Pay or We Leak Your Browsing History

You get an email from an address you don’t recognize. The subject line is your full name and a string of numbers. The message begins by stating that your computer was hacked months ago, and the scammer has recorded you visiting adult websites. They claim to have screenshots of your screen, keystrokes, and even your camera feed. The final demand is simple: pay a Bitcoin ransom within 48 hours, or they will send your entire browsing history to every contact in your email account. This scam, known as “Pay or We Leak Your Browsing History,” is one of the fastest-growing digital extortion schemes targeting middle-class Americans right now. If you are between 45 and 64, and you do most of your banking, shopping, and communication online, you are in this scammer’s crosshairs.

The first thing you need to understand is that in nearly all cases, the scammer has absolutely no evidence. They did not hack your computer. They did not record your screen. They did not turn on your webcam. The entire threat is built on a cheap bluff that relies on fear and embarrassment. The scammer obtains your email address and an old password from a data breach. There have been massive data leaks from companies like LinkedIn, Adobe, and more recently, massive credential dumps sold on the dark web. The scammer buys these lists for pennies and then sends out thousands of identical threats. They include your real password in the email—often an old one you used years ago—to make you believe they have deeper access. That password is the only piece of real information they have.

This scam falls under the category of “sextortion,” a subset of digital threats that uses shame as a weapon. The scammer counts on the fact that most adults, especially those who value their privacy and reputation, would rather pay a few hundred dollars than risk their family or coworkers seeing their private browsing habits. The threat is vague because the scammer has no specifics. They do not know what sites you actually visit. They simply assume that everyone has something they would rather keep private. And they are often right enough to make money.

The mechanics of this scam are simple. You receive an email that looks personalized. It includes your real name, your email address, and often a password you recognize. It may even include a generic threat about installing “Pegasus” spyware or a remote access trojan. The email demands payment in Bitcoin, typically between $500 and $2,000, to a specific wallet address. The deadline is usually 24 to 48 hours. The tone is aggressive, often threatening that if you ignore the email, they will “ruin your life.” In some variations, the scammer claims they have accessed your webcam and recorded you, but again, they have not.

What should you do if you receive this email? First, do not pay. Paying confirms to the scammer that your email address is active and that you are vulnerable to pressure. This often leads to follow-up demands or your name being sold to other scammers. Second, change the password that appeared in the email immediately, especially if you still use it on important accounts like banking or email. Use a unique, strong password for every account. Third, enable two-factor authentication on your email and financial accounts. This adds a second layer of security that makes it much harder for a real hacker to break in. Fourth, run a full antivirus and malware scan on your computer and phone. While the scam is usually a bluff, it costs nothing to confirm your devices are clean. Fifth, report the email to the FBI’s Internet Crime Complaint Center (IC3) or the Federal Trade Commission (FTC). These reports help law enforcement track patterns and shut down scam operations.

The most important protection is mental. You need to recognize that this is a numbers game. Scammers send millions of these emails every week. They are not targeting you personally. They are targeting a list of email addresses and hoping a tiny fraction of recipients panic. The scam works only if you feel isolated and afraid. If you understand the trick, you disarm it completely. Remember: real hackers who have compromised your machine do not send you a warning email demanding Bitcoin. They steal your data silently and sell it. A demand for payment is almost always a bluff.

Middle-class Americans are especially vulnerable because they have more to lose in terms of reputation, employment, and family stability. You may think you are not a target, but your age group is exactly who scammers aim for. You grew up without the internet, so you have a healthy respect for your privacy and a deep fear of public exposure. Scammers exploit that fear ruthlessly. Stay skeptical of any unsolicited threat. Verify before you panic. And if you ever feel unsure, talk to a trusted family member or a consumer protection organization like Unreputable. A second pair of eyes can often see the bluff for what it is.

Bottom line: If you get a “Pay or We Leak Your Browsing History” email, delete it. Change your passwords. Enable two-factor authentication. Do not wire a single dollar. The scammer has nothing on you, and they are betting your fear is stronger than your logic. Prove them wrong.