How the scam works
You receive an email claiming the sender has hacked your device and recorded a compromising video of you, demanding payment in cryptocurrency or the video goes to your contacts. To seem credible, the email may appear to come from your own address (spoofing) or quote an old password of yours leaked in a past data breach.
A newer variant uses AI to create fake explicit images or deepfake video, sometimes built from ordinary photos taken from your social media, and threatens to publish them unless you pay.
Why it works and who is targeted
The scam runs on shame and panic. A real-looking detail like a genuine old password makes the bluff feel true, even though it was simply bought from a breach and not freshly stolen from you.
These emails are blasted to millions of addresses, so receiving one does not mean you were singled out or actually filmed. With AI deepfakes, scammers exploit the fear that a convincing fake could damage your reputation even though no real recording exists.
Warning signs in detail
Typical signs are a demand for crypto within a tight deadline, a threat to send material to your contacts, and a quoted password that is old or no longer in use. The message is almost always generic, with no genuine proof actually attached - just claims.
With deepfake threats, the supposed images may show inconsistencies, or the sender refuses to provide convincing evidence and instead simply repeats the threat to pressure you into paying.
How to protect yourself
Do not pay and do not reply - paying marks you as responsive and invites more demands. Delete the email, and if it quotes a password, change that password everywhere you still use it and turn on two-factor authentication.
Keep a copy as evidence and report it to the police; in Germany you can also turn to the Verbraucherzentrale or BSI for guidance. If AI-generated images of you are involved, document them and seek help from the platform and, if needed, legal advice - you have not done anything wrong.