The 'I Recorded You Through Your Webcam' Email Is a Bluff. Here's Proof

The sextortion email that claims to have webcam footage and demands Bitcoin is a mass bluff. Why it names your real password, why it's empty, and what to actually do.

By the StoryCheck Team6 min read

If you got an email claiming a hacker recorded you through your webcam while you visited an adult site and demanding Bitcoin to keep it private, it is a bluff. There is no video. This is a mass-sent template, blasted to millions of addresses at once, and it works purely on fear and one clever trick: it often shows you a real password of yours to seem legitimate. That password did not come from your webcam. It came from an old data breach.

A person looking worried during a call from an unknown number
The password it quotes came from a breach, not your webcam.

How the bluff is built

The scammer buys a breach dump pairing emails with old passwords, then automates an email to each one: your password inserted for credibility, a story about webcam footage, a Bitcoin address, and a 48-hour deadline. Newer versions attach a photo of your house pulled from Street View using a leaked address, which feels deeply personal but is the same automated trick with one more public data point. Nothing in it is specific to you as a person.

What to actually do

1

Do not pay and do not reply

Paying marks you as someone who pays, guaranteeing more demands. Replying confirms the address is read.

2

Change any password it showed you

If that password is still in use anywhere, change it there and everywhere it repeats. Turn on two-factor.

3

Check your exposure

See which breaches your email appears in so you know what else leaked alongside it.

4

Report and delete

Report to the FBI's IC3, then delete. Cover your webcam if it makes you feel better; it changes nothing about this bluff.

Who sent it (and why it barely matters)

The sending address is almost always spoofed or a burner, sometimes even your own address faked to seem like proof of access. You can read the headers to confirm the spoofing, and you can run the address through a lookup, but the honest truth is these are sent in the millions by operations you will not personally trace. The value is in confirming, for your own peace of mind, that it is a template, not a targeted threat.

Run a private check on any phone number

Get a 60 second report with possible owner, line type, location signals, and risk indicators. The phone owner is not notified.

Run a check

Frequently asked questions

They knew my real password. Doesn't that mean they hacked me?

No. It means your email and an old password appeared together in a data breach, which the scammer bought. It is the single most common trick in these emails. Change that password if you still use it; that is the only real risk here.

Should I pay to make it go away?

Never. There is no video. Paying marks you as a payer and brings more demands. The email is a mass bluff sent to millions; you are not individually targeted.

Can I find out who sent a sextortion email?

The address is usually spoofed or disposable, and these are sent at industrial scale, so tracing the individual is rarely possible. Reading the headers confirms the spoofing; that confirmation is the useful part.

Related articles

Check the number. Know more.

Run a private 60 second report. The phone owner will not be notified.

Start your check
The Sextortion Email Scam: 'I Recorded You' Explained (2026) 路 StoryCheck