If you’ve received a disturbing email claiming someone has access to your device, recorded an embarrassing video of you, and is threatening to expose it unless you pay in Bitcoin, you’re not alone. These blackmail messages are part of an increasingly common cybercrime tactic known as sextortion scams. One version of this scam begins with the message: “You visited some hacked websites with exploit…” — and it’s been spreading fast.
The scam uses fear, technical jargon, and fake hacking claims to manipulate victims into paying money quickly, often without questioning the legitimacy of the threat. In this article, we’ll break down exactly how this scam works, how you can spot it, and what to do if you’ve already received one of these emails or, worse, sent money.
Scam Overview
This scam is a textbook case of sextortion phishing, a cyber-extortion scheme designed to scare the recipient into sending cryptocurrency (usually Bitcoin) to a scammer. The attacker claims to have hacked your device, accessed your camera and microphone, and recorded intimate videos of you. The scammer then threatens to release this footage to your contacts, unless you pay a specific ransom — in this case, $1,290 in Bitcoin.
Let’s take a closer look at the email content and how it’s structured to manipulate the reader.
The Email Breakdown
The scam message follows a calculated psychological script:
Subject Line: Usually vague or curiosity-triggering, such as “Cooperation Offer” or “Your account was compromised”
Opening Hook: “Hello! This is not a formal email…”
Fear Induction: Claims of malware, keyloggers, access to your network, camera, microphone, etc.
Storytelling Element: Mentions personal misfortunes (e.g., the scammer has HIV, lost their job) to manipulate empathy.
Threat: “I recorded you. I will release the video unless you pay.”
Call to Action: Clear instructions to send Bitcoin to a specific address.
Deadline: 48 hours, accompanied by false claims like “I know when you open this email.”
Intimidation Tactics: Mentions TOR, untraceable payments, hacked admin accounts, social media exposure, and police being unable to help.
The Scam’s Goal
The attacker wants a fast, emotional reaction. The message is designed to bypass logic and create panic, leaving the recipient feeling trapped and desperate to avoid humiliation. Victims who feel fear, shame, or embarrassment may act without verifying the scammer’s claims or considering alternatives.
The attacker uses:
Technical terms to sound credible (e.g., “Trojan Horse”, “Exploit”, “keylogger”)
Social engineering to manipulate behavior
Urgency and isolation to prevent victims from asking for help or reporting the scam
Common Variants of This Scam
This scam has many cousins. Variations include:
Claims that a password was obtained (often old or leaked from unrelated data breaches)
Fake “proof” with screenshots or blurred images
Impersonation of authorities (e.g., FBI, ISP warning)
Messages that appear to come from your own email address, using spoofing techniques
No matter the version, the goal is always the same: convince the target that something private is about to be exposed and then offer a way out — for a price.
Why These Scams Work
The success of these scams relies on human psychology, not actual hacking. Here’s why they work:
Fear of exposure: Many people feel alarmed at the thought of private behaviors becoming public, even if no such video exists.
False authority: Technical language and confident tone create a false sense of credibility.
Sense of urgency: The “48-hour deadline” encourages impulsive action without due diligence.
Anonymity of Bitcoin: Makes recovery of money impossible and emboldens scammers.
Real-World Impact
Thousands of people have reported these emails globally, and while most do not pay, a concerning percentage do. For example, studies by cybersecurity firms have shown that 1 in 25 recipients may fall for such scams, especially if they have limited technical knowledge or experience panic and shame.
Even if no money is sent, these scams can cause:
Emotional distress
Loss of sleep
Fear of future exposure
Embarrassment to confide in others
And worse, responding to or paying the scammer can make you a target for more extortion attempts in the future.
How the Scam Works
To truly understand this scam, it’s important to break it down in fine detail. While the email may appear to describe an elaborate hacking operation, the truth is that this scam is a psychological con, not a technical one. Here’s how it works, from start to finish.
Step 1: Scammers Collect Email Addresses
The first step involves gathering a large list of valid email addresses. Scammers acquire these from:
Data breaches (many of which are publicly available)
Email scraping bots
Leaked contact lists on the dark web
Phishing websites or shady services
They don’t need to know who you are. They simply need a real, functioning email address to send their threat to.
Step 2: Bulk Email Campaigns
Once they have a list, scammers use email-sending scripts or botnets to deliver thousands of scam messages at once. These campaigns are highly automated.
Email subjects are carefully crafted to sound vague but alarming, such as:
“Important Information”
“Security Breach Detected”
“You have been recorded”
“Your device is compromised”
The goal is to get you to open the email out of fear or curiosity.
Here is how the emai might look:
Hello! As you can see, this is not a formal email, and unfortunately, it does not mean anything good for you. BUT do not despair, it is not critical. I am going to explain to you everything right now.
I have access to your electronic devices, which are the part of the local network you regularly use. I have been tracking your activity for the last few months.
How did that happen? You visited some hacked websites with Exploit, and your device was exposed to my malicious software (I bought it in Darknet from specialists in this field). This is a very complex software, operating as Trojan Horse. It updates regularly, and your antivirus can not detect it. The program has a keylogger; it can turn your camera and microphone on and off, send files and provide access to your local network.
It took me some time to get access to the information from other devices, and as of now, I have all your contacts with conversations, info about your locations, what you like, your favourite websites, etc. Honestly, I meant nothing bad at first and did that just for fun. This is my hobby.
But I got HIV and unfortunately lost my job. And I figured out how to use “my hobby” to get money from you! I recorded a video of you masturbating. This video has a separated screen, where you can be easily recognized; also, it can be clearly seen what sort of video you prefer. Well, I am not proud of this, but I need money to survive.
Let’s make a deal. You pay me as much as I ask you to, and I won’t send this video to your friends, family, and other acquaintances. You should understand, this is not a joke. I can send it by email, through SMS-link, social media, even post it in mass media (I have got some hacked accounts of their admins). So you can become Twitter or Instagram “Star”!
To avoid this, you should send me 1,290 USD in Bitcoins on my BTC wallet:1Q3ZMhxXKNdpySDFhtu6i8meoQLauuNo2S
If you don’t know how to use Bitcoins, search it in Bing or Google <> or other stuff like that. I will delete the video as soon as I receive the money. I will also delete the malicious software from your device, and you will never hear from me again. I’ll give you 2 days, that’s more than enough, I think. Time tracking will start as soon as you open this email, I am monitoring this!
And one last thing: It makes no sense to report about this to the police since I am using TOR, so there is no way to track Bitcoin transactions. Don’t respond to me (I generated this letter in your account and put the real address of the man who has no idea about this). In such a way, I make it impossible to track me.
If you ever do something stupid or against my expectations, I will immediately share this video. Good luck!
Step 3: Scare Tactics and Fake Tech Details
Once opened, the email launches into a chilling narrative. It says:
You visited hacked websites that delivered an exploit.
A custom Trojan Horse was installed on your system.
It includes a keylogger, camera/mic controller, and network scanner.
It has allegedly recorded a video of you masturbating.
This part of the scam is intentionally written to sound highly technical and believable. It uses cybersecurity buzzwords like:
Exploit
Keylogger
Trojan Horse
Darknet
TOR
Antivirus evasion
The truth? None of this actually happened.
Your device wasn’t hacked. There is no malware on your system, no camera access, and no compromising video. It’s all a lie.
Step 4: Social Engineering Twist — The “Human Side”
Midway through the email, the scammer introduces a backstory. They claim:
“Honestly, I meant nothing bad at first and did that just for fun… but I got HIV and lost my job.”
This is deliberate. The scammer is mixing threat with a plea for sympathy. It’s designed to disarm you emotionally and justify their blackmail attempt.
By appearing “human,” the scammer tries to reduce your anger and increase your likelihood of paying to “make the problem go away.”
Step 5: The Ransom Demand
Now comes the real goal of the scam:
“Send me $1,290 in Bitcoin.”
You are given a Bitcoin wallet address and instructed to search Google or Bing for how to send Bitcoin. This serves two purposes:
To help people unfamiliar with crypto still complete the transaction.
To suggest that this is a “standard” or legitimate thing to do.
Bitcoin is chosen because it is anonymous and irreversible. Once sent, there is no way to trace or recover the funds.
The email also includes a strict deadline:
“I’ll give you 2 days… Time tracking will start as soon as you open this email.”
This is a psychological trick. It makes the situation feel urgent and discourages you from seeking help or doing research.
Step 6: Fear of Public Exposure
The scammer then escalates the threat by stating they will:
Email the video to your contacts
Share it on social media
Post it on news websites
Leak it on adult sites
To make this threat seem real, the email may mention:
“I have your contact list”
“I know your favorite websites”
“I can impersonate you using hacked email accounts”
In truth, they have none of this information. It’s all bluff.
Step 7: Warnings Against Police or Reporting
To stop you from taking action or reporting them, the scammer includes another threat:
“It makes no sense to report this to the police since I use TOR.”
They also claim the email was sent from inside your own account or someone else’s compromised inbox, making them “untraceable.” These are lies meant to discourage you from contacting authorities or security experts.
They say not to reply to the email and that any action against them will result in immediate public release of the video.
This is fearmongering, nothing more.
Step 8: Wait and Repeat
Once sent, the scammer simply waits. They track Bitcoin wallets to see if any victims pay. If one does, they move on.
But sometimes they:
Send follow-up threats if no payment is made
Increase the ransom
Claim they already sent the video as punishment
Send the same message again weeks later
It’s all part of the extortion playbook.
What To Do If You Have Fallen Victim
Whether you’ve simply received the email, panicked and responded, or actually sent money, don’t worry — there are steps you can take. This scam is designed to prey on fear and silence. The most important thing is to act calmly and methodically.
Here’s exactly what you should do:
1. Do Not Pay the Ransom
It’s tempting to pay just to make the problem go away, especially if you’re worried about your reputation or relationships. But paying the ransom:
Confirms you are a viable target
Funds criminal activity
Increases your chances of being targeted again
Does not guarantee they will stop
Scammers rarely delete anything after being paid. In many cases, they continue to harass victims, demand more money, or share the Bitcoin wallet with other cybercriminals as a “hot lead.”
2. Do Not Respond to the Email
Avoid replying, even if you’re angry or want to threaten legal action. Any response:
Confirms your email is active
Opens the door to further manipulation
May trigger more extortion attempts
These messages are often automated or semi-automated. The more you engage, the more you’re likely to stay on their radar.
3. Mark the Email as Spam or Phishing
If you’re using Gmail, Outlook, Yahoo, or another mainstream provider, mark the email as “Phishing” or “Spam” immediately.
This helps:
Improve spam filters
Alert email providers to ongoing threats
Reduce your chances of receiving follow-up scams
Also consider creating a rule to automatically delete emails from the same sender if they persist.
4. Change Your Passwords If You Use the Same Email for Logins
Although the scam email itself is fake, the attackers may have obtained your email from a data breach, and you might be reusing that password across other services.
Use a site like haveibeenpwned.com to check if your email has been involved in a known breach.
If so, immediately:
Change your email password
Enable 2-Factor Authentication (2FA)
Update credentials for any connected accounts (banking, social media, etc.)
This is preventative, not a reaction to actual malware. The scammers likely have no access to your devices or accounts.
5. Scan Your Devices for Malware
While this scam does not involve real malware, it’s wise to scan your device anyway. This provides peace of mind and helps you rule out unrelated threats.
Use trusted antivirus or anti-malware tools such as:
Malwarebytes
Bitdefender
Kaspersky
Windows Defender
Run a full system scan and remove anything suspicious.
6. Cover or Disable Your Webcam (Optional)
Although this scam doesn’t involve actual webcam hacking, many people feel uneasy after reading it. To ease that concern, consider:
Using a sliding webcam cover
Taping over the camera when not in use
Disabling it from the Device Manager or system settings
For external cameras, simply unplugging them when not in use is enough.
7. Alert Your Contacts (If You’re Concerned About Spoofing)
Scammers may sometimes spoof your email address and send emails to your friends or family to add credibility to the threat. This doesn’t mean they hacked you. It means they forged the “From” field in the email.
If you’re worried this happened, consider alerting your contacts with a short message like:
“If you receive any strange or threatening messages from my email address, please ignore them. My account has not been hacked, but someone is sending fake emails pretending to be me.”
Don’t overexplain or panic. Just provide a calm heads-up.
8. Report the Scam to Authorities or Cybercrime Agencies
You can help fight back by reporting the scam. This may not lead to an arrest, but it helps:
Even if this scam was fake, other breaches may be real. Regularly monitor:
Email logins and unusual access
Social media accounts
Bank and credit card activity
Cloud storage (Google Drive, iCloud, Dropbox)
Use a password manager like 1Password or Bitwarden to keep track of your credentials and generate strong, unique passwords for every account.
10. Stay Informed and Educate Others
Scammers thrive in secrecy. Talk to friends, family, or coworkers — especially those who might fall for such threats. Help them recognize these red flags:
Threats of exposure
Demands for cryptocurrency
Fake hacking stories
Urgent deadlines
Emotional manipulation
The more we all share information, the less power scammers have.
Is Your Device Infected? Scan for Malware
If your computer or phone is slow, showing unwanted pop-ups, or acting strangely, malware could be the cause. Running a scan with Malwarebytes Anti-Malware Free is one of the most reliable ways to detect and remove harmful software. The free version can identify and clean common infections such as adware, browser hijackers, trojans, and other unwanted programs.
Malwarebytes works on Windows, Mac, and Android devices. Choose your operating system below and follow the steps to scan your device and remove any malware that might be slowing it down.
Malwarebytes for WindowsMalwarebytes for MacMalwarebytes for Android
Run a Malware Scan with Malwarebytes for Windows
Malwarebytes stands out as one of the leading and widely-used anti-malware solutions for Windows, and for good reason. It effectively eradicates various types of malware that other programs often overlook, all at no cost to you. When it comes to disinfecting an infected device, Malwarebytes has consistently been a free and indispensable tool in the battle against malware. We highly recommend it for maintaining a clean and secure system.
Download Malwarebytes
Download the latest version of Malwarebytes for Windows using the official link below. Malwarebytes will scan your computer and remove adware, browser hijackers, and other malicious software for free.
(The above link will open a new page from where you can download Malwarebytes)
Install Malwarebytes
After the download is complete, locate the MBSetup file, typically found in your Downloads folder. Double-click on the MBSetup file to begin the installation of Malwarebytes on your computer. If a User Account Control pop-up appears, click “Yes” to continue the Malwarebytes installation.
Follow the On-Screen Prompts to Install Malwarebytes
When the Malwarebytes installation begins, the setup wizard will guide you through the process.
You’ll first be prompted to choose the type of computer you’re installing the program on—select either “Personal Computer” or “Work Computer” as appropriate, then click on Next.
Malwarebytes will now begin the installation process on your device.
When the Malwarebytes installation is complete, the program will automatically open to the “Welcome to Malwarebytes” screen.
On the final screen, simply click on the Open Malwarebytes option to start the program.
Enable “Rootkit scanning”.
Malwarebytes Anti-Malware will now start, and you will see the main screen as shown below. To maximize Malwarebytes’ ability to detect malware and unwanted programs, we need to enable rootkit scanning. Click on the “Settings” gear icon located on the left of the screen to access the general settings section.
In the settings menu, enable the “Scan for rootkits” option by clicking the toggle switch until it turns blue.
Now that you have enabled rootkit scanning, click on the “Dashboard” button in the left pane to get back to the main screen.
Perform a Scan with Malwarebytes.
To start a scan, click the Scan button. Malwarebytes will automatically update its antivirus database and begin scanning your computer for malicious programs.
Wait for the Malwarebytes scan to complete.
Malwarebytes will now scan your computer for browser hijackers and other malicious programs. This process can take a few minutes, so we suggest you do something else and periodically check the status of the scan to see when it is finished.
Quarantine detected malware
Once the Malwarebytes scan is complete, it will display a list of detected malware, adware, and potentially unwanted programs. To effectively remove these threats, click the “Quarantine” button.
Malwarebytes will now delete all of the files and registry keys and add them to the program’s quarantine.
Restart your computer.
When removing files, Malwarebytes may require a reboot to fully eliminate some threats. If you see a message indicating that a reboot is needed, please allow it. Once your computer has restarted and you are logged back in, you can continue with the remaining steps.
Once the scan completes, remove all detected threats. Your Windows computer should now be clean and running smoothly again, free of trojans, adware, and other malware.
If your current antivirus allowed this malicious program on your computer, you may want to consider purchasing Malwarebytes Premium to protect against these types of threats in the future. If you are still having problems with your computer after completing these instructions, then please follow one of the steps:
Malwarebytes for Mac is an on-demand scanner that can destroy many types of malware that other software tends to miss without costing you absolutely anything. When it comes to cleaning up an infected device, Malwarebytes has always been free, and we recommend it as an essential tool in the fight against malware.
Download Malwarebytes for Mac.
You can download Malwarebytes for Mac by clicking the link below.
When Malwarebytes has finished downloading, double-click on the setup file to install Malwarebytes on your computer. In most cases, downloaded files are saved to the Downloads folder.
Follow the on-screen prompts to install Malwarebytes.
When the Malwarebytes installation begins, you will see the Malwarebytes for Mac Installer which will guide you through the installation process. Click “Continue“, then keep following the prompts to continue with the installation process.
When your Malwarebytes installation completes, the program opens to the Welcome to Malwarebytes screen. Click the “Get started” button.
Select “Personal Computer” or “Work Computer”.
The Malwarebytes Welcome screen will first ask you what type of computer are you installing this program, click either Personal Computer or Work Computer.
Click on “Scan”.
To scan your computer with Malwarebytes, click on the “Scan” button. Malwarebytes for Mac will automatically update the antivirus database and start scanning your computer for malware.
Wait for the Malwarebytes scan to complete.
Malwarebytes will scan your computer for adware, browser hijackers, and other malicious programs. This process can take a few minutes, so we suggest you do something else and periodically check on the status of the scan to see when it is finished.
Click on “Quarantine”.
When the scan has been completed, you will be presented with a screen showing the malware infections that Malwarebytes has detected. To remove the malware that Malwarebytes has found, click on the “Quarantine” button.
Restart computer.
Malwarebytes will now remove all the malicious files that it has found. To complete the malware removal process, Malwarebytes may ask you to restart your computer.
After scanning, delete any detected threats. Your Mac should now be free from adware, unwanted extensions, and other potentially harmful software.
If your current antivirus allowed a malicious program on your computer, you might want to consider purchasing the full-featured version of Malwarebytes Anti-Malware to protect against these types of threats in the future. If you are still experiencing problems while trying to remove a malicious program from your computer, please ask for help in our Mac Malware Removal Help & Support forum.
Run a Malware Scan with Malwarebytes for Android
Malwarebytes for Android automatically detects and removes dangerous threats like malware and ransomware so you don’t have to worry about your most-used device being compromised. Aggressive detection of adware and potentially unwanted programs keeps your Android phone or tablet running smooth.
Download Malwarebytes for Android.
You can download Malwarebytes for Android by clicking the link below.
In the Google Play Store, tap “Install” to install Malwarebytes for Android on your device.
When the installation process has finished, tap “Open” to begin using Malwarebytes for Android. You can also open Malwarebytes by tapping on its icon in your phone menu or home screen.
Follow the on-screen prompts to complete the setup process
When Malwarebytes will open, you will see the Malwarebytes Setup Wizard which will guide you through a series of permissions and other setup options. This is the first of two screens that explain the difference between the Premium and Free versions. Swipe this screen to continue. Tap on “Got it” to proceed to the next step. Malwarebytes for Android will now ask for a set of permissions that are required to scan your device and protect it from malware. Tap on “Give permission” to continue. Tap on “Allow” to permit Malwarebytes to access the files on your phone.
Update database and run a scan with Malwarebytes for Android
You will now be prompted to update the Malwarebytes database and run a full system scan.
Click on “Update database” to update the Malwarebytes for Android definitions to the latest version, then click on “Run full scan” to perform a system scan.
Wait for the Malwarebytes scan to complete.
Malwarebytes will now start scanning your phone for adware and other malicious apps. This process can take a few minutes, so we suggest you do something else and periodically check on the status of the scan to see when it is finished.
Click on “Remove Selected”.
When the scan has been completed, you will be presented with a screen showing the malware infections that Malwarebytes for Android has detected. To remove the malicious apps that Malwarebytes has found, tap on the “Remove Selected” button.
Restart your phone.
Malwarebytes for Android will now remove all the malicious apps that it has found. To complete the malware removal process, Malwarebytes may ask you to restart your device.
When the scan is finished, remove all detected threats. Your Android phone should now be free of malicious apps, adware, and unwanted browser redirects.
If your current antivirus allowed a malicious app on your phone, you may want to consider purchasing the full-featured version of Malwarebytes to protect against these types of threats in the future. If you are still having problems with your phone after completing these instructions, then please follow one of the steps:
Restore your phone to factory settings by going to Settings > General management > Reset > Factory data reset.
After cleaning your device, it’s important to protect it from future infections and annoying pop-ups. We recommend installing an ad blocker such as AdGuard. AdGuard blocks malicious ads, prevents phishing attempts, and stops dangerous redirects, helping you stay safe while browsing online.
The Bottom Line
The “You visited some hacked websites with exploit” email scam is nothing more than a cleverly worded hoax designed to exploit fear, shame, and panic. These scammers don’t have access to your webcam. They haven’t installed malware. And they definitely haven’t recorded any compromising video.
Their strength lies not in hacking skills, but in social engineering. They craft believable lies, hide behind anonymity, and pressure victims into making impulsive, emotional decisions. But once you understand their tactics, their power vanishes.
If you receive a message like this:
Do not panic
Do not pay
Do not respond
Instead, treat it like what it is — a mass-produced scam built to steal from as many people as possible. Protect yourself by strengthening your passwords, enabling two-factor authentication, scanning for malware, and staying informed.
And most importantly, talk about it. These scams thrive in silence and shame. The more people know the truth, the less likely they are to fall victim.
You’re not alone, and you’re not helpless. With the right knowledge and tools, you can protect your digital life from these manipulative tactics — and help others do the same.
Frequently Asked Questions
What is the “You Visited Some Hacked Websites With Exploit” email scam?
This scam is a type of sextortion phishing email that falsely claims the sender hacked your device after you visited a hacked website. The scammer pretends to have gained control over your camera and microphone, allegedly recording a compromising video of you. They demand a ransom in Bitcoin, threatening to release the video to your contacts if you don’t pay. In reality, there is no malware, no hacked device, and no video.
Is the email saying I was recorded visiting adult websites real?
No, this email is completely fake. It’s designed to scare you into believing your privacy has been violated. Scammers use generic threats, technical jargon, and emotional manipulation to push victims into paying quickly. There is no actual recording or video of you, and your device was not compromised just by receiving or reading the email.
Did I really get hacked by visiting a website?
No. The claim that you visited a “hacked website with an exploit” is false and misleading. These emails are sent in bulk and do not target you specifically. They are part of a mass scam campaign. Unless you downloaded and ran malicious software, or visited a phishing page and entered sensitive data, you were not hacked.
Should I pay the $1,290 ransom in Bitcoin?
Never pay the ransom. Paying not only rewards criminal behavior, but it also puts you at greater risk. Victims who pay often become repeat targets, as scammers now know they can be manipulated. There is no guarantee that the scammer will stop contacting you or delete any so-called “evidence.”
What happens if I pay the scammer?
If you send the money, several things may happen:
The scammer may demand more money later.
Your email may be added to a “sucker list” shared among cybercriminals.
You may experience further harassment or threats.
You’ll never recover the money, as Bitcoin payments are irreversible.
Is my computer infected with a Trojan or malware?
It’s highly unlikely. These scams are based on lies and psychological tricks, not real malware. However, for peace of mind, you should run a full antivirus and anti-malware scan using reputable tools like Malwarebytes, Bitdefender, or Windows Defender. This ensures your device is clean and gives you confidence moving forward.
How do scammers make the email look so convincing?
Scammers use several tactics:
Stolen email addresses from past data breaches
Spoofed email headers to make it appear as though the message came from your own account
Technical language to simulate hacking
Emotional storytelling to gain sympathy
Urgency and threats to discourage rational thinking
These are all forms of social engineering, not proof of any real intrusion.
Why does the email say the countdown started when I opened it?
This is a bluff. The email claims that a timer starts once you read the message, but standard emails cannot track when they are opened, unless they include tracking pixels (which this type of scam rarely does). Even if they did, they would not be able to trigger a countdown or monitor your activity as claimed.
What should I do if I opened the scam email?
Opening the email does not infect your device. Scam emails like this are only dangerous if you:
Click on links to malicious websites
Download and run attachments
Share sensitive information
Simply reading the message is safe. Still, it’s wise to mark the email as spam or phishing and delete it.
How do I report the “You Visited Some Hacked Websites With Exploit” scam?
You can report the scam to help stop the spread and alert authorities. Here’s how:
Should I change my passwords after receiving this scam?
If you’re reusing passwords or suspect your email was involved in a data breach, yes — you should change your email and other account passwords immediately. Also, enable two-factor authentication (2FA) to strengthen your account security.
Use a tool like haveibeenpwned.com to check if your email was exposed in a known breach.
Can the scammer really access my webcam or microphone?
No. The claim that they turned on your webcam or microphone remotely using malware is completely fake. Without you installing malicious software or explicitly granting permissions, external access to your camera is not possible. Most devices have hardware-level controls or notification lights that show when the camera is active.
Why do scammers say not to go to the police?
Scammers include warnings against contacting the police to isolate the victim. They falsely claim they are untraceable because they use TOR or fake return addresses. This is meant to intimidate and prevent you from seeking help. You should always feel free to contact law enforcement or cybercrime authorities, especially if you’re feeling harassed or threatened.
Can I ignore the email and move on?
Yes, in most cases, simply ignoring and deleting the email is enough. But it’s still a good idea to:
Change important passwords
Enable 2FA
Run a malware scan
Inform others so they don’t fall for the same scam
Remaining calm and informed is the best protection against email extortion scams.
Thomas is an expert at uncovering scams and providing in-depth reporting on cyber threats and online fraud. As an editor, he is dedicated to keeping readers informed on the latest developments in cybersecurity and tech.
