The Bitcoin Extortion Scam Email: What It Is & How to Protect Yourself

Avoid getting duped by this clever scam

If you've received an email from yourself by someone claiming to have control of your system, and they demand bitcoin payment or they'll release information you'd rather not make pubic, you've been hit by the Bitcoin extortion email scam. The good news is it’s a farce and not nearly as threatening as it seems. The scammer is lying, as scammers do.

What Is the Bitcoin Extortion Scam Email?

The Bitcoin extortion scam email is also known as the “sextortion scam” or the “webcam blackmail” scam. While this email should have gone to your spam folder, some still manage to get through to your inbox.

A conceptual illustration of the bitcoin extortion email scam.
Lifewire / Theresa Chiechi

The idea is simple: You get an email claiming to have filmed or taken pictures of you doing things you wouldn't want public.The scammer threatens to distribute your photos and videos to your contacts if you don’t pay hundreds of dollars to some cryptocurrency address before a given deadline.

You can ignore and delete these emails. It does have variations, but many of them are well documented. Just check out the r/Scams subreddit. There are two interesting threads that relate to the Bitcoin extortion scam email. They are the Blackmail Email Scam Part 1 and Part 2.

How Does the Bitcoin Extortion Scam Email Work?

The scammer tells you they sent the email from your account to prove they have full control of your system, then point out the malware they installed on your system gives them full control of your camera, microphone, contacts, and so on.

They'll also make claims stating they know the email has been open, and there is now a time limit, usually between 48 hours and a few days. Afterwards, they'll pressured you to send hundreds of dollars to a specific Bitcoin address. They might even add a bit where they get you to imagine the damage to your social reputation when these compromising images are sent to all of your contacts, as well as point out that if the timer gets to zero without you having made the payment, your entire system will be shut down and you won’t have any access to it, permanently losing all of your important files and folders in the process.

The objective is to pressure you and increase the chances of you making the payment. However, most of the demands and claims are vague at best, and you should never give in to such emails.

How Do the Bitcoin Extortion Scammers Find Victims?

The most common way that these scammers find victims is on porn sites. When you visit some porn sites, Trojans and other malware get secretly installed into your system. This malware might be able to get control of your webcam, but not much else. That’s how they manage to take photos and videos of you. They’ll then get your email address from your account on the porn site and use it to email you.

Another way these scammers find victims is through massive breaches of large online service providers. In fact, scammers who get their victims from these breaches might use your password or a part of your phone number as part of the evidence that they have your details during the extortion.

How Do I Avoid Getting Involved in This Scam?

Install antivirus software so it screens any suspicious software trying to find its way into your system. A good antivirus should be able to catch a Trojan or any other kind of malware before it sneaks in. Second, educate yourself on how to spot a scam online.

Once you’re good at recognizing scam websites, it should be easy to know where to spend your time online and where not to.

I’m Already a Victim. What Should I Do?

First, take heart; you’re not a victim yet. This type of scam email is no more than a bunch of compelling but empty threats.

The scammers don't have control of your system, and spoofing an email is actually pretty easy. Most email services do a poor job of authenticating what’s in the fields labeled “From:” and “Reply to:” in an email, so a spammer could just enter your email in both fields and make it look like you sent yourself the email.

Even if they have infected your computer with malware, they have no way of gaining access to your contacts or any other intimate parts of your system. Sometimes they can’t even control your webcam. These emails are sent to millions of people who don’t even have a webcam.

The scammers are hoping you’re going to fit the exact profile they’re targeting. So the best advice is to do nothing to appease the scammers. You’re perfectly safe. Report the scam to save others from going through the same emotional ordeal.

How Do I Avoid Being Targeted for the Bitcoin Extortion Scam?

You need to know if your email address, accounts, and passwords might have been exposed in any large data breaches. A good place to check is the “Have I Been Pwned” website. It has millions of pwned account details from hundreds of websites. Just type your email into the search field and you’ll know if it’s been compromised. There’s also a new section for pwned passwords.

If you find that your email address has been exposed, you should change your passwords for every single site that suffered from a data breach, as well as any other site where you used the same password.

It's best to create strong passwords too, then try Dashlane’s calculator, which tells you how long it would take to crack your password. Just make sure it’s not one that was exposed in a breach.