Did you receive one of those “porn scam” emails in the past week or so?

Millions of people did in fact, the number was probably more like tens or even hundreds of millions, with some Naked Security readers reporting phlegmatically that they’d had two, three and even five different flavours of scam in the past few days.

Even if you’ve never had a sextortion email sample of your own, you’re probably familiar with the “porn scam” scenario, where cybercrimals send a message out of the blue that says something along these lines:

ATTENTION! We implanted malware on your computer , which means we have been keeping tabs on you, including grabbing your passwords and getting access to your accounts.

, which means we have been keeping tabs on you, including grabbing your passwords and getting access to your accounts. We also used this malware to film you via your webcam and to take screenshots of your browser .

and to . We made a video of you on a porn site with the screenshots and the webcam footage side-by-side.

with the screenshots and the webcam footage side-by-side. Oh, and the clock is ticking, so pay us some money pretty darn quickly or we’ll send the video to your friends and family. (We know who they are, because we have your passwords, remember?)

The extortion demand is typically somewhere from $700 to $4000, payable to a Bitcoin address provided in the email.

The good news is that it’s all a bluff, because the crooks behind this scam don’t have malware on your computer, don’t have a video of you doing anything, don’t have screenshots of your browsing habits, and haven’t just stolen a list of your friends and family to send their non-existent video to.

The bad news is that this sort of email is extremely confronting, even if you don’t watch porn and don’t have a webcam, because blackmail is an odious and unsettling crime under any circumstances.

What makes it worse is that the crooks often include a password in the email as “proof” of their claim to have malware on your computer…

….and that password very often really is a password you once used, even if it’s a few years old now or for an account you’ve already closed.