“I Know That Your Are and This Email Is Yours” Email Scam
Written by: Thomas Orsolya
Published on:
A strange and unsettling email lands in your inbox. It begins with the words, “I know that your are and this email is yours.” The message goes on to claim that the sender has hacked your computer, recorded intimate webcam footage of you, and threatens to release it to your family, friends, or coworkers unless you pay $1,200 in Bitcoin within 48 hours. The email even gives instructions on how to buy cryptocurrency and split the payment address in half to make it “secure.”
At first glance, it seems personal and terrifying. But here’s the truth: this email is a scam. The sender has no video, no access to your devices, and no connection to your online activity. The email is a psychological weapon designed to make you panic and pay.
This guide will explain exactly what the “I know that your are and this email is yours” email scam is, how it works in practice, why it’s so effective, what steps to take if you’ve received it, and how to protect yourself from future threats.
Scam Overview
What Is the “I Know That Your Are and This Email Is Yours” Email Scam?
The “I know that your are and this email is yours” email scam is part of a broad category of sextortion scams — cybercrimes that use intimidation and fear to extract money from victims. In this type of scam, the attacker claims to have hacked your computer or phone, accessed your webcam, and recorded compromising footage of you. They then threaten to send this alleged footage to everyone in your contact list or publish it online unless you pay a ransom in Bitcoin or another cryptocurrency.
The specific email you shared includes the following details:
A personal opening line to sound familiar: “I know that your are and this email is yours.
A claim of having recorded webcam footage of you “playing with yourself.”
A ransom demand of $1,200 in Bitcoin.
A strict 48-hour deadline.
Technical instructions for buying and transferring Bitcoin.
A threat that “one or two mouse clicks” can send the footage to your contacts.
This format is not unique. It mirrors countless variations of Bitcoin sextortion scams that have circulated globally since at least 2018. Each year, cybercriminals recycle these templates, change the wording slightly, and send them to millions of email addresses harvested from old data breaches or online leaks.
Why the Scam Works So Well
The power of this scam lies in psychological manipulation, not in technical sophistication. It preys on fear, shame, and urgency — emotions that override rational thinking.
Here are the key psychological tactics used:
Fear of exposure: The claim of having recorded private activity triggers immediate panic.
Shame: Even if the recipient has done nothing wrong, the idea of being seen in an embarrassing light is mortifying.
Urgency: The 48-hour deadline is designed to prevent the victim from thinking, verifying, or seeking advice.
Authority and technical jargon: The scammer mentions “ransomware,” “tracking,” and “remote access” to sound credible.
Isolation: The email warns not to tell anyone or seek help, which keeps the victim silent and alone.
These combined pressures can make even experienced internet users question themselves. Scammers know that embarrassment keeps victims from reporting the crime, which allows the scheme to continue undisturbed.
Where the Scammer Gets Your Email Address
You may wonder: how did this person find me? The answer is simple. Your email address — and possibly some other data — was likely exposed in a data breach. Cybercriminals collect and sell massive databases of email addresses and old passwords. These lists are easy to purchase on the dark web or even find freely online.
The scammer doesn’t actually know who you are. They just send identical or nearly identical emails to thousands of addresses. Occasionally, they personalize the message with a password or username obtained from a leak, but this does not mean they hacked your device. It only makes the threat appear more believable.
What Makes This Version Unique
The “I know that your are and this email is yours” variant has several specific features that make it slightly more advanced than older versions:
Split Bitcoin address: The message divides the wallet address into two parts and instructs the victim to merge them manually. This is meant to bypass automatic detection by spam filters.
Detailed payment instructions: It provides specific references to services like “BitPay,” “MoonPay,” and “Changelly,” guiding inexperienced users on how to buy Bitcoin.
Threat escalation: It directly threatens to contact your family, coworkers, and friends with “disgraceful footage.”
Mock empathy: The scammer writes, “I am not that kind of person,” pretending to be merciful to seem more human.
Emotional closing: It ends with lines like “It was nice meeting you” and “Don’t try to be a hero,” reinforcing the illusion of personal connection.
Each of these elements is meticulously designed to induce panic while maintaining a façade of authenticity.
Why It’s Not Real
Despite the scary wording, this email is completely fake in nearly all cases. Here’s why:
No actual hacking occurred. The scammer has not gained access to your webcam, files, or network. They have no footage.
Email spoofing is easy. Scammers can make it look like the email was sent from your own address, but this does not mean your account is compromised.
No technical evidence is provided. The email offers no real proof of access — just threats.
Mass distribution patterns. Identical emails have been reported by thousands of recipients globally.
Cryptocurrency tracebacks reveal mass operations. The Bitcoin addresses used are connected to large-scale scam campaigns that collect small payments from multiple victims.
The Real Damage
Even though the claims are false, the consequences are real. Victims often experience intense anxiety, sleeplessness, and shame. Some delete social media accounts or isolate themselves out of fear. The emotional toll can be severe, even when no money is lost.
How the Scam Works
Let’s examine how this scam unfolds from the scammer’s perspective — from data collection to execution. Understanding these steps helps you recognize the red flags and respond wisely.
Step 1: Data Collection and Target Acquisition
Scammers start by gathering large lists of email addresses from data breaches, public forums, or email scraping tools. These databases may include old passwords, usernames, and sometimes phone numbers. The attacker buys or downloads these lists from online black markets and uses automated tools to sort and categorize them.
They may also check whether an address has appeared in known breaches using public resources like “Have I Been Pwned.” This helps them tailor the message with real details, giving the illusion of personalization.
Step 2: Writing the Script
The attacker then crafts the email. The writing style is crucial. The scammer deliberately uses conversational or broken English to sound like a real person rather than a machine. The script typically includes:
A personal-sounding greeting (“hello there”)
A fabricated backstory of hacking your device
Explicit language to evoke embarrassment
Instructions to pay a ransom in Bitcoin
A short time limit (48 hours)
A warning not to tell anyone
Closing lines implying politeness or sympathy
Every sentence is intentional. The scammer uses repetition (“we both know what I’m talking about”) to force you to internalize guilt, even if you did nothing wrong.
Here is how the email looks:
hello there
I know that your are and this email is yours
You might be wondering how I know this.
let me get straight to my point, a while ago i managed to access to your device and from there i spread myself across all the devices.
during this period i have managed to collect your internet history, and captured webcam footage of you playing with yourself while watching high controversial genre adult movies. ( with audio of course )
we both know what i’am talking about.
I believe you are starting to understand the gravity of this situation. I am sure your family, colleagues, and all your contacts would be interested in joining me to watch such disgraceful footage. My initial plan was to release this data and expose this side of you, which cannot be undone. However, I am not that kind of person.
Here is the deal: a small payment to save a reputation that has taken years to build.
transfer exactly $1200 worth of bit.coins to the wallet below.
For security purposes, the address is split into two parts that you need to combine:
(Merge both parts to get the full address: 1N4J********Div. This is how it should look before sending.)
part 1 : 1N4JMGxbqpu8EuBeLk part 2 : AfXjmGbP18VUxDiv
– make sure you are sending BTC ONLY ! – Use COPY & PASTE. Do not type the wallet address.
the deal is clear, the ball is on your court
a little to imagine is how your beloved ones will look at you? i bet never the same again.
Once transfer notification is received, I’ll be out and the data will be permanently deleted. you have 48h
Things that may be concerning you:
That funds transfer won’t be delivered to me.
Breathe out, I can track down everything right away, so once funds transfer is finished,
you have my word.
so, Kindly think twice before you do something. If until now you don’t believe me, all I need is one-two mouse clicks to make all those videos with everyone you know, remember i have your email and contacts. so if you want to see proofs? just reply and i will spread everything.
if you are new to this payment method, google ‘Bit Pay’, ‘Moon Pay’ , ‘Changelly’, alternative option is to use CASH you can search ‘BTC ATM near me’
At the end i would like to express that it was nice meeting you and looking forward to doing business with you.
Always remember do not try to be hero.
Best regards, LAZRUS
Step 3: Email Spoofing
The attacker uses spoofing tools to make the email appear as if it came from your own address. This trick reinforces the illusion that they have access to your account. However, spoofing does not require hacking. Anyone can manipulate the “From” field in an email using simple software.
When recipients see their own email address in the “From” line, panic sets in. That fear drives many to believe the scammer’s story without verifying it.
Step 4: Mass Distribution
Next, the attacker sends the message to thousands of recipients simultaneously using botnets or compromised email servers. Each message may contain a unique Bitcoin wallet to track who pays. The goal is volume: even if 1 in 10,000 victims pays, the attacker profits.
Scammers continuously test new subject lines, such as:
“You don’t want your secret out.”
“Your reputation is at risk.”
“I know you.”
“This email is yours.”
The aim is to bypass spam filters and maximize open rates.
Step 5: Fear and Confusion
Once the email reaches you, the psychological manipulation begins. The scammer’s objective is to make you act before thinking. The message claims they “will be notified once you open the email,” implying real-time monitoring. They threaten to release the footage if you don’t pay within the set timeframe.
This manipulation causes recipients to panic, leading to impulsive decisions — such as paying the ransom or deleting evidence instead of reporting it.
Step 6: The Payment Scheme
The scammer provides detailed instructions for buying Bitcoin. They mention legitimate exchanges like MoonPay or BitPay to appear credible. Some victims, unfamiliar with cryptocurrency, follow the instructions step by step.
Once Bitcoin is transferred, it’s nearly impossible to recover. The scammer moves the funds through multiple wallets or mixing services that obscure their origin. Most victims never hear from the scammer again after paying.
Step 7: Post-Payment Exploitation
If a victim pays, their email address is flagged as “responsive.” Scammers often share or sell lists of paying victims to other criminals. This can lead to future scams, additional extortion attempts, or phishing campaigns.
Step 8: The Aftermath
If no payment is made, nothing happens. The scammer doesn’t have any real footage to release. They simply move on to the next target. Many victims realize afterward that the entire story was fabricated.
What to Do If You Have Fallen Victim to This Scam
If you’ve received this email — or worse, paid the ransom — follow these steps immediately to secure your accounts, protect your identity, and prevent future targeting.
1. Do Not Reply or Engage
Never respond to the scammer. Engaging with them confirms your email is active and may trigger additional threats. Silence is your best defense.
2. Preserve the Evidence
Take screenshots of the email, including the header information. Save any details such as the Bitcoin wallet address and the exact wording of the threat. This information may be valuable for reporting to law enforcement.
3. Change All Passwords
If the email includes an old password or if you use the same password on multiple accounts, change them immediately. Use a strong, unique password for each site. A password manager can help you generate and store secure credentials.
4. Enable Two-Factor Authentication (2FA)
Activate 2FA on all critical accounts — email, banking, and social media. This adds an extra layer of protection, preventing unauthorized logins even if your password leaks.
5. Scan Your Devices
Run a full malware and antivirus scan using a trusted program. Although most sextortion scams don’t involve real hacking, it’s wise to confirm that your system is clean.
6. Check for Account Breaches
Visit “Have I Been Pwned” or similar services to check whether your email or passwords were leaked in past breaches. If so, change them and monitor your accounts closely.
7. Report the Scam
Report the incident to the relevant authorities in your country:
United States: FBI’s Internet Crime Complaint Center (IC3.gov) or FTC.gov
Forward the scam email with full headers for investigation.
8. Notify Your Email Provider
Most email providers have a reporting function for phishing or scam messages. Reporting helps filter similar threats from reaching other users.
9. If You Paid, Take Immediate Action
If you’ve already sent money:
Report the transaction to law enforcement immediately.
Provide the wallet address and transaction ID.
Inform your bank if you used linked financial accounts.
Save all records of communication.
Although Bitcoin payments are difficult to trace, investigators track wallets across campaigns to build cases against organized groups.
10. Protect Your Identity
Monitor your credit reports and online profiles for unusual activity. Consider enabling fraud alerts if you suspect your personal data has been misused.
11. Educate Others
Warn friends, family, and colleagues about this scam. Many victims suffer alone out of embarrassment, but open discussion prevents others from falling prey to the same trap.
12. Manage Emotional Impact
The fear and shame triggered by these scams can be intense. Remember: you did nothing wrong. Scammers exploit human psychology. If anxiety persists, consider speaking to a counselor or a trusted friend.
13. Stay Informed
Follow cybersecurity news sources and learn about common scam patterns. Awareness is the strongest prevention against online fraud.
Is Your Device Infected? Scan for Malware
If your computer or phone is slow, showing unwanted pop-ups, or acting strangely, malware could be the cause. Running a scan with Malwarebytes Anti-Malware Free is one of the most reliable ways to detect and remove harmful software. The free version can identify and clean common infections such as adware, browser hijackers, trojans, and other unwanted programs.
Malwarebytes works on Windows, Mac, and Android devices. Choose your operating system below and follow the steps to scan your device and remove any malware that might be slowing it down.
Malwarebytes for WindowsMalwarebytes for MacMalwarebytes for Android
Run a Malware Scan with Malwarebytes for Windows
Malwarebytes stands out as one of the leading and widely-used anti-malware solutions for Windows, and for good reason. It effectively eradicates various types of malware that other programs often overlook, all at no cost to you. When it comes to disinfecting an infected device, Malwarebytes has consistently been a free and indispensable tool in the battle against malware. We highly recommend it for maintaining a clean and secure system.
Download Malwarebytes
Download the latest version of Malwarebytes for Windows using the official link below. Malwarebytes will scan your computer and remove adware, browser hijackers, and other malicious software for free.
(The above link will open a new page from where you can download Malwarebytes)
Install Malwarebytes
After the download is complete, locate the MBSetup file, typically found in your Downloads folder. Double-click on the MBSetup file to begin the installation of Malwarebytes on your computer. If a User Account Control pop-up appears, click “Yes” to continue the Malwarebytes installation.
Follow the On-Screen Prompts to Install Malwarebytes
When the Malwarebytes installation begins, the setup wizard will guide you through the process.
You’ll first be prompted to choose the type of computer you’re installing the program on—select either “Personal Computer” or “Work Computer” as appropriate, then click on Next.
Malwarebytes will now begin the installation process on your device.
When the Malwarebytes installation is complete, the program will automatically open to the “Welcome to Malwarebytes” screen.
On the final screen, simply click on the Open Malwarebytes option to start the program.
Enable “Rootkit scanning”.
Malwarebytes Anti-Malware will now start, and you will see the main screen as shown below. To maximize Malwarebytes’ ability to detect malware and unwanted programs, we need to enable rootkit scanning. Click on the “Settings” gear icon located on the left of the screen to access the general settings section.
In the settings menu, enable the “Scan for rootkits” option by clicking the toggle switch until it turns blue.
Now that you have enabled rootkit scanning, click on the “Dashboard” button in the left pane to get back to the main screen.
Perform a Scan with Malwarebytes.
To start a scan, click the Scan button. Malwarebytes will automatically update its antivirus database and begin scanning your computer for malicious programs.
Wait for the Malwarebytes scan to complete.
Malwarebytes will now scan your computer for browser hijackers and other malicious programs. This process can take a few minutes, so we suggest you do something else and periodically check the status of the scan to see when it is finished.
Quarantine detected malware
Once the Malwarebytes scan is complete, it will display a list of detected malware, adware, and potentially unwanted programs. To effectively remove these threats, click the “Quarantine” button.
Malwarebytes will now delete all of the files and registry keys and add them to the program’s quarantine.
Restart your computer.
When removing files, Malwarebytes may require a reboot to fully eliminate some threats. If you see a message indicating that a reboot is needed, please allow it. Once your computer has restarted and you are logged back in, you can continue with the remaining steps.
Once the scan completes, remove all detected threats. Your Windows computer should now be clean and running smoothly again, free of trojans, adware, and other malware.
If your current antivirus allowed this malicious program on your computer, you may want to consider purchasing Malwarebytes Premium to protect against these types of threats in the future. If you are still having problems with your computer after completing these instructions, then please follow one of the steps:
Malwarebytes for Mac is an on-demand scanner that can destroy many types of malware that other software tends to miss without costing you absolutely anything. When it comes to cleaning up an infected device, Malwarebytes has always been free, and we recommend it as an essential tool in the fight against malware.
Download Malwarebytes for Mac.
You can download Malwarebytes for Mac by clicking the link below.
When Malwarebytes has finished downloading, double-click on the setup file to install Malwarebytes on your computer. In most cases, downloaded files are saved to the Downloads folder.
Follow the on-screen prompts to install Malwarebytes.
When the Malwarebytes installation begins, you will see the Malwarebytes for Mac Installer which will guide you through the installation process. Click “Continue“, then keep following the prompts to continue with the installation process.
When your Malwarebytes installation completes, the program opens to the Welcome to Malwarebytes screen. Click the “Get started” button.
Select “Personal Computer” or “Work Computer”.
The Malwarebytes Welcome screen will first ask you what type of computer are you installing this program, click either Personal Computer or Work Computer.
Click on “Scan”.
To scan your computer with Malwarebytes, click on the “Scan” button. Malwarebytes for Mac will automatically update the antivirus database and start scanning your computer for malware.
Wait for the Malwarebytes scan to complete.
Malwarebytes will scan your computer for adware, browser hijackers, and other malicious programs. This process can take a few minutes, so we suggest you do something else and periodically check on the status of the scan to see when it is finished.
Click on “Quarantine”.
When the scan has been completed, you will be presented with a screen showing the malware infections that Malwarebytes has detected. To remove the malware that Malwarebytes has found, click on the “Quarantine” button.
Restart computer.
Malwarebytes will now remove all the malicious files that it has found. To complete the malware removal process, Malwarebytes may ask you to restart your computer.
After scanning, delete any detected threats. Your Mac should now be free from adware, unwanted extensions, and other potentially harmful software.
If your current antivirus allowed a malicious program on your computer, you might want to consider purchasing the full-featured version of Malwarebytes Anti-Malware to protect against these types of threats in the future. If you are still experiencing problems while trying to remove a malicious program from your computer, please ask for help in our Mac Malware Removal Help & Support forum.
Run a Malware Scan with Malwarebytes for Android
Malwarebytes for Android automatically detects and removes dangerous threats like malware and ransomware so you don’t have to worry about your most-used device being compromised. Aggressive detection of adware and potentially unwanted programs keeps your Android phone or tablet running smooth.
Download Malwarebytes for Android.
You can download Malwarebytes for Android by clicking the link below.
In the Google Play Store, tap “Install” to install Malwarebytes for Android on your device.
When the installation process has finished, tap “Open” to begin using Malwarebytes for Android. You can also open Malwarebytes by tapping on its icon in your phone menu or home screen.
Follow the on-screen prompts to complete the setup process
When Malwarebytes will open, you will see the Malwarebytes Setup Wizard which will guide you through a series of permissions and other setup options. This is the first of two screens that explain the difference between the Premium and Free versions. Swipe this screen to continue. Tap on “Got it” to proceed to the next step. Malwarebytes for Android will now ask for a set of permissions that are required to scan your device and protect it from malware. Tap on “Give permission” to continue. Tap on “Allow” to permit Malwarebytes to access the files on your phone.
Update database and run a scan with Malwarebytes for Android
You will now be prompted to update the Malwarebytes database and run a full system scan.
Click on “Update database” to update the Malwarebytes for Android definitions to the latest version, then click on “Run full scan” to perform a system scan.
Wait for the Malwarebytes scan to complete.
Malwarebytes will now start scanning your phone for adware and other malicious apps. This process can take a few minutes, so we suggest you do something else and periodically check on the status of the scan to see when it is finished.
Click on “Remove Selected”.
When the scan has been completed, you will be presented with a screen showing the malware infections that Malwarebytes for Android has detected. To remove the malicious apps that Malwarebytes has found, tap on the “Remove Selected” button.
Restart your phone.
Malwarebytes for Android will now remove all the malicious apps that it has found. To complete the malware removal process, Malwarebytes may ask you to restart your device.
When the scan is finished, remove all detected threats. Your Android phone should now be free of malicious apps, adware, and unwanted browser redirects.
If your current antivirus allowed a malicious app on your phone, you may want to consider purchasing the full-featured version of Malwarebytes to protect against these types of threats in the future. If you are still having problems with your phone after completing these instructions, then please follow one of the steps:
Restore your phone to factory settings by going to Settings > General management > Reset > Factory data reset.
After cleaning your device, it’s important to protect it from future infections and annoying pop-ups. We recommend installing an ad blocker such as AdGuard. AdGuard blocks malicious ads, prevents phishing attempts, and stops dangerous redirects, helping you stay safe while browsing online.
The Bottom Line
The “I know that your are and this email is yours” email scam is not a sign of hacking or exposure — it’s a global cyber extortion hoax. The sender has not accessed your webcam, files, or private life. They rely on fear and urgency to manipulate victims into paying Bitcoin ransoms.
If you receive such an email, do not panic. Do not pay. Do not reply.
Instead, secure your accounts, change your passwords, enable two-factor authentication, report the scam, and delete the message after documenting it.
Frequently Asked Questions
1. What is the “I Know That Your Are and This Email Is Yours” email scam?
The “I Know That Your Are and This Email Is Yours” email scam is a sextortion scheme where the scammer claims to have hacked your computer and recorded compromising footage of you. They threaten to release this footage to your family or colleagues unless you pay a ransom in Bitcoin. The email is designed to frighten you into paying quickly. The truth is that the scammer has not hacked your computer or obtained any video. These emails are mass-produced and sent to thousands of addresses harvested from data breaches or public lists.
2. Why does the scammer say “I know that your are and this email is yours”?
This line is written to sound personal and convincing. By pretending to recognize you and confirm your email, the scammer makes the message feel targeted. The broken grammar and slightly awkward tone make it seem authentic rather than automated. It’s part of the scammer’s attempt to make you think they genuinely know who you are.
3. Is this scam real?
No. The scam is fake. There is no hacker monitoring you and no private footage of you exists. Cybersecurity authorities and law enforcement agencies have confirmed that these sextortion scams are fraudulent mass emails. The attackers do not have real access to your computer, webcam, or files.
4. How did the scammer get my email address?
Your email address may have been exposed in a data breach or found on a marketing list. Attackers often buy leaked data from the dark web or use freely available breach databases to send millions of identical emails at once. If the message contains an old password, it likely came from one of those leaks, not from your device.
5. Why do they demand payment in Bitcoin?
Bitcoin and other cryptocurrencies allow anonymous and irreversible transactions. Once you send the money, there is no way to get it back. That anonymity protects scammers from being traced by law enforcement. It’s why nearly all email extortion scams use cryptocurrency.
6. Why does the Bitcoin address appear split into two parts?
Splitting the Bitcoin address into two parts helps the scammer avoid spam filters that automatically block or flag full cryptocurrency addresses. They instruct you to merge both parts before sending payment, which makes the message less detectable by security systems. It’s a technical trick, not a sign of sophistication.
7. How can I tell this email is fake?
Several warning signs reveal the scam. The email contains poor grammar, spelling errors, and strange phrases. It demands cryptocurrency for silence. It imposes a short deadline to make you act quickly. It claims to have infected all your devices without showing real evidence. It often warns you not to tell anyone. All of these features indicate a fraudulent message.
8. What should I do if I receive this email?
Stay calm and follow these steps. Do not reply. Do not pay. Do not click any links or open attachments. Change your passwords immediately, especially if the email includes one you recognize. Enable two-factor authentication on your accounts. Run a full malware scan on your computer. Report the scam to your local cybercrime agency or your email provider. After documenting it with a screenshot, delete the email.
9. Should I pay the ransom?
Never pay the ransom. The scammer has nothing to deliver or delete because no footage exists. Paying confirms that you are a potential target and could result in further extortion attempts. Law enforcement agencies advise against paying in all such cases.
10. Can the scammer really access my webcam or files?
In almost every instance, they cannot. Modern operating systems restrict camera and microphone use. Unauthorized access would trigger visible notifications or indicator lights. You can double-check by scanning your system for malware and reviewing app permissions. As long as you keep your device updated and protected, you are safe.
11. Why does the email look like it came from my own address?
That is called email spoofing. Scammers use software to forge the sender’s address so it looks like the message came from your account. This trick is simple to perform and does not mean your email was hacked. You can confirm by logging into your account directly. If you can still sign in, your email is secure.
12. What if I already paid the scammer?
If you already sent Bitcoin, gather all the evidence you can. Save the email, payment confirmation, wallet address, and any communication. Report the case to law enforcement and your national cybercrime agency. Contact the cryptocurrency exchange if you bought the Bitcoin through one and explain what happened. Although recovery is unlikely, your report helps authorities trace wallets and build cases against these criminals.
13. Can I get in trouble for receiving or ignoring the email?
No. You have not committed any crime by receiving or ignoring the message. The scammer is the one committing extortion. Authorities encourage victims to report such incidents so they can warn others and investigate the perpetrators.
14. How widespread is this scam?
This scam is extremely common. Variants of the “I know that your are and this email is yours” message have circulated worldwide for several years. According to the FBI Internet Crime Complaint Center, extortion emails and sextortion schemes cause tens of millions of dollars in reported losses each year. Because many victims do not report them, the true number of attempts is much higher.
15. What if the email includes my real password?
If the email lists a password you used, it came from a data breach, not from hacking your computer. Immediately change that password anywhere it was used. Use strong, unique passwords for each site and consider a password manager to help you maintain them safely.
16. Is it dangerous to open the email?
Opening the message is not automatically harmful, but do not click on any links or download attachments. Some scammers include malicious attachments that can install malware. To prevent hidden tracking, turn off automatic image loading in your email settings. This stops the sender from knowing you opened the email.
17. What happens if I ignore the message completely?
If you ignore it, nothing happens. The scammer cannot release any videos because none exist. Most recipients who ignore these threats never hear from the sender again. The scammer simply moves on to other potential victims.
18. Are there different versions of this scam?
Yes. There are numerous variants with slightly different wording but the same structure. Common subject lines include “I recorded you,” “Your account has been hacked,” and “Your reputation is at risk.” Some messages mention ransomware or data leaks. Regardless of the variation, all rely on the same lie and demand for Bitcoin.
19. How can I protect myself from similar scams?
Practice strong cybersecurity habits. Use unique passwords and enable two-factor authentication on every important account. Keep your operating system, browser, and antivirus programs updated. Never click unknown links or attachments. Regularly review whether your data has appeared in any breaches. Educate yourself and those around you about online scams so everyone can recognize the signs early.
20. Where should I report this scam?
Report the email to official agencies in your country. In the United States, file a complaint with the FBI Internet Crime Complaint Center (IC3.gov) or the Federal Trade Commission (ReportFraud.ftc.gov). In the United Kingdom, forward the email to report@phishing.gov.uk or contact Action Fraud. In Australia, report it to Scamwatch.gov.au or the Australian Cyber Security Centre. In Canada, contact the Canadian Anti-Fraud Centre. Provide screenshots and full email headers when reporting to help investigators.
21. What if I feel too embarrassed to report it?
Many victims feel embarrassed, but there is no reason to be ashamed. The scammers rely on shame and silence to keep operating. Reporting the incident is responsible and helps protect others. Law enforcement officers handle these cases confidentially and without judgment.
22. How can I help others avoid this scam?
Share what you know. Talk to friends, coworkers, and family members about these sextortion emails. Encourage them not to panic if they receive one. If you manage a workplace or community group, include scam-awareness information in newsletters or meetings. Public awareness weakens the power of such scams.
Final Takeaway
The “I Know That Your Are and This Email Is Yours” scam is a psychological attack, not a real hack. The person behind it does not have any footage, data, or control of your devices. Their only weapon is fear. When you receive such a message, remain calm, secure your accounts, report the incident, and delete the email. Awareness and careful digital habits protect you and others from falling into the same trap.
10 Rules to Avoid Online Scams
Here are 10 practical safety rules to help you avoid malware, online shopping scams, crypto scams, and other online fraud. Each tip includes a quick “if you already got hit” action.
Stop and verify before you click, log in, download, or pay.
Most scams win by creating urgency. Verify using a trusted method: type the website address yourself, use the official app, or call a known number (not the one in the message).
If you already clicked: close the page, do not enter passwords, and run a malware scan.
Keep your operating system, browser, and apps updated.
Updates patch security holes used by malware and malicious ads. Turn on automatic updates where possible.
If you saw a scary “update now” pop-up: close it and update only through your device settings or the official app store.
Use layered protection: antivirus plus an ad blocker.
Antivirus helps block malware. An ad blocker reduces scam redirects, phishing pages, and malvertising.
If your browser is acting weird: remove unknown extensions, reset the browser, then run a full scan.
Install apps, software, and extensions only from official sources.
Avoid cracked software, “keygens,” and random downloads. During installs, choose Custom/Advanced and decline bundled offers you do not recognize.
If you already installed something suspicious: uninstall it, restart, and scan again.
Treat links and attachments as untrusted by default.
Phishing often impersonates delivery services, banks, and popular brands. If it is unexpected, do not open attachments or log in through the message.
If you entered credentials: change the password immediately and enable 2FA.
Shop safely: research the store, then pay with protection.
Be cautious with brand-new stores, “closing sale” stories, and prices that make no sense. Prefer credit cards or PayPal for dispute options. Avoid wire transfers, gift cards, and crypto payments.
If you already paid: contact your card issuer or PayPal quickly to dispute the transaction.
Crypto rule: never pay a “fee” to withdraw or recover money.
Common patterns include fake profits, then “tax,” “gas,” or “verification” fees. Another is a “recovery agent” who demands upfront crypto.
If you already sent crypto: stop paying, save evidence (wallet addresses, TXIDs, chats), and report the scam to the platform used.
Secure your accounts with unique passwords and 2FA (start with email).
Use a password manager and unique passwords for every account. Enable 2FA using an authenticator app when possible.
If you suspect an account takeover: change passwords, sign out of all devices, and review recent logins and recovery settings.
Back up important files and keep one backup offline.
Backups protect you from ransomware and device failure. Keep at least one backup on an external drive that is not always connected.
If you suspect infection: do not connect backup drives until the system is clean.
If you think you are a victim: stop losses, document evidence, and escalate fast.
Move quickly. Speed matters for disputes, account recovery, and limiting damage.
Stop payments and contact: do not send more money or respond to the scammer.
Call your bank or card issuer: block transactions, replace the card if needed, and start a dispute or chargeback.
Secure your email first: change the email password, enable 2FA, and remove unfamiliar recovery options.
Secure other accounts: change passwords, enable 2FA, and log out of all sessions.
Scan your device: remove suspicious apps or extensions, then run a full malware scan.
Save evidence: screenshots, emails, order pages, tracking pages, wallet addresses, TXIDs, and chat logs.
Report it: to the payment provider, marketplace, social platform, exchange, or wallet service involved.
These rules are intentionally simple. Most online losses happen when decisions are rushed. Slow down, verify independently, and use payment methods and account controls that give you recourse.
Thomas is an expert at uncovering scams and providing in-depth reporting on cyber threats and online fraud. As an editor, he is dedicated to keeping readers informed on the latest developments in cybersecurity and tech.
