← All guides
June 2, 2026 · 4 min read

Sextortion Email Scam: Why You Shouldn't Pay

Got an email claiming a hacker filmed you through your webcam and demanding Bitcoin? It's an empty threat. Here's how the sextortion email scam works and exactly what to do.

Short answer: an email claiming a hacker installed malware, recorded you through your webcam, and will send the video to your contacts unless you pay Bitcoin is almost always an empty bluff. There is no video. These are mass-sent scare emails — the same message goes to millions of people.

It's deeply unsettling, especially when the email includes a real password or your phone number. Here's why that doesn't mean what it claims, and what to do.

Quick check: Don't pay, don't reply, and don't panic. The "video" doesn't exist. Any password shown was scraped from an old data breach, not from spying on you.

How the sextortion scam works

The email follows a script designed to frighten you into paying fast:

  1. The claim. "I hacked your device and recorded you through your camera while you visited an adult site."
  2. The proof (fake). It may quote an old password of yours, your phone number, or even spoof your own email address as the "sender" to seem like they're inside your account.
  3. The threat. Pay a few hundred to a few thousand dollars in Bitcoin within 24–48 hours, or they'll send the footage to your family, friends, and coworkers.
  4. The pressure. A countdown, and warnings not to reply or tell anyone.

Increasingly the threat arrives as a PDF attachment instead of email text, to slip past spam filters — but the bluff is identical.

Why the "proof" is meaningless

  • A leaked password comes from a past data breach, not from hacking your camera. Billions of old credentials circulate online; scammers paste one in to scare you. (If you still use it anywhere, change it now.)
  • A spoofed "from" address doesn't mean they control your account — sender addresses are easily forged.
  • There is no video. The email is sent in bulk to huge lists; it isn't personalized to anything you actually did.

Check whether your info was in a breach

If the email quoted a real password, it almost certainly came from a past data breach — a database of stolen logins that gets traded and reused. Two useful steps:

  • Look up your email in a reputable breach-notification service to see which past breaches included you.
  • Stop reusing the exposed password anywhere. If the same password protects other accounts, change them all and switch to unique passwords with a password manager.

This is the one genuinely useful thing to come out of a sextortion email: it's a reminder to retire an old, leaked password before someone uses it for a real account takeover.

What to do

  1. Don't pay. Paying marks you as a target and funds the operation; there's nothing to "release."
  2. Don't reply — any response confirms a live, reachable person.
  3. Change any password the email quotes, everywhere you used it, and turn on two-factor authentication. A password manager makes each login unique.
  4. Cover or close your laptop camera if it eases your mind, though no footage exists.
  5. Report and delete. Report to the FBI's IC3 at ic3.gov and the FTC at reportfraud.ftc.gov, then delete the email.

If you already paid

You likely can't recover crypto once sent, but report it to IC3 and the FTC right away, and don't pay again — paying never ends the demands. See how to report a scam email.

Still rattled? Get a calm second opinion

These emails are written to make you feel cornered and alone. If one has you worried, forward it to FraudRoom at check@fraudroom.com for a clear, judgment-free read — you'll get confirmation of what it actually is and the safest next step.

FAQ

The email has my real password — does that mean I was hacked?

No. That password almost certainly came from an old data breach, not from spying on you. It's pasted in to scare you. Change it wherever you still use it and enable two-factor authentication, but the recording claim is a bluff.

The email looks like it came from my own address — am I compromised?

Not necessarily. Scammers spoof the "from" field to make it look like they sent it from your account. Check your account's recent activity to be sure, but spoofing alone doesn't mean they have access.

Should I pay the Bitcoin demand to be safe?

No. There is no video to release. Paying only marks you as a willing target and invites more demands. Report it and delete it.

Key takeaways

  • The webcam "recording" doesn't exist — it's a mass-sent bluff.
  • A quoted password came from a breach, not from hacking your camera.
  • Never pay or reply; change any exposed password and enable 2FA.
  • Report to IC3 and the FTC, then delete the email.

Not sure about a message?

Forward it to check@fraudroom.com and get a plain-English scam check in minutes.

Try it free — 5 checks, no card