Cybersecurity researchers are warning about a fresh wave of sextortion emails circulating online, using the alarming subject line: “You pervert, I recorded you!” The message is the latest variation of the long-running “Hello pervert” scam that has been circulating for years.

According to a malware removal support team that recently flagged the campaign, the emails attempt to frighten recipients into paying $800 in Bitcoin by claiming their device was secretly infected with malware and used to record them through their webcam.

How the Scam Works

In the email, the sender claims the victim’s device was compromised through a so-called “drive-by exploit.” The message states that simply visiting a malicious website with an outdated browser allowed the attacker to install malware and gain full access to the victim’s accounts and device.

The scammer then escalates the threat by claiming they recorded footage of the recipient engaging in private activities through their webcam. The email warns that the video will be sent to friends, family members, and social media contacts unless the victim pays the demanded ransom.

To make the threat appear more convincing, the attacker includes a real password that once belonged to the recipient. The message also lists cryptocurrency exchanges where the victim can buy Bitcoin and provides a wallet address for payment, giving the target four days to comply.

However, the message itself contains inconsistencies. Early in the email, the sender claims they have already removed the malware to “erase all traces,” but later promises to remove it after receiving payment—an obvious contradiction that signals the message is fraudulent.

Where the Password Came From

Investigators tracing the campaign noticed that many emails were sent by a sender identifying themselves as Jenny Green using the Gmail address JennyGreen64868@gmail[.]com. The emails were reportedly sent to addresses associated with FakeMailGenerator, a free disposable email service.

FakeMailGenerator provides temporary inboxes that users often rely on to bypass email verification steps or avoid spam. However, these inboxes are publicly accessible and typically do not require a login. Anyone who knows or guesses the inbox URL can view its contents.

Researchers believe scammers may be searching these public inboxes for passwords that appear in emails—such as those used during account registrations—and then reusing them in sextortion campaigns to make their threats seem credible.

Why Victims Should Not Panic

Despite the frightening claims, these emails are almost always a bluff. In most cases, scammers have no access to a victim’s device or webcam. The password included in the message typically comes from old data breaches, leaked databases, or publicly accessible inboxes, not from active malware infections.

The attackers rely on fear, embarrassment, and urgency to pressure victims into paying before they have time to think critically.

How to Protect Yourself

Security experts recommend several simple steps to stay safe from sextortion scams:

• Do not panic or rush. Scammers rely on emotional reactions to force quick payments.
• Do not reply to the email. Responding confirms the address is active and may lead to more scams.
• Change your password immediately if the email includes one you still use.
• Use a password manager to generate and store strong, unique passwords.
• Avoid opening suspicious attachments or links, especially from unknown senders.
• Do not use disposable email services for important accounts, since their inboxes may be publicly accessible.

For additional peace of mind, experts also recommend covering your webcam or turning it off when not in use.

While sextortion emails can be alarming, understanding how they work makes them far easier to ignore. Awareness remains the strongest defense against scams designed to exploit fear and embarrassment online.