How to Tell If a Sextortion Email Is Real or a Fake: Signs, Proof, and What to Do Next

Getting a sextortion email can feel like an instant punch to the stomach—because the message is designed to trigger panic. These emails often claim the sender hacked your device, recorded you through your webcam, or obtained explicit material and will expose you unless you pay quickly.

Sextortion is a rapidly growing form of cybercrime, with the FBI noting a significant increase in reported cases. Scammers blast out millions of these threatening emails, hoping to scare a small percentage of recipients into paying. The vast majority of these emails are complete bluffs. This guide is designed to help you cut through the fear, identify the signs of a fake scam, and give you a clear action plan to protect yourself and verify the threat.

Quick Answer: Is a Sextortion Email Usually Real?

Usually, no. The most common sextortion emails are template-based blackmail scams: the sender claims they hacked your device and recorded compromising footage, then demands cryptocurrency. The FTC has explicitly warned people not to pay and to delete these messages.

However, if the email includes specific, verifiable proof (for example, real private images or accurate details that aren’t publicly available), you should treat it as more serious and follow the steps in this article to preserve evidence, secure accounts, and report it.

12 Signs the Sextortion Email Is Fake

1) The email says it’s “from your own address”

This is one of the most effective scare tactics—and one of the most misunderstood.

Scammers can forge the “From” field so it looks like the message came from you. That’s called email spoofing. It does not necessarily mean your email account was accessed or that the email was actually sent from your mailbox. Netsafe specifically warns that emails appearing to come from your own address are likely spoofed. Netsafe

What you can check (safely):

• Look at your Sent folder (and “Sent” in webmail + phone mail app). If it’s not there, that’s a strong sign it wasn’t sent from your account.
• Check recent login/security activity in your email provider (Google/Microsoft/Apple often show sign-in history). If there’s no suspicious login, spoofing is even more likely.

2) It’s vague and reads like a script

Fake sextortion emails are usually written so they can be sent at scale. If the message says things like “I saw you on adult sites” but never names a site, never references a real date/time, and never mentions anything uniquely tied to you, that’s a major giveaway.

A real blackmail attempt typically includes at least one specific anchor (a real screenshot, a real filename, a real detail). Scam emails avoid specifics because they don’t have them.

3) No actual proof is included

A very common pattern is: “I have a video of you” … followed by zero proof. No attachment. No screenshot. No accurate description. No time stamp. No device detail. Just threats. That’s not accidental—if they had real leverage, they would often provide a “sample” to push compliance. Most scammers can’t, because the claim is fabricated.

4) The message uses extreme urgency

Deadlines like “24 hours” or “48 hours” are pressure tactics meant to short-circuit your decision-making. The FTC describes these blackmail-style emails as scams and advises people to stop, don’t pay, and delete. When you see urgency, translate it as: “They don’t want you to verify.”

5) They demand cryptocurrency

Crypto is popular with criminals for one reason: it’s hard to reverse and easy to move. The FTC has specifically warned about Bitcoin blackmail/sextortion-style emails and gives blunt guidance: don’t pay.  If the email pushes Bitcoin/Litecoin/Monero, that alone strongly points to a scam campaign.

6) “I installed Pegasus” (or other named spyware)

Name-dropping famous spyware is a credibility hack. It’s meant to make you think: “That’s a real tool—so this must be real.”

The UK’s National Cyber Security Centre (NCSC) has published guidance on sextortion scams and how to protect yourself—these campaigns often rely on fear rather than genuine compromise. And security reporting has documented scam waves explicitly using “Pegasus” as a scare tactic.

7) They include an old password you recognize

This is the “oh no” moment for most people.

If a message includes a password you used years ago, it can still be part of a mass scam. Those passwords often come from historic data breaches and credential dumps, then get pasted into emails to create the illusion of access. EFF has described this exact tactic: stolen passwords used as a lure, even when the sender hasn’t actually hacked you.

What it means (usually): your email+password combo was exposed at some point—not that your device is currently controlled.

8) Their technical claims don’t add up

Many sextortion scam emails try to sound “hacker-ish,” but the details are fuzzy or wrong.

Common contradictions:

• They claim they hacked you “months ago,” but can’t name your device, your operating system, or any specific app.
• They claim they used your webcam, but offer no proof—and many people don’t even have a webcam enabled.
• They claim total control over everything, yet they still need your money “or else” rather than just taking it.

Scammers keep it vague because specifics are where lies fall apart.

9) They threaten to contact “all your friends” but show no contact list

If someone truly had your contacts, one easy way to prove it would be to list a few names/emails (even partially redacted). Most sextortion scam emails don’t do this. Instead they say “I have all your contacts” and hope you imagine the worst. Fear fills in the blanks for them.

10) The writing is inconsistent

Scam templates are often stitched together, translated, or auto-generated. Signs include:

• Sudden tone shifts (formal → abusive → formal)
• Weird phrases that feel copied and pasted
• Generic sign-offs like “Regards” after aggressive threats

This alone isn’t definitive, but when combined with other signs (crypto, urgency, no proof), it supports the “template scam” conclusion.

11) They want you to click a link or open an attachment

This is a huge red flag because it can turn a fake threat into a real compromise.

Many campaigns include:

• A “proof” link (phishing page)
• A PDF attachment (sometimes with malicious links)
• A “payment instructions” file

The safe move is: don’t click and don’t open unexpected attachments. Government and law-enforcement guidance on these scam patterns emphasizes avoiding unsafe interactions and taking protective steps instead.

12) Multiple people online report identical wording

Sextortion email scams often reuse the same lines for weeks or months. If you search a distinctive sentence in quotes (leave out your personal details), you’ll often find others received the exact same template.

This is one of the fastest “sanity checks” because real blackmail attempts are usually more personalized.

When a Sextortion Email Might Be Real

Most sextortion emails are scams—but a small number of cases are real. The key difference is context and proof, not how scary the message sounds. You should take the situation more seriously if it matches one or more of the scenarios below.

Clear, Verifiable Proof Is Provided

Real sextortion attempts usually include actual evidence, not vague claims. This may be a real private photo or video, a screenshot from a real conversation, or accurate details that are not publicly available. Scam emails almost always avoid showing proof because they don’t have it.

Prior Intimate Online Interaction

If you recently shared intimate content or had explicit conversations on social media, messaging apps, or dating platforms—and the email references that specific interaction—this is different from generic “I saw you on adult sites” claims.

Signs of Account Compromise

A threat becomes more credible if it appears alongside real security issues, such as password reset emails you didn’t request, new login alerts from unfamiliar locations, or accounts being locked or taken over. Even in these cases, one pattern stays consistent: complying rarely ends the threat. Once contact and payment are established, demands often continue.

What to Do Immediately

When you receive a sextortion email, your goal is simple: stay in control, reduce risk, and avoid making the situation worse. Whether the threat is fake or potentially real, these steps help you protect yourself.

Do Not Engage With the Sender

Do not reply, negotiate, threaten, or ask for proof. Any response confirms that your email address is active and that the message caused distress. In many cases, this alone can trigger follow-up pressure or repeated demands.

Do Not Click Links or Open Attachments

Sextortion emails are often combined with phishing or malware attempts. Links and attachments can lead to fake payment pages, credential-stealing forms, or malicious downloads. Treat everything in the message as unsafe unless independently verified.

Preserve the Evidence First

Before deleting the email, take screenshots that clearly show the sender address, subject line, timestamps, and full message content. If you know how to view email headers, save those as well. Preserving evidence gives you options if you later decide to report the incident.

Check Whether Your Images Are Already Online

If the email threatens to leak photos or videos—or if you’re unsure whether any private images have already been shared—it helps to verify the situation instead of guessing. Using a reverse face search allows you to check whether images matching your face are appearing on public websites, impersonation accounts, or repost platforms. Tools like Erasa’s reverse face search are designed to help users discreetly scan for potential misuse of their likeness and identify where content may already be circulating:

Secure Your Email and Key Accounts

If the message includes a password you recognize, assume that credential was exposed at some point. Change your email password first, use a strong and unique replacement, and enable two-factor authentication (2FA).

Then review other important accounts—social media, cloud storage, financial services—and update any that reused similar passwords. Check for unfamiliar login activity and remove unknown sessions.

Report and Filter the Message

Once you’ve secured your accounts, mark the email as spam or phishing in your email provider. This reduces the chance of follow-up messages and helps improve filtering for future attacks.

FAQ

Should I delete the email right away?

If you haven’t saved evidence yet, take a screenshot first. After you’ve documented it and reported it as phishing/spam, deleting is fine. FTC guidance on these scam emails explicitly recommends deleting (after not paying).

The email had my old password—does that mean they hacked me?

Not necessarily. It often means your credentials were exposed in an older breach and reused in scam campaigns.

The email looks like it came from me—am I hacked?

Often no. That’s commonly spoofing, and Netsafe notes it’s unlikely your account is compromised solely based on that appearance. Still, change your password and enable 2FA to be safe.

What if I already paid?

Don’t pay again. Save all transaction details and report it to your local authorities and relevant cybercrime reporting channels. Then focus on securing accounts and preventing follow-up targeting.