These messages are usually sextortion scams: an email claims you watched porn, says your webcam recorded you, and demands money to avoid "sending the video" to your contacts. Sometimes the email includes an old password to make the threat feel real. The goal is panic and payment, not truth.
Safety note: you are not alone. Do not pay and do not negotiate. Preserve evidence, secure your accounts, and move reporting into official channels.
Start here (pick the situation)
| Situation | Do this first | Then do this |
|---|---|---|
| It is only an email (no real images/videos shown) | Preserve the email (headers if possible), then stop responding | Secure email and reused passwords, then report the scam |
| They sent real private images, videos, or screenshots | Preserve evidence and stop responding | Lock down accounts and reporting paths immediately |
| They claim to have hacked your device | Assume it might be a lie, but take containment steps | Check device and browser for compromise, then rotate credentials |
| The message mentions a password you recognize | Treat it as a credential leak signal | Change reused passwords everywhere and enable stronger sign-in |
If you want the broader playbook that covers blackmail and extortion scenarios beyond porn-themed emails, use how to fight online blackmail and digital extortion.
1) Preserve evidence without making it worse
Evidence is what lets platforms and authorities act. Save:
- The email as received (including sender address, subject line, and timestamps).
- Any usernames, wallet addresses, payment requests, links, and attachments.
- If they contacted you on a platform, screenshots of the profile and the conversation.
If the scam is in email, look for the option in your mail client to view or download message headers. Headers can show where the message actually came from, even when the display name is faked.
2) Stop escalation: do not pay, do not reply, do not send more information
Paying does not buy deletion. It teaches the attacker that you will pay, and many campaigns escalate after payment. Replying also creates signal that the address is active, which can increase future targeting.
Common mistake: sending "proof" photos or additional personal details to convince the attacker to stop. That creates new leverage.
3) Secure the control plane (email first)
Even when the scam is fake, the right response strengthens your real security. Start with the inbox that can reset other accounts:
- Change your email password to a long, unique password stored in a password manager.
- Enable stronger sign-in on email (passkeys or app-based 2FA where available).
- Review mailbox forwarding rules, filters, and recovery email/phone settings for anything you did not add.
- Sign out of other sessions if your provider supports it.
If you suspect broader account compromise, follow been hacked: take these steps immediately before you start rotating passwords everywhere.
4) Treat any reused password as burned
If the email includes a password you recognize, it usually means the password was exposed in a breach or via malware at some point. The fix is not to "disprove" the scam. The fix is to remove the attacker's easiest path: password reuse.
- Change the password anywhere you used that same password.
- Turn on stronger sign-in for your most important accounts (email, Apple/Google, bank, main social accounts).
- Start using a password manager so you can keep passwords unique without relying on memory.
5) If they claim they recorded you through a webcam
Most campaigns do not have device access. But if you want to be confident:
- Run an OS malware scan and update your operating system and browser.
- Audit browser extensions and remove anything you do not recognize.
- Check webcam and microphone permissions for apps and browsers and revoke what you do not need.
6) Report through official channels
Reporting helps build cases against repeat campaigns and can support takedowns. Use:
- FBI guidance on sextortion: sextortion resources
- IC3 public guidance on sextortion campaigns: IC3 PSA on sextortion
Also report the message inside your email provider as phishing or spam. Provider reporting improves filtering and can reduce future delivery.
Most porn-themed blackmail emails are designed to hijack your attention and bypass your normal judgment. The correct response is procedural: preserve evidence, secure the accounts that can reset other accounts, and remove password reuse as a shortcut.
That process does two things at once. It reduces the chance that you pay a scam, and it reduces the chance that an unrelated attacker can actually compromise your accounts later.
When the control plane is stable and passwords are unique, these messages lose their leverage. They become noise you can ignore, report, and delete without carrying the fear forward.