If you’ve received a threatening email claiming hackers have videos of you, demanding payment in Bitcoin – you’re not alone. These scam emails have been circulating for years, and they’re almost always bluffs.
How the Scam Works
Criminals get your email address (and sometimes an old password) from data breaches. Major breaches have exposed billions of contact records over the years.
Armed with this data, scammers send threatening emails claiming:
- Your device was infected with malware
- They recorded you through your webcam
- They have embarrassing videos or data
- They’ll send it to your contacts unless you pay (usually in Bitcoin)
Why It Looks Convincing
The email appears to come from your own address. This is a simple spoofing trick – it doesn’t mean they hacked you. Check your Sent folder; you won’t find any such email there.
They include an old password you actually used. This password came from a data breach, not from hacking your device. If it’s an old password you no longer use, that confirms it.
They refuse to provide proof. They claim that if you ask for evidence, they’ll release everything. Convenient excuse – they have nothing.
What You Should Do
1. Don’t panic. Panic is what they’re counting on.
2. Don’t pay. It’s a bluff. Paying only confirms you’re a responsive target.
3. Check if you’ve been breached. Visit Have I Been Pwned to see if your email appeared in known data breaches.
4. Change your passwords. Use strong, unique passwords for each site. Include uppercase, lowercase, numbers, and symbols. Never reuse passwords.
5. Enable two-factor authentication. Add this to email and social media accounts. Even if someone has your password, they can’t access your account without the second factor.
6. Check your account activity. In Gmail, check “Last account activity” at the bottom right. Sign out of any suspicious sessions.
7. Mark it as spam/phishing. Don’t reply, don’t click links, just delete or report it.
General Security Habits
- Use good antivirus software and keep it updated
- Cover or disable your webcam when not in use
- Never click links in emails from unknown senders
- Be cautious with video chats with strangers
- Regularly review security settings on all accounts
These safety practices aren’t just for when there’s a breach – they should be standard habits for anyone online.