The Email Claiming a Hacker Saw You On Camera: Phended

One of the nastier scam emails going around shows you one of your real passwords and claims a hacker has been recording you through your webcam. They demand Bitcoin within 48 hours or they’ll send the video to everyone in your contacts. The email feels like a punch to the chest. The good news: it’s a bluff. No video exists. Here’s how the scam works and why you can safely delete it.

Anyone whose email address has ever been in a data breach, which is most internet users
Older adults, who are more likely to panic and pay
Anyone who has ever watched adult content online, because the email leans hard on that specific fear
Small business owners, who may be extra worried about reputation damage
Parents and professionals whose inboxes fill up with scary messages they don’t have time to investigate

The emails are sent to millions of addresses. Even if you’ve never visited the kind of site they mention, the email still lands.

The attacker buys a breach list. A cheap list of email-and-password pairs from a years-old data breach. Millions of names for a few dollars.
The email goes out. They send the same scary email to everyone on the list, personalized with each person’s real old password as “proof” that they hacked the person.
The claim. The email says they installed malware on your computer, watched your webcam while you browsed certain sites, and recorded video of you. They have your contacts. They’ll send the video to everyone you know.
The ransom. They demand Bitcoin. Usually between $500 and $2,000. They give you a wallet address and a short deadline.
The bluff. There is no video. There is no malware on your computer. The only thing they actually have is that one old password from a breach you probably forgot about. That password is often a decade old.

A small percentage of recipients, panicked and embarrassed, pay. That’s the whole business model.

An email that includes one of your real passwords in the subject line or the first paragraph
Threats involving a webcam video, adult sites, or embarrassing content being sent to your contacts
A Bitcoin wallet address and a short deadline (24 to 72 hours)
An email that was sent to you from your own email address, which is a cheap trick to look scarier
Wording that tries to sound like a tech-savvy hacker: “I have full access”, “I control your device”, “I have installed keylogger and RAT”
Usually bad grammar mixed with tech vocabulary
No actual evidence attached. No video. No screenshots of your “contacts”. Nothing specific to you besides the password.

Here is an image of the email that is being sent around, usually with the Subject Line like - YOU HAVE BEEN HACKED:

Poorly written email with no proof of compromise and coloured numbers acting as spaces. Clearly a low effort attempt.

Don’t pay. Paying confirms to the scammer that your email is live and that you will pay. You’ll get more of these. Never engage.
Take a breath. There is no video. Even if the password in the email is real, that just means your email was in an old breach. It doesn’t mean anyone has video of you. It’s a bluff sent to millions of people.
Check which breaches your email is in. Go to haveibeenpwned.com. The password in the scam email was almost certainly stolen in one of the breaches listed there. If you still use that password anywhere, change it now. Everywhere.
Start using a password manager. A different, random password for every account means one breach can’t cascade. If you have an iPhone or Mac, the Apple Passwords app is free and already installed. Our course Simple Strategies to Be Secure Online walks through setup.
Turn on two-step verification on your email. Your email is the master key to every other account. Protect it first.
If you want to cover the webcam, cover the webcam. A small sticky note or a sliding webcam cover costs a few dollars. It’s overkill for this scam, but it’s peace of mind and nobody will ever judge you for it.
Report the email. Forward it to the Canadian Anti-Fraud Centre at [email protected]. In the US, report to the FBI’s IC3. Forward it to your email provider’s abuse address too. Then delete it.

The whole scam rests on one feeling: shame. The scammer doesn’t need real evidence. They just need you to feel like you can’t ask anyone for help. The moment you realize millions of people got the exact same email, the fear disappears. Delete it, change any reused passwords, and move on with your day.

If an email like this just landed in your inbox and you’re not sure what to do, paste the details (minus your password) into Dave and he can confirm it’s the same scam everyone else is getting.

Related: our post on What to Do When a Data Breach Hits the News covers the checklist for how your email and password ended up in a list like this in the first place.

Know someone older who might panic at a message like this? Forward this post. The peace of mind of knowing it’s a bluff is the best gift you can give them today.

Anyone whose email address has ever been in a data breach, which is most internet users
Older adults, who are more likely to panic and pay
Anyone who has ever watched adult content online, because the email leans hard on that specific fear
Small business owners, who may be extra worried about reputation damage
Parents and professionals whose inboxes fill up with scary messages they don’t have time to investigate

The emails are sent to millions of addresses. Even if you’ve never visited the kind of site they mention, the email still lands.

The attacker buys a breach list. A cheap list of email-and-password pairs from a years-old data breach. Millions of names for a few dollars.
The email goes out. They send the same scary email to everyone on the list, personalized with each person’s real old password as “proof” that they hacked the person.
The claim. The email says they installed malware on your computer, watched your webcam while you browsed certain sites, and recorded video of you. They have your contacts. They’ll send the video to everyone you know.
The ransom. They demand Bitcoin. Usually between $500 and $2,000. They give you a wallet address and a short deadline.
The bluff. There is no video. There is no malware on your computer. The only thing they actually have is that one old password from a breach you probably forgot about. That password is often a decade old.

A small percentage of recipients, panicked and embarrassed, pay. That’s the whole business model.

An email that includes one of your real passwords in the subject line or the first paragraph
Threats involving a webcam video, adult sites, or embarrassing content being sent to your contacts
A Bitcoin wallet address and a short deadline (24 to 72 hours)
An email that was sent to you from your own email address, which is a cheap trick to look scarier
Wording that tries to sound like a tech-savvy hacker: “I have full access”, “I control your device”, “I have installed keylogger and RAT”
Usually bad grammar mixed with tech vocabulary
No actual evidence attached. No video. No screenshots of your “contacts”. Nothing specific to you besides the password.

Here is an image of the email that is being sent around, usually with the Subject Line like - YOU HAVE BEEN HACKED:

Don’t pay. Paying confirms to the scammer that your email is live and that you will pay. You’ll get more of these. Never engage.
Take a breath. There is no video. Even if the password in the email is real, that just means your email was in an old breach. It doesn’t mean anyone has video of you. It’s a bluff sent to millions of people.
Check which breaches your email is in. Go to haveibeenpwned.com. The password in the scam email was almost certainly stolen in one of the breaches listed there. If you still use that password anywhere, change it now. Everywhere.
Start using a password manager. A different, random password for every account means one breach can’t cascade. If you have an iPhone or Mac, the Apple Passwords app is free and already installed. Our course Simple Strategies to Be Secure Online walks through setup.
Turn on two-step verification on your email. Your email is the master key to every other account. Protect it first.
If you want to cover the webcam, cover the webcam. A small sticky note or a sliding webcam cover costs a few dollars. It’s overkill for this scam, but it’s peace of mind and nobody will ever judge you for it.
Report the email. Forward it to the Canadian Anti-Fraud Centre at [email protected]. In the US, report to the FBI’s IC3. Forward it to your email provider’s abuse address too. Then delete it.

If an email like this just landed in your inbox and you’re not sure what to do, paste the details (minus your password) into Dave and he can confirm it’s the same scam everyone else is getting.

Related: our post on What to Do When a Data Breach Hits the News covers the checklist for how your email and password ended up in a list like this in the first place.

Know someone older who might panic at a message like this? Forward this post. The peace of mind of knowing it’s a bluff is the best gift you can give them today.

The Email Claiming a Hacker Saw You On Camera

Never miss an alert

Keep reading

Apple's Own System Used to Send Phishing Emails

How to Spot the Fake Jobs That Launder Money

Why Scam Links Now Come From Places You Trust