Skip to content
Suggest a term
SupportedSecurityLast updated: June 1, 2026

Sextortion email scams

Sextortion emails claim that malware recorded the victim through their webcam while visiting adult websites and threaten to send the video to contacts. They include a real leaked password as false proof. The threats are nearly always empty - no recording exists.

What we know

Sextortion email scammers purchase large databases of email address and password pairs leaked in data breaches. They send automated emails that include the recipient's real (but old) password as apparent 'proof' of access to their computer. The email claims malware was installed through a malicious website and recorded the victim's screen and webcam simultaneously while viewing adult content, and that this recording will be sent to all contacts unless a payment of $1,000 to $3,000 in Bitcoin is made within 24 to 48 hours.

In the vast majority of cases, no such recording exists. The scammer has only the email-password pair from a breach database and nothing else. The email address and password together are used purely for psychological impact - to make the threat seem credible. If the victim has not reused that password on their current devices, the claim is definitively false. Even if the password was recently reused, no evidence exists of malware installation.

The FBI IC3 has noted sextortion as a growing category. The FBI specifically distinguishes this type (fraudulent threat) from actual sextortion involving real compromising images obtained through manipulation, which is a separate and more serious crime. For the email-based variant, the appropriate response is to not pay, not respond to the email, change any accounts where that password is still in use, enable two-factor authentication, and report the email to the FBI IC3. Paying encourages more targeting.

Common claims

  • The scammer really has a video of me from my webcamAlmost certainly false - email uses an old password as false proof, not actual access
  • Paying the ransom will make it stopFalse - payment marks you as a paying target and encourages further demands
  • If they have my old password, they must have my computerFalse - old passwords come from breach databases, not computer access

Evidence hierarchy

01FBI IC3 PSA on SextortionFBI advisory explaining how email sextortion works and guidance on not paying02FBI IC3 2024 Annual Report86,415 extortion complaints in 2024 (including sextortion variants)

All sources

Related terms

Phishing emailsRomance scamsMalicious QR code scams