You Visited Some Hacked Websites With Exploit Email Scam
Written by: Thomas Orsolya
Published on:
If you’ve received a disturbing email claiming someone has access to your device, recorded an embarrassing video of you, and is threatening to expose it unless you pay in Bitcoin, you’re not alone. These blackmail messages are part of an increasingly common cybercrime tactic known as sextortion scams. One version of this scam begins with the message: “You visited some hacked websites with exploit…” — and it’s been spreading fast.
The scam uses fear, technical jargon, and fake hacking claims to manipulate victims into paying money quickly, often without questioning the legitimacy of the threat. In this article, we’ll break down exactly how this scam works, how you can spot it, and what to do if you’ve already received one of these emails or, worse, sent money.
Scam Overview
This scam is a textbook case of sextortion phishing, a cyber-extortion scheme designed to scare the recipient into sending cryptocurrency (usually Bitcoin) to a scammer. The attacker claims to have hacked your device, accessed your camera and microphone, and recorded intimate videos of you. The scammer then threatens to release this footage to your contacts, unless you pay a specific ransom — in this case, $1,290 in Bitcoin.
Let’s take a closer look at the email content and how it’s structured to manipulate the reader.
The Email Breakdown
The scam message follows a calculated psychological script:
Subject Line: Usually vague or curiosity-triggering, such as “Cooperation Offer” or “Your account was compromised”
Opening Hook: “Hello! This is not a formal email…”
Fear Induction: Claims of malware, keyloggers, access to your network, camera, microphone, etc.
Storytelling Element: Mentions personal misfortunes (e.g., the scammer has HIV, lost their job) to manipulate empathy.
Threat: “I recorded you. I will release the video unless you pay.”
Call to Action: Clear instructions to send Bitcoin to a specific address.
Deadline: 48 hours, accompanied by false claims like “I know when you open this email.”
Intimidation Tactics: Mentions TOR, untraceable payments, hacked admin accounts, social media exposure, and police being unable to help.
The Scam’s Goal
The attacker wants a fast, emotional reaction. The message is designed to bypass logic and create panic, leaving the recipient feeling trapped and desperate to avoid humiliation. Victims who feel fear, shame, or embarrassment may act without verifying the scammer’s claims or considering alternatives.
The attacker uses:
Technical terms to sound credible (e.g., “Trojan Horse”, “Exploit”, “keylogger”)
Social engineering to manipulate behavior
Urgency and isolation to prevent victims from asking for help or reporting the scam
Common Variants of This Scam
This scam has many cousins. Variations include:
Claims that a password was obtained (often old or leaked from unrelated data breaches)
Fake “proof” with screenshots or blurred images
Impersonation of authorities (e.g., FBI, ISP warning)
Messages that appear to come from your own email address, using spoofing techniques
No matter the version, the goal is always the same: convince the target that something private is about to be exposed and then offer a way out — for a price.
Why These Scams Work
The success of these scams relies on human psychology, not actual hacking. Here’s why they work:
Fear of exposure: Many people feel alarmed at the thought of private behaviors becoming public, even if no such video exists.
False authority: Technical language and confident tone create a false sense of credibility.
Sense of urgency: The “48-hour deadline” encourages impulsive action without due diligence.
Anonymity of Bitcoin: Makes recovery of money impossible and emboldens scammers.
Real-World Impact
Thousands of people have reported these emails globally, and while most do not pay, a concerning percentage do. For example, studies by cybersecurity firms have shown that 1 in 25 recipients may fall for such scams, especially if they have limited technical knowledge or experience panic and shame.
Even if no money is sent, these scams can cause:
Emotional distress
Loss of sleep
Fear of future exposure
Embarrassment to confide in others
And worse, responding to or paying the scammer can make you a target for more extortion attempts in the future.
How the Scam Works
To truly understand this scam, it’s important to break it down in fine detail. While the email may appear to describe an elaborate hacking operation, the truth is that this scam is a psychological con, not a technical one. Here’s how it works, from start to finish.
Step 1: Scammers Collect Email Addresses
The first step involves gathering a large list of valid email addresses. Scammers acquire these from:
Data breaches (many of which are publicly available)
Email scraping bots
Leaked contact lists on the dark web
Phishing websites or shady services
They don’t need to know who you are. They simply need a real, functioning email address to send their threat to.
Step 2: Bulk Email Campaigns
Once they have a list, scammers use email-sending scripts or botnets to deliver thousands of scam messages at once. These campaigns are highly automated.
Email subjects are carefully crafted to sound vague but alarming, such as:
“Important Information”
“Security Breach Detected”
“You have been recorded”
“Your device is compromised”
The goal is to get you to open the email out of fear or curiosity.
Here is how the emai might look:
Hello! As you can see, this is not a formal email, and unfortunately, it does not mean anything good for you. BUT do not despair, it is not critical. I am going to explain to you everything right now.
I have access to your electronic devices, which are the part of the local network you regularly use. I have been tracking your activity for the last few months.
How did that happen? You visited some hacked websites with Exploit, and your device was exposed to my malicious software (I bought it in Darknet from specialists in this field). This is a very complex software, operating as Trojan Horse. It updates regularly, and your antivirus can not detect it. The program has a keylogger; it can turn your camera and microphone on and off, send files and provide access to your local network.
It took me some time to get access to the information from other devices, and as of now, I have all your contacts with conversations, info about your locations, what you like, your favourite websites, etc. Honestly, I meant nothing bad at first and did that just for fun. This is my hobby.
But I got HIV and unfortunately lost my job. And I figured out how to use “my hobby” to get money from you! I recorded a video of you masturbating. This video has a separated screen, where you can be easily recognized; also, it can be clearly seen what sort of video you prefer. Well, I am not proud of this, but I need money to survive.
Let’s make a deal. You pay me as much as I ask you to, and I won’t send this video to your friends, family, and other acquaintances. You should understand, this is not a joke. I can send it by email, through SMS-link, social media, even post it in mass media (I have got some hacked accounts of their admins). So you can become Twitter or Instagram “Star”!
To avoid this, you should send me 1,290 USD in Bitcoins on my BTC wallet:1Q3ZMhxXKNdpySDFhtu6i8meoQLauuNo2S
If you don’t know how to use Bitcoins, search it in Bing or Google <> or other stuff like that. I will delete the video as soon as I receive the money. I will also delete the malicious software from your device, and you will never hear from me again. I’ll give you 2 days, that’s more than enough, I think. Time tracking will start as soon as you open this email, I am monitoring this!
And one last thing: It makes no sense to report about this to the police since I am using TOR, so there is no way to track Bitcoin transactions. Don’t respond to me (I generated this letter in your account and put the real address of the man who has no idea about this). In such a way, I make it impossible to track me.
If you ever do something stupid or against my expectations, I will immediately share this video. Good luck!
Step 3: Scare Tactics and Fake Tech Details
Once opened, the email launches into a chilling narrative. It says:
You visited hacked websites that delivered an exploit.
A custom Trojan Horse was installed on your system.
It includes a keylogger, camera/mic controller, and network scanner.
It has allegedly recorded a video of you masturbating.
This part of the scam is intentionally written to sound highly technical and believable. It uses cybersecurity buzzwords like:
Exploit
Keylogger
Trojan Horse
Darknet
TOR
Antivirus evasion
The truth? None of this actually happened.
Your device wasn’t hacked. There is no malware on your system, no camera access, and no compromising video. It’s all a lie.
Step 4: Social Engineering Twist — The “Human Side”
Midway through the email, the scammer introduces a backstory. They claim:
“Honestly, I meant nothing bad at first and did that just for fun… but I got HIV and lost my job.”
This is deliberate. The scammer is mixing threat with a plea for sympathy. It’s designed to disarm you emotionally and justify their blackmail attempt.
By appearing “human,” the scammer tries to reduce your anger and increase your likelihood of paying to “make the problem go away.”
Step 5: The Ransom Demand
Now comes the real goal of the scam:
“Send me $1,290 in Bitcoin.”
You are given a Bitcoin wallet address and instructed to search Google or Bing for how to send Bitcoin. This serves two purposes:
To help people unfamiliar with crypto still complete the transaction.
To suggest that this is a “standard” or legitimate thing to do.
Bitcoin is chosen because it is anonymous and irreversible. Once sent, there is no way to trace or recover the funds.
The email also includes a strict deadline:
“I’ll give you 2 days… Time tracking will start as soon as you open this email.”
This is a psychological trick. It makes the situation feel urgent and discourages you from seeking help or doing research.
Step 6: Fear of Public Exposure
The scammer then escalates the threat by stating they will:
Email the video to your contacts
Share it on social media
Post it on news websites
Leak it on adult sites
To make this threat seem real, the email may mention:
“I have your contact list”
“I know your favorite websites”
“I can impersonate you using hacked email accounts”
In truth, they have none of this information. It’s all bluff.
Step 7: Warnings Against Police or Reporting
To stop you from taking action or reporting them, the scammer includes another threat:
“It makes no sense to report this to the police since I use TOR.”
They also claim the email was sent from inside your own account or someone else’s compromised inbox, making them “untraceable.” These are lies meant to discourage you from contacting authorities or security experts.
They say not to reply to the email and that any action against them will result in immediate public release of the video.
This is fearmongering, nothing more.
Step 8: Wait and Repeat
Once sent, the scammer simply waits. They track Bitcoin wallets to see if any victims pay. If one does, they move on.
But sometimes they:
Send follow-up threats if no payment is made
Increase the ransom
Claim they already sent the video as punishment
Send the same message again weeks later
It’s all part of the extortion playbook.
What To Do If You Have Fallen Victim
Whether you’ve simply received the email, panicked and responded, or actually sent money, don’t worry — there are steps you can take. This scam is designed to prey on fear and silence. The most important thing is to act calmly and methodically.
Here’s exactly what you should do:
1. Do Not Pay the Ransom
It’s tempting to pay just to make the problem go away, especially if you’re worried about your reputation or relationships. But paying the ransom:
Confirms you are a viable target
Funds criminal activity
Increases your chances of being targeted again
Does not guarantee they will stop
Scammers rarely delete anything after being paid. In many cases, they continue to harass victims, demand more money, or share the Bitcoin wallet with other cybercriminals as a “hot lead.”
2. Do Not Respond to the Email
Avoid replying, even if you’re angry or want to threaten legal action. Any response:
Confirms your email is active
Opens the door to further manipulation
May trigger more extortion attempts
These messages are often automated or semi-automated. The more you engage, the more you’re likely to stay on their radar.
3. Mark the Email as Spam or Phishing
If you’re using Gmail, Outlook, Yahoo, or another mainstream provider, mark the email as “Phishing” or “Spam” immediately.
This helps:
Improve spam filters
Alert email providers to ongoing threats
Reduce your chances of receiving follow-up scams
Also consider creating a rule to automatically delete emails from the same sender if they persist.
4. Change Your Passwords If You Use the Same Email for Logins
Although the scam email itself is fake, the attackers may have obtained your email from a data breach, and you might be reusing that password across other services.
Use a site like haveibeenpwned.com to check if your email has been involved in a known breach.
If so, immediately:
Change your email password
Enable 2-Factor Authentication (2FA)
Update credentials for any connected accounts (banking, social media, etc.)
This is preventative, not a reaction to actual malware. The scammers likely have no access to your devices or accounts.
5. Scan Your Devices for Malware
While this scam does not involve real malware, it’s wise to scan your device anyway. This provides peace of mind and helps you rule out unrelated threats.
Use trusted antivirus or anti-malware tools such as:
Malwarebytes
Bitdefender
Kaspersky
Windows Defender
Run a full system scan and remove anything suspicious.
6. Cover or Disable Your Webcam (Optional)
Although this scam doesn’t involve actual webcam hacking, many people feel uneasy after reading it. To ease that concern, consider:
Using a sliding webcam cover
Taping over the camera when not in use
Disabling it from the Device Manager or system settings
For external cameras, simply unplugging them when not in use is enough.
7. Alert Your Contacts (If You’re Concerned About Spoofing)
Scammers may sometimes spoof your email address and send emails to your friends or family to add credibility to the threat. This doesn’t mean they hacked you. It means they forged the “From” field in the email.
If you’re worried this happened, consider alerting your contacts with a short message like:
“If you receive any strange or threatening messages from my email address, please ignore them. My account has not been hacked, but someone is sending fake emails pretending to be me.”
Don’t overexplain or panic. Just provide a calm heads-up.
8. Report the Scam to Authorities or Cybercrime Agencies
You can help fight back by reporting the scam. This may not lead to an arrest, but it helps:
Even if this scam was fake, other breaches may be real. Regularly monitor:
Email logins and unusual access
Social media accounts
Bank and credit card activity
Cloud storage (Google Drive, iCloud, Dropbox)
Use a password manager like 1Password or Bitwarden to keep track of your credentials and generate strong, unique passwords for every account.
10. Stay Informed and Educate Others
Scammers thrive in secrecy. Talk to friends, family, or coworkers — especially those who might fall for such threats. Help them recognize these red flags:
Threats of exposure
Demands for cryptocurrency
Fake hacking stories
Urgent deadlines
Emotional manipulation
The more we all share information, the less power scammers have.
Is Your Device Infected? Run a Free Malware Scan
Slow performance, constant pop-ups, or strange behavior? These are classic signs of a malware infection. The fastest way to find out is to scan your device with Malwarebytes Anti-Malware Free — one of the most trusted malware removal tools available.
The free version detects and removes the most common threats, including:
Adware — the cause of those annoying pop-ups
Browser hijackers — unwanted redirects and changed homepages
Trojans and spyware — hidden programs stealing your data
Potentially unwanted programs (PUPs) — software you never asked for
👉 Select your device below — Windows, Mac, or Android — then follow the simple steps to download Malwarebytes, scan your system, and remove any threats it finds. The whole process takes about 5 minutes.
Malwarebytes for WindowsMalwarebytes for MacMalwarebytes for Android
Run a Malware Scan with Malwarebytes for Windows
Malwarebytes is one of the most popular and trusted anti-malware tools for Windows — and it’s completely free for removing infections. It catches threats that many antivirus programs miss, including adware, browser hijackers, and trojans. Follow the steps below to scan and clean your PC in just a few minutes.
Download Malwarebytes
Click the button below to download the latest version of Malwarebytes for Windows from the official source. The free version is all you need — it will scan your computer and remove adware, browser hijackers, and other malicious software at no cost.
(The link opens in a new page where your download will start)
Install Malwarebytes
When the download finishes, open your Downloads folder and double-click the MBSetup file. If Windows shows a User Account Control pop-up, click “Yes” to allow the installation.
Follow the On-Screen Prompts to Install Malwarebytes
The setup wizard will walk you through a few quick screens:
Choose where you’re installing the program — “Personal Computer” or “Work Computer” — then click Next.
Malwarebytes will now install on your device. This usually takes under a minute.
When installation is complete, the “Welcome to Malwarebytes” screen will open automatically.
On the final screen, click Open Malwarebytes to launch the program.
Enable “Scan for Rootkits”
Before scanning, turn on rootkit detection so Malwarebytes can find even the most hidden threats. Click the Settings gear icon on the left side of the screen.
In the settings menu, find “Scan for rootkits” and click the toggle so it turns blue.
Done? Click “Dashboard” in the left pane to return to the main screen.
Start the Scan
Click the blue Scan button. Malwarebytes will automatically update its virus database and start checking your computer for malware.
Wait for the Scan to Finish
The scan checks your entire system for browser hijackers and other malicious programs, so it can take several minutes. Feel free to do something else — just check back occasionally to see the progress.
Quarantine the Detected Threats
When the scan is done, you’ll see a list of everything Malwarebytes found — malware, adware, and potentially unwanted programs. Click the “Quarantine” button to remove all of them at once.
Malwarebytes will now remove the malicious files and registry entries and move them safely into quarantine.
Restart Your Computer
Some threats can only be fully removed after a reboot. If Malwarebytes asks you to restart, click Yes. Once you’re logged back in, your PC is clean and you can continue with the next steps in this guide.
When the scan finishes, click Quarantine to remove everything Malwarebytes found. That’s it — your Windows PC is now clean of trojans, adware, and other malware, and should be back to running smoothly.
If your current antivirus allowed this malicious program on your computer, you may want to consider purchasing Malwarebytes Premium to protect against these types of threats in the future. If you are still having problems with your computer after completing these instructions, then please follow one of the steps:
Malwarebytes for Mac is a free on-demand scanner that removes the malware other security software tends to miss — adware, browser hijackers, and unwanted programs included. Cleaning an infected Mac with Malwarebytes has always been completely free, and it’s our go-to recommendation. Follow the steps below to scan and clean your Mac in just a few minutes.
Download Malwarebytes for Mac
Click the button below to download the latest version of Malwarebytes for Mac.
When the download finishes, open your Downloads folder and double-click the setup file to begin the installation.
Follow the On-Screen Prompts to Install Malwarebytes
The Malwarebytes for Mac Installer will guide you through a few quick screens. Click “Continue” and keep following the prompts until the installation completes.
When the installation is complete, Malwarebytes opens to the Welcome to Malwarebytes screen. Click “Get started“.
Select “Personal Computer” or “Work Computer”
Malwarebytes will ask what type of computer you’re installing it on. Click either Personal Computer or Work Computer, whichever applies.
Start the Scan
Click the “Scan” button. Malwarebytes will automatically update its detection database and begin checking your Mac for malware.
Wait for the Scan to Finish
Malwarebytes will scan your Mac for adware, browser hijackers, and other malicious programs. This can take a few minutes, so feel free to do something else — just check back occasionally to see the progress.
Quarantine the Detected Threats
When the scan is done, you’ll see a list of everything Malwarebytes found. Click the “Quarantine” button to remove all the threats at once.
Restart Your Mac
Malwarebytes will now remove all the malicious files it found. Some threats can only be fully removed after a reboot — if Malwarebytes asks you to restart, allow it. Once you’re logged back in, your Mac is clean.
Once the scan is done, remove every threat it detected. Your Mac is now free of adware, rogue browser extensions, and other potentially harmful software.
If your current antivirus allowed a malicious program on your computer, you might want to consider purchasing the full-featured version of Malwarebytes Anti-Malware to protect against these types of threats in the future. If you are still experiencing problems while trying to remove a malicious program from your computer, please ask for help in our Mac Malware Removal Help & Support forum.
Run a Malware Scan with Malwarebytes for Android
Malwarebytes for Android automatically detects and removes dangerous threats like malware and ransomware so you don’t have to worry about your most-used device being compromised. Aggressive detection of adware and potentially unwanted programs keeps your Android phone or tablet running smooth.
Download Malwarebytes for Android.
You can download Malwarebytes for Android by clicking the link below.
In the Google Play Store, tap “Install” to install Malwarebytes for Android on your device.
When the installation process has finished, tap “Open” to begin using Malwarebytes for Android. You can also open Malwarebytes by tapping on its icon in your phone menu or home screen.
Follow the on-screen prompts to complete the setup process
When Malwarebytes will open, you will see the Malwarebytes Setup Wizard which will guide you through a series of permissions and other setup options. This is the first of two screens that explain the difference between the Premium and Free versions. Swipe this screen to continue. Tap on “Got it” to proceed to the next step. Malwarebytes for Android will now ask for a set of permissions that are required to scan your device and protect it from malware. Tap on “Give permission” to continue. Tap on “Allow” to permit Malwarebytes to access the files on your phone.
Update database and run a scan with Malwarebytes for Android
You will now be prompted to update the Malwarebytes database and run a full system scan.
Click on “Update database” to update the Malwarebytes for Android definitions to the latest version, then click on “Run full scan” to perform a system scan.
Wait for the Malwarebytes scan to complete.
Malwarebytes will now start scanning your phone for adware and other malicious apps. This process can take a few minutes, so we suggest you do something else and periodically check on the status of the scan to see when it is finished.
Click on “Remove Selected”.
When the scan has been completed, you will be presented with a screen showing the malware infections that Malwarebytes for Android has detected. To remove the malicious apps that Malwarebytes has found, tap on the “Remove Selected” button.
Restart your phone.
Malwarebytes for Android will now remove all the malicious apps that it has found. To complete the malware removal process, Malwarebytes may ask you to restart your device.
After the scan, tap Remove Selected to delete all detected threats. Your Android phone is now clean — no more malicious apps, adware, or browser redirects.
If your current antivirus allowed a malicious app on your phone, you may want to consider purchasing the full-featured version of Malwarebytes to protect against these types of threats in the future. If you are still having problems with your phone after completing these instructions, then please follow one of the steps:
Restore your phone to factory settings by going to Settings > General management > Reset > Factory data reset.
Now that your device is clean, keep it that way. Most infections start with a malicious ad or a fake download button — so blocking them at the source is your best defense.
We recommend AdGuard, which blocks malicious ads, phishing pages, and dangerous redirects before they can reach you.
The “You visited some hacked websites with exploit” email scam is nothing more than a cleverly worded hoax designed to exploit fear, shame, and panic. These scammers don’t have access to your webcam. They haven’t installed malware. And they definitely haven’t recorded any compromising video.
Their strength lies not in hacking skills, but in social engineering. They craft believable lies, hide behind anonymity, and pressure victims into making impulsive, emotional decisions. But once you understand their tactics, their power vanishes.
If you receive a message like this:
Do not panic
Do not pay
Do not respond
Instead, treat it like what it is — a mass-produced scam built to steal from as many people as possible. Protect yourself by strengthening your passwords, enabling two-factor authentication, scanning for malware, and staying informed.
And most importantly, talk about it. These scams thrive in silence and shame. The more people know the truth, the less likely they are to fall victim.
You’re not alone, and you’re not helpless. With the right knowledge and tools, you can protect your digital life from these manipulative tactics — and help others do the same.
Frequently Asked Questions
What is the “You Visited Some Hacked Websites With Exploit” email scam?
This scam is a type of sextortion phishing email that falsely claims the sender hacked your device after you visited a hacked website. The scammer pretends to have gained control over your camera and microphone, allegedly recording a compromising video of you. They demand a ransom in Bitcoin, threatening to release the video to your contacts if you don’t pay. In reality, there is no malware, no hacked device, and no video.
Is the email saying I was recorded visiting adult websites real?
No, this email is completely fake. It’s designed to scare you into believing your privacy has been violated. Scammers use generic threats, technical jargon, and emotional manipulation to push victims into paying quickly. There is no actual recording or video of you, and your device was not compromised just by receiving or reading the email.
Did I really get hacked by visiting a website?
No. The claim that you visited a “hacked website with an exploit” is false and misleading. These emails are sent in bulk and do not target you specifically. They are part of a mass scam campaign. Unless you downloaded and ran malicious software, or visited a phishing page and entered sensitive data, you were not hacked.
Should I pay the $1,290 ransom in Bitcoin?
Never pay the ransom. Paying not only rewards criminal behavior, but it also puts you at greater risk. Victims who pay often become repeat targets, as scammers now know they can be manipulated. There is no guarantee that the scammer will stop contacting you or delete any so-called “evidence.”
What happens if I pay the scammer?
If you send the money, several things may happen:
The scammer may demand more money later.
Your email may be added to a “sucker list” shared among cybercriminals.
You may experience further harassment or threats.
You’ll never recover the money, as Bitcoin payments are irreversible.
Is my computer infected with a Trojan or malware?
It’s highly unlikely. These scams are based on lies and psychological tricks, not real malware. However, for peace of mind, you should run a full antivirus and anti-malware scan using reputable tools like Malwarebytes, Bitdefender, or Windows Defender. This ensures your device is clean and gives you confidence moving forward.
How do scammers make the email look so convincing?
Scammers use several tactics:
Stolen email addresses from past data breaches
Spoofed email headers to make it appear as though the message came from your own account
Technical language to simulate hacking
Emotional storytelling to gain sympathy
Urgency and threats to discourage rational thinking
These are all forms of social engineering, not proof of any real intrusion.
Why does the email say the countdown started when I opened it?
This is a bluff. The email claims that a timer starts once you read the message, but standard emails cannot track when they are opened, unless they include tracking pixels (which this type of scam rarely does). Even if they did, they would not be able to trigger a countdown or monitor your activity as claimed.
What should I do if I opened the scam email?
Opening the email does not infect your device. Scam emails like this are only dangerous if you:
Click on links to malicious websites
Download and run attachments
Share sensitive information
Simply reading the message is safe. Still, it’s wise to mark the email as spam or phishing and delete it.
How do I report the “You Visited Some Hacked Websites With Exploit” scam?
You can report the scam to help stop the spread and alert authorities. Here’s how:
Should I change my passwords after receiving this scam?
If you’re reusing passwords or suspect your email was involved in a data breach, yes — you should change your email and other account passwords immediately. Also, enable two-factor authentication (2FA) to strengthen your account security.
Use a tool like haveibeenpwned.com to check if your email was exposed in a known breach.
Can the scammer really access my webcam or microphone?
No. The claim that they turned on your webcam or microphone remotely using malware is completely fake. Without you installing malicious software or explicitly granting permissions, external access to your camera is not possible. Most devices have hardware-level controls or notification lights that show when the camera is active.
Why do scammers say not to go to the police?
Scammers include warnings against contacting the police to isolate the victim. They falsely claim they are untraceable because they use TOR or fake return addresses. This is meant to intimidate and prevent you from seeking help. You should always feel free to contact law enforcement or cybercrime authorities, especially if you’re feeling harassed or threatened.
Can I ignore the email and move on?
Yes, in most cases, simply ignoring and deleting the email is enough. But it’s still a good idea to:
Change important passwords
Enable 2FA
Run a malware scan
Inform others so they don’t fall for the same scam
Remaining calm and informed is the best protection against email extortion scams.
10 Rules to Avoid Online Scams
Here are 10 practical safety rules to help you avoid malware, online shopping scams, crypto scams, and other online fraud. Each tip includes a quick “if you already got hit” action.
Stop and verify before you click, log in, download, or pay.
Most scams win by creating urgency. Verify using a trusted method: type the website address yourself, use the official app, or call a known number (not the one in the message).
If you already clicked: close the page, do not enter passwords, and run a malware scan.
Keep your operating system, browser, and apps updated.
Updates patch security holes used by malware and malicious ads. Turn on automatic updates where possible.
If you saw a scary “update now” pop-up: close it and update only through your device settings or the official app store.
Use layered protection: antivirus plus an ad blocker.
Antivirus helps block malware. An ad blocker reduces scam redirects, phishing pages, and malvertising.
If your browser is acting weird: remove unknown extensions, reset the browser, then run a full scan.
Install apps, software, and extensions only from official sources.
Avoid cracked software, “keygens,” and random downloads. During installs, choose Custom/Advanced and decline bundled offers you do not recognize.
If you already installed something suspicious: uninstall it, restart, and scan again.
Treat links and attachments as untrusted by default.
Phishing often impersonates delivery services, banks, and popular brands. If it is unexpected, do not open attachments or log in through the message.
If you entered credentials: change the password immediately and enable 2FA.
Shop safely: research the store, then pay with protection.
Be cautious with brand-new stores, “closing sale” stories, and prices that make no sense. Prefer credit cards or PayPal for dispute options. Avoid wire transfers, gift cards, and crypto payments.
If you already paid: contact your card issuer or PayPal quickly to dispute the transaction.
Crypto rule: never pay a “fee” to withdraw or recover money.
Common patterns include fake profits, then “tax,” “gas,” or “verification” fees. Another is a “recovery agent” who demands upfront crypto.
If you already sent crypto: stop paying, save evidence (wallet addresses, TXIDs, chats), and report the scam to the platform used.
Secure your accounts with unique passwords and 2FA (start with email).
Use a password manager and unique passwords for every account. Enable 2FA using an authenticator app when possible.
If you suspect an account takeover: change passwords, sign out of all devices, and review recent logins and recovery settings.
Back up important files and keep one backup offline.
Backups protect you from ransomware and device failure. Keep at least one backup on an external drive that is not always connected.
If you suspect infection: do not connect backup drives until the system is clean.
If you think you are a victim: stop losses, document evidence, and escalate fast.
Move quickly. Speed matters for disputes, account recovery, and limiting damage.
Stop payments and contact: do not send more money or respond to the scammer.
Call your bank or card issuer: block transactions, replace the card if needed, and start a dispute or chargeback.
Secure your email first: change the email password, enable 2FA, and remove unfamiliar recovery options.
Secure other accounts: change passwords, enable 2FA, and log out of all sessions.
Scan your device: remove suspicious apps or extensions, then run a full malware scan.
Save evidence: screenshots, emails, order pages, tracking pages, wallet addresses, TXIDs, and chat logs.
Report it: to the payment provider, marketplace, social platform, exchange, or wallet service involved.
These rules are intentionally simple. Most online losses happen when decisions are rushed. Slow down, verify independently, and use payment methods and account controls that give you recourse.
Thomas is an expert at uncovering scams and providing in-depth reporting on cyber threats and online fraud. As an editor, he is dedicated to keeping readers informed on the latest developments in cybersecurity and tech.
