websites.
To add credibility to their claims, the scammer may include a password that you have used in the past, which they likely obtained through a data breach or from the dark web. They may also mention specific details about your device, such as its operating system or browser, to make it seem as though they have intimate knowledge of your digital life.
The scammer then proceeds to make a series of threats, stating that they have captured compromising footage of you through your webcam while you were browsing adult content. They claim to have created a video montage featuring this footage alongside screenshots of the websites you visited, which they threaten to send to your contacts, friends, and family unless you pay a ransom.
The ransom demand is typically in the form of Bitcoin or another cryptocurrency, as these transactions are difficult to trace. The scammer may set a tight deadline, usually within 24-48 hours, to create a sense of urgency and pressure you into complying with their demands.
To further intimidate you, the scammer may use language designed to shame and embarrass you, exploiting your fears of exposure and humiliation. They may claim that failure to pay the ransom will result in the immediate release of the alleged compromising material to your contacts and on public platforms.
Here is how the “I Gained Control of Your Devices” scam email looks:
You probably won’t like what you’re about to read. I gained control of your devices, thanks to your predilection for porn sites. As a matter of fact, it was those sites that helped me. One of them had my special code on it and it worked. What that means to you is that I can see everything that happens on your screen and in front of your screen.
If you doubt it then don’t read any further into this letter. I’m not wasting my time on you either and I’m just gonna post all this crap with you on every possible website and social networks and send it out to all your contacts.
I made a copy of your most interesting files. I also have the contact addresses you use most often. I have your browsing history. I have… everything I need.
At first I wanted to delete all content from your devices and forget about it. But I took a look at the sites that you regularly visit and I changed my mind. I’m talking about sites with all kinds of nasty stuff on them.
After a while, I had an idea. I took screenshots of website pages where you spend your time alone. Then I took screenshots of you satisfying yourself using the camera of one of your devices. ( By the way, I had to wait for you to successfully to get in the camera lens.) But it was worth it and it will impress to all your acquaintances and regular people on the Internet.
To cut a long story short I’ll make you a deal. You wire me the money and I’ll delete all that shit about you and we’ll forget about each other.
$699 USD is fine with me. Although at first I wanted a larger amount.
Pay only in BTC to wallet: 1My19bMiRYkm5HxgrjN48TR1SvVQq1CLs6
I’ll give you two days from now to pay. I told you what happens if you don’t pay, I don’t give a fuck, it’s up to you. And don’t hold a grudge. Everybody’s got a job to do.
And one more thing:
Learn to lock your windows.. and why are you making that funny face?
It’s important to recognize that, in the vast majority of cases, the scammer does not actually have any compromising information or footage of you. The entire scam is a bluff, designed to manipulate your emotions and trick you into paying the ransom out of fear and panic.
How the Scam Works
The “I Gained Control of Your Devices” scam is a carefully orchestrated scheme that relies on a combination of social engineering techniques, psychological manipulation, and technical trickery. Here’s a step-by-step breakdown of how the scam typically unfolds:
Step 1: Acquiring Your Email Address and Personal Information
The scammer begins by obtaining your email address and potentially other personal information, such as your name, phone number, or passwords. This information is often acquired through data breaches, where hackers gain unauthorized access to databases containing user information from various websites and services. The scammer may also purchase this information on the dark web, where stolen data is frequently bought and sold.
Step 2: Crafting the Malicious Email
Armed with your email address and personal information, the scammer composes an email designed to grab your attention and instill fear. They may use a subject line that suggests your account has been compromised or that they have access to sensitive information about you.
The email itself is carefully worded to make the scammer’s claims seem credible and intimidating. They may include technical details about your devices or mention specific websites you’ve allegedly visited to create the illusion that they have been monitoring your activities.
Step 3: Leveraging Passwords and Personal Information
To add legitimacy to their claims, the scammer may include a password that you have used in the past within the email. This password is likely obtained from a data breach or purchased on the dark web, and while it may be an old or outdated password, seeing it in the context of the scammer’s threats can be unnerving and make you more likely to believe their claims.
The scammer may also mention other personal details, such as your phone number or specific websites you’ve visited, to further create the impression that they have intimate knowledge of your online activities.
Step 4: Making the Threat
The scammer then proceeds to make their core threat: they claim to have used your device’s webcam to capture footage of you while you were browsing pornographic websites. They assert that they have created a video montage featuring this compromising footage alongside screenshots of the websites you visited.
To maximize the fear and shame associated with this threat, the scammer may claim that the video captures you engaging in intimate or embarrassing acts, exploiting your deepest insecurities and fears of exposure.
Step 5: Demanding the Ransom
With the threat laid out, the scammer then presents their ransom demand. They typically request payment in Bitcoin or another cryptocurrency, as these transactions are difficult to trace and provide a level of anonymity for the scammer.
The ransom amount can vary but often falls in the range of a few hundred to a few thousand dollars. The scammer may justify this amount by claiming it is a small price to pay to keep your reputation intact and prevent the alleged compromising material from being released to your contacts and the public.
Step 6: Applying Time Pressure
To further pressure you into complying with their demands, the scammer often imposes a tight deadline for payment, typically within 24-48 hours of receiving the email. They may claim that failure to pay by the deadline will result in the automatic release of the alleged compromising material to your contacts and on public platforms.
This time pressure is a psychological tactic designed to induce panic and prevent you from thinking critically about the situation or seeking help.
Step 7: Continuing the Cycle
If you do fall victim to the scam and pay the ransom, the scammer may continue to target you with additional demands in the future. They may claim that the initial payment was insufficient or that they have discovered new compromising material, perpetuating the cycle of fear and extortion.
It’s crucial to recognize that paying the ransom does not guarantee your safety or the deletion of any alleged compromising material. In fact, complying with the scammer’s demands only serves to encourage them and may mark you as a target for future scams.
What to Do If You Have Fallen Victim to This Scam
If you find yourself targeted by the “I Gained Control of Your Devices” email scam, it’s essential to keep a level head and take the following steps:
Do not panic. Remember that the scammer is relying on fear and intimidation to pressure you into complying with their demands. Take a deep breath and try to approach the situation rationally.
Do not reply to the email or attempt to contact the scammer. Engaging with the scammer may only encourage them to continue their attempts to extort you.
Do not pay the ransom. As mentioned earlier, paying the scammer does not guarantee the deletion of any alleged compromising material and may only lead to further extortion attempts.
Change your passwords. If the scammer has included a legitimate password in their email, change it immediately on any accounts where you may have used it. Enable two-factor authentication on these accounts for added security.
Run a virus scan on your devices. While it’s unlikely that the scammer has actually installed malware on your devices, running a virus scan can help provide peace of mind and ensure your system is secure.
Report the scam to the appropriate authorities. In the United States, you can file a complaint with the FBI’s Internet Crime Complaint Center (IC3) or contact your local law enforcement agency. Reporting the scam can help authorities track down the perpetrators and prevent others from falling victim.
Seek support if needed. Falling victim to a scam can be a stressful and emotionally taxing experience. Don’t hesitate to reach out to friends, family, or mental health professionals for support and guidance as you navigate the aftermath of the scam.
Is Your Device Infected? Run a Free Malware Scan
Slow performance, constant pop-ups, or strange behavior? These are classic signs of a malware infection. The fastest way to find out is to scan your device with Malwarebytes Anti-Malware Free — one of the most trusted malware removal tools available.
The free version detects and removes the most common threats, including:
Adware — the cause of those annoying pop-ups
Browser hijackers — unwanted redirects and changed homepages
Trojans and spyware — hidden programs stealing your data
Potentially unwanted programs (PUPs) — software you never asked for
👉 Select your device below — Windows, Mac, or Android — then follow the simple steps to download Malwarebytes, scan your system, and remove any threats it finds. The whole process takes about 5 minutes.
Malwarebytes for WindowsMalwarebytes for MacMalwarebytes for Android
Run a Malware Scan with Malwarebytes for Windows
Malwarebytes is one of the most popular and trusted anti-malware tools for Windows — and it’s completely free for removing infections. It catches threats that many antivirus programs miss, including adware, browser hijackers, and trojans. Follow the steps below to scan and clean your PC in just a few minutes.
Download Malwarebytes
Click the button below to download the latest version of Malwarebytes for Windows from the official source. The free version is all you need — it will scan your computer and remove adware, browser hijackers, and other malicious software at no cost.
(The link opens in a new page where your download will start)
Install Malwarebytes
When the download finishes, open your Downloads folder and double-click the MBSetup file. If Windows shows a User Account Control pop-up, click “Yes” to allow the installation.
Follow the On-Screen Prompts to Install Malwarebytes
The setup wizard will walk you through a few quick screens:
Choose where you’re installing the program — “Personal Computer” or “Work Computer” — then click Next.
Malwarebytes will now install on your device. This usually takes under a minute.
When installation is complete, the “Welcome to Malwarebytes” screen will open automatically.
On the final screen, click Open Malwarebytes to launch the program.
Enable “Scan for Rootkits”
Before scanning, turn on rootkit detection so Malwarebytes can find even the most hidden threats. Click the Settings gear icon on the left side of the screen.
In the settings menu, find “Scan for rootkits” and click the toggle so it turns blue.
Done? Click “Dashboard” in the left pane to return to the main screen.
Start the Scan
Click the blue Scan button. Malwarebytes will automatically update its virus database and start checking your computer for malware.
Wait for the Scan to Finish
The scan checks your entire system for browser hijackers and other malicious programs, so it can take several minutes. Feel free to do something else — just check back occasionally to see the progress.
Quarantine the Detected Threats
When the scan is done, you’ll see a list of everything Malwarebytes found — malware, adware, and potentially unwanted programs. Click the “Quarantine” button to remove all of them at once.
Malwarebytes will now remove the malicious files and registry entries and move them safely into quarantine.
Restart Your Computer
Some threats can only be fully removed after a reboot. If Malwarebytes asks you to restart, click Yes. Once you’re logged back in, your PC is clean and you can continue with the next steps in this guide.
When the scan finishes, click Quarantine to remove everything Malwarebytes found. That’s it — your Windows PC is now clean of trojans, adware, and other malware, and should be back to running smoothly.
If your current antivirus allowed this malicious program on your computer, you may want to consider purchasing Malwarebytes Premium to protect against these types of threats in the future. If you are still having problems with your computer after completing these instructions, then please follow one of the steps:
Malwarebytes for Mac is a free on-demand scanner that removes the malware other security software tends to miss — adware, browser hijackers, and unwanted programs included. Cleaning an infected Mac with Malwarebytes has always been completely free, and it’s our go-to recommendation. Follow the steps below to scan and clean your Mac in just a few minutes.
Download Malwarebytes for Mac
Click the button below to download the latest version of Malwarebytes for Mac.
When the download finishes, open your Downloads folder and double-click the setup file to begin the installation.
Follow the On-Screen Prompts to Install Malwarebytes
The Malwarebytes for Mac Installer will guide you through a few quick screens. Click “Continue” and keep following the prompts until the installation completes.
When the installation is complete, Malwarebytes opens to the Welcome to Malwarebytes screen. Click “Get started“.
Select “Personal Computer” or “Work Computer”
Malwarebytes will ask what type of computer you’re installing it on. Click either Personal Computer or Work Computer, whichever applies.
Start the Scan
Click the “Scan” button. Malwarebytes will automatically update its detection database and begin checking your Mac for malware.
Wait for the Scan to Finish
Malwarebytes will scan your Mac for adware, browser hijackers, and other malicious programs. This can take a few minutes, so feel free to do something else — just check back occasionally to see the progress.
Quarantine the Detected Threats
When the scan is done, you’ll see a list of everything Malwarebytes found. Click the “Quarantine” button to remove all the threats at once.
Restart Your Mac
Malwarebytes will now remove all the malicious files it found. Some threats can only be fully removed after a reboot — if Malwarebytes asks you to restart, allow it. Once you’re logged back in, your Mac is clean.
Once the scan is done, remove every threat it detected. Your Mac is now free of adware, rogue browser extensions, and other potentially harmful software.
If your current antivirus allowed a malicious program on your computer, you might want to consider purchasing the full-featured version of Malwarebytes Anti-Malware to protect against these types of threats in the future. If you are still experiencing problems while trying to remove a malicious program from your computer, please ask for help in our Mac Malware Removal Help & Support forum.
Run a Malware Scan with Malwarebytes for Android
Malwarebytes for Android automatically detects and removes dangerous threats like malware and ransomware so you don’t have to worry about your most-used device being compromised. Aggressive detection of adware and potentially unwanted programs keeps your Android phone or tablet running smooth.
Download Malwarebytes for Android.
You can download Malwarebytes for Android by clicking the link below.
In the Google Play Store, tap “Install” to install Malwarebytes for Android on your device.
When the installation process has finished, tap “Open” to begin using Malwarebytes for Android. You can also open Malwarebytes by tapping on its icon in your phone menu or home screen.
Follow the on-screen prompts to complete the setup process
When Malwarebytes will open, you will see the Malwarebytes Setup Wizard which will guide you through a series of permissions and other setup options. This is the first of two screens that explain the difference between the Premium and Free versions. Swipe this screen to continue. Tap on “Got it” to proceed to the next step. Malwarebytes for Android will now ask for a set of permissions that are required to scan your device and protect it from malware. Tap on “Give permission” to continue. Tap on “Allow” to permit Malwarebytes to access the files on your phone.
Update database and run a scan with Malwarebytes for Android
You will now be prompted to update the Malwarebytes database and run a full system scan.
Click on “Update database” to update the Malwarebytes for Android definitions to the latest version, then click on “Run full scan” to perform a system scan.
Wait for the Malwarebytes scan to complete.
Malwarebytes will now start scanning your phone for adware and other malicious apps. This process can take a few minutes, so we suggest you do something else and periodically check on the status of the scan to see when it is finished.
Click on “Remove Selected”.
When the scan has been completed, you will be presented with a screen showing the malware infections that Malwarebytes for Android has detected. To remove the malicious apps that Malwarebytes has found, tap on the “Remove Selected” button.
Restart your phone.
Malwarebytes for Android will now remove all the malicious apps that it has found. To complete the malware removal process, Malwarebytes may ask you to restart your device.
After the scan, tap Remove Selected to delete all detected threats. Your Android phone is now clean — no more malicious apps, adware, or browser redirects.
If your current antivirus allowed a malicious app on your phone, you may want to consider purchasing the full-featured version of Malwarebytes to protect against these types of threats in the future. If you are still having problems with your phone after completing these instructions, then please follow one of the steps:
Restore your phone to factory settings by going to Settings > General management > Reset > Factory data reset.
Now that your device is clean, keep it that way. Most infections start with a malicious ad or a fake download button — so blocking them at the source is your best defense.
We recommend AdGuard, which blocks malicious ads, phishing pages, and dangerous redirects before they can reach you.
Q1: What is the “I Gained Control of Your Devices” email scam?
A1: The “I Gained Control of Your Devices” email scam, also known as a sextortion scam, is a type of online blackmail where scammers send an email claiming to have hacked your devices, accessed your private information, and recorded compromising footage of you through your webcam. They threaten to release this alleged material to your contacts unless you pay a ransom in cryptocurrency.
Q2: How do the scammers obtain my email address and personal information?
A2: Scammers often acquire email addresses and personal information through data breaches, where hackers gain unauthorized access to databases containing user information from various websites and services. They may also purchase this information on the dark web, where stolen data is frequently bought and sold.
Q3: Are the scammer’s claims of having compromising footage of me true?
A3: In the vast majority of cases, the scammer’s claims are false. They do not actually have any compromising footage or information about you. The scam is designed to manipulate your emotions and trick you into paying the ransom out of fear and panic.
Q4: What should I do if I receive an “I Gained Control of Your Devices” email?
A4: If you receive this type of email, it’s crucial to stay calm and avoid engaging with the scammer. Do not reply to the email or attempt to contact them. Ignore their threats and do not pay the ransom they demand. Instead, report the email to the appropriate authorities and focus on securing your accounts and devices.
Q5: The scammer included one of my real passwords in the email. What does this mean?
A5: If the scammer includes a legitimate password in their email, it’s likely that this password was obtained through a data breach or purchased on the dark web. It does not necessarily mean they have actually hacked your devices or have access to your current information. Change the password immediately on any accounts where you may have used it and enable two-factor authentication for added security.
Q6: Should I pay the ransom demanded by the scammer?
A6: No, you should never pay the ransom demanded in an “I Gained Control of Your Devices” email. Paying the scammer does not guarantee the deletion of any alleged compromising material and may only encourage them to continue extorting you or target you with future scams.
Q7: How can I protect myself from falling victim to this scam?
A7: To protect yourself from this scam, be cautious when opening emails from unknown senders and avoid clicking on suspicious links or attachments. Maintain strong, unique passwords for all your accounts and enable two-factor authentication whenever possible. Keep your software and devices updated with the latest security patches and run regular virus scans to detect any potential malware.
Q8: What should I do if I’m feeling distressed or anxious after receiving this scam email?
A8: Falling victim to a scam can be a stressful and emotionally draining experience. If you’re feeling overwhelmed or anxious, don’t hesitate to reach out to trusted friends, family members, or mental health professionals for support. Remember, you are not alone, and there are resources available to help you cope with the aftermath of a scam.
Q9: How can I report the “I Gained Control of Your Devices” email scam?
A9: If you receive this scam email, you can report it to the appropriate authorities to help combat this type of cybercrime. In the United States, file a complaint with the FBI’s Internet Crime Complaint Center (IC3) or contact your local law enforcement agency. You can also forward the email to your email provider’s spam reporting address, which helps them improve their filters and protect other users from similar scams.
Q10: What are some red flags to watch out for in scam emails like this one?
A10: Some common red flags in scam emails like the “I Gained Control of Your Devices” scam include:
Urgent or threatening language designed to induce fear and panic
Claims of having access to your private information or devices without providing verifiable proof
Demands for payment in cryptocurrency, which is difficult to trace
Tight deadlines for payment, typically within 24-48 hours
Poor grammar, spelling, or formatting inconsistent with official correspondence By familiarizing yourself with these red flags, you can better identify potential scams and avoid falling victim to them.
The Bottom Line
The “I Gained Control of Your Devices” email scam is a disturbing and manipulative scheme that preys on people’s fears and insecurities. By understanding how the scam works and taking proactive steps to protect your online privacy and security, you can reduce your risk of falling victim to this type of extortion.
Remember, the scammer’s power lies in fear and intimidation. By staying calm, refusing
10 Rules to Avoid Online Scams
Here are 10 practical safety rules to help you avoid malware, online shopping scams, crypto scams, and other online fraud. Each tip includes a quick “if you already got hit” action.
Stop and verify before you click, log in, download, or pay.
Most scams win by creating urgency. Verify using a trusted method: type the website address yourself, use the official app, or call a known number (not the one in the message).
If you already clicked: close the page, do not enter passwords, and run a malware scan.
Keep your operating system, browser, and apps updated.
Updates patch security holes used by malware and malicious ads. Turn on automatic updates where possible.
If you saw a scary “update now” pop-up: close it and update only through your device settings or the official app store.
Use layered protection: antivirus plus an ad blocker.
Antivirus helps block malware. An ad blocker reduces scam redirects, phishing pages, and malvertising.
If your browser is acting weird: remove unknown extensions, reset the browser, then run a full scan.
Install apps, software, and extensions only from official sources.
Avoid cracked software, “keygens,” and random downloads. During installs, choose Custom/Advanced and decline bundled offers you do not recognize.
If you already installed something suspicious: uninstall it, restart, and scan again.
Treat links and attachments as untrusted by default.
Phishing often impersonates delivery services, banks, and popular brands. If it is unexpected, do not open attachments or log in through the message.
If you entered credentials: change the password immediately and enable 2FA.
Shop safely: research the store, then pay with protection.
Be cautious with brand-new stores, “closing sale” stories, and prices that make no sense. Prefer credit cards or PayPal for dispute options. Avoid wire transfers, gift cards, and crypto payments.
If you already paid: contact your card issuer or PayPal quickly to dispute the transaction.
Crypto rule: never pay a “fee” to withdraw or recover money.
Common patterns include fake profits, then “tax,” “gas,” or “verification” fees. Another is a “recovery agent” who demands upfront crypto.
If you already sent crypto: stop paying, save evidence (wallet addresses, TXIDs, chats), and report the scam to the platform used.
Secure your accounts with unique passwords and 2FA (start with email).
Use a password manager and unique passwords for every account. Enable 2FA using an authenticator app when possible.
If you suspect an account takeover: change passwords, sign out of all devices, and review recent logins and recovery settings.
Back up important files and keep one backup offline.
Backups protect you from ransomware and device failure. Keep at least one backup on an external drive that is not always connected.
If you suspect infection: do not connect backup drives until the system is clean.
If you think you are a victim: stop losses, document evidence, and escalate fast.
Move quickly. Speed matters for disputes, account recovery, and limiting damage.
Stop payments and contact: do not send more money or respond to the scammer.
Call your bank or card issuer: block transactions, replace the card if needed, and start a dispute or chargeback.
Secure your email first: change the email password, enable 2FA, and remove unfamiliar recovery options.
Secure other accounts: change passwords, enable 2FA, and log out of all sessions.
Scan your device: remove suspicious apps or extensions, then run a full malware scan.
Save evidence: screenshots, emails, order pages, tracking pages, wallet addresses, TXIDs, and chat logs.
Report it: to the payment provider, marketplace, social platform, exchange, or wallet service involved.
These rules are intentionally simple. Most online losses happen when decisions are rushed. Slow down, verify independently, and use payment methods and account controls that give you recourse.
About Thomas Orsolya
Thomas is an expert at uncovering scams and providing in-depth reporting on cyber threats and online fraud. As an editor, he is dedicated to keeping readers informed on the latest developments in cybersecurity and tech.
