Fear for Sale: The Sextortion Scam That Profits From Your Imagination

At SA Digital Forensics & Investigations, we regularly encounter cyber threats ranging from sophisticated investment fraud schemes to account takeovers and digital extortion attempts. However, one scam continues to resurface year after year despite being exposed countless times.

It arrives in your inbox unexpectedly.

There are no attachments, no screenshots, no proof.

Yet for many recipients, it creates immediate panic.

Real life example of the contents of such email:

Hey!

NB: Because of your disregard for Internet security, I was able to easily install a Trojan horse on your device. which accessed all the data on your device and allowed me to control it remotely. Once I infected one device, I had no problem accessing other devices.

My spyware is embedded in the drivers and updates its signature every few hours, so no antivirus or firewall can even detect it.

I've been successfully watching you for some time by infecting a malware through the adult sites you visit regularly. My Spyware has also recorded videos of you masturbating and satisfying yourself.  I have full access to your address book and I doubt very much you'd want your family, coworkers, and your entire contact list  to see footage of you pleasuring yourself.

I'm just gonna give you a condition to prevent this from happening, kindly send me R25, 000.00 through Shoprite Money Market Counter / Spar / Checkers or Standard Bank Instant Money and email me the Reference/Vouchers numbers and the 4-Digit PIN number to tllb2328@gmail.com

NB: The daily limit for the above transfer option is R5, 000.00 a day. So it'll be done in 5 days.

Once the money is received, I will delete all the data, remotely erase the virus on your devices and you will never hear from me again, it's a very small amount to pay for not destroying your reputation in the eyes of those who, judging by your correspondence in messengers, have an opinion of you as a decent human person.

You have 48 hours! - I'll be notified as soon as you open this letter and the countdown begins. Don't call law enforcement, remember, I have access to all of your devices, and as soon as I notice such activity, it will automatically lead to the release of all of your data.

Do not attempt to reformat your system or factory reset your device. I have all your data already, and secondly, as I said, I have remote access to all your devices and as soon as I notice such an attempt, it will lead to irreversible consequences.

Waiting for your prompt response!

"Because of your disregard for Internet security, I was able to easily install a Trojan horse on your device."

The sender claims they have infected your computer with sophisticated malware, gained complete access to your devices, recorded you through your webcam, and obtained compromising footage of you engaging in private activities such as masturbation.

In the latest South African variation reviewed by SA-DFI, the sender demanded R25,000 through Shoprite Money Market, Checkers, SPAR transfers, or Standard Bank Instant Money, threatening to release alleged recordings to the victim's family, colleagues, and contacts if payment was not made within 48 hours.

For many people, reading such an email is enough to trigger fear.

That reaction is exactly what the criminal is counting on.

THIS IS NOT A HACKING SCAM

The most important thing to understand is that this is not primarily a cyberattack.

It is an extortion scam.

More specifically, it is known as a Mass Sextortion Scam.

The criminal's objective is not to hack your device, their objective is to convince you that they already have.

The distinction is important.

Real hackers gather evidence, demonstrate access and real hackers prove they are in possession of information.

The scammers in this case almost never do.

Notice what is missing from the email:

• No screenshots.

• No photographs.

• No videos.

• No copies of messages.

• No evidence of access.

• No evidence of infection.

The sender makes extraordinary claims while providing absolutely no proof.

That alone should immediately raise suspicion.

THE SCAMMER KNOWS LESS THAN YOU THINK

One of the most interesting aspects of these campaigns is how little information the sender actually possesses.

The email claims:

"I've been successfully watching you for some time by infecting a malware through the adult sites you visit regularly."

Yet the sender never mentions:

• Which website was visited.

• Which device was infected.

• When the infection occurred.

• Which operating system was compromised.

• Which contacts were supposedly stolen.

Everything remains vague. This is deliberate.

The scammer is attempting to create a situation where the victim fills in the blanks themselves.

Human imagination becomes the evidence, and the criminal simply provides the suggestion.

THE REAL WEAPON ISN'T MALWARE, IT'S FEAR.

From a forensic perspective, the structure of the email is fascinating.

Every paragraph is designed to increase psychological pressure.

The sender claims:

"I have full access to your address book."

Then:

"You have 48 hours."

Then:

"Don't contact law enforcement."

Then:

"Don't reset your device."

Then:

"I will be notified as soon as you open this letter."

Every statement serves one purpose: To stop the recipient from thinking logically.

When people panic, they stop analysing, they stop questioning, they stop looking for evidence.

The criminal understands that fear can be far more effective than technology.

WHY THESE EMAILS OFTEN MENTION ADULT CONTENT

The answer is simple. Probability.

The scammer has no idea who the recipient is.

They have never met them.

They have not personally investigated them.

Instead, they make a broad accusation that applies to a large percentage of the population.

The accusation is uncomfortable enough that many recipients immediately become concerned.

Even those who have never visited such sites often begin wondering:

"What if they really do have access?"

This is one of the oldest manipulation techniques in existence.

Make a broad accusation. Create uncertainty. Allow the victim's fear and imagination to do the rest.

THE SOUTH AFRICAN EVOLUTION OF THE SCAM

Historically, these scams demanded payment in cryptocurrency.

Bitcoin was the preferred method because it was difficult to trace and familiar to international cybercriminal groups.

The version currently circulating in South Africa has evolved.

Instead of cryptocurrency, victims are instructed to use:

• Shoprite Money Market

• Checkers Money Transfers

• SPAR transfers

• Standard Bank Instant Money

This adaptation is significant.

It demonstrates that criminals are tailoring their operations specifically for South African victims.

These payment methods are familiar and widely available.

And they often feel less suspicious than cryptocurrency.

This does not make the threat more legitimate, it simply makes the scam more effective.

WHAT WOULD A REAL COMPROMISE LOOK LIKE?

At SA-DFI, we investigate genuine digital compromises.

Real incidents leave traces.

Real attackers leave evidence.

Real compromises often involve:

• Login alerts.

• Password changes.

• Unauthorised transactions.

• Known stolen data.

• Screenshots.

• Specific device information.

When a criminal truly has access, they usually demonstrate it.

These sextortion emails typically demonstrate nothing.

THE SA-DFI ASSESSMENT

Based on the content of the email, the absence of supporting evidence, and the well-documented nature of these campaigns worldwide, this message displays all the hallmarks of a Mass Sextortion Scam.

The sender's greatest asset is not malware.

It is uncertainty.

The sender's greatest weapon is not a Trojan horse.

It is fear.

And the sender's greatest hope is that the recipient reacts emotionally before assessing the facts.

WHAT SHOULD YOU DO IF YOU RECEIVE THIS EMAIL?

If you receive a similar email:

Do Not Panic. The emotional reaction is precisely what the criminal wants.

Do Not Pay. Paying does not guarantee anything. It only confirms that you are willing to send money.

Do Not Reply. Engaging with the scammer rarely achieves anything useful.

FINAL THOUGHT

Perhaps the most revealing aspect of this scam is that it tells us something important about modern cybercrime.

The most dangerous cybercriminal is not always the one with the best malware.

Sometimes it is the one who best understands human psychology.

This scam has survived for years because it exploits something universal:

Fear of embarrassment and exposure.

The next time an email claims to possess compromising videos, complete control of your devices, or secret recordings of your private life, remember this:

Extraordinary claims require extraordinary evidence.

And if there is no evidence, there is usually no compromise only a story that the criminal is hoping you'd believe

Follow the official SA-DFI WhatsApp Channel for expert insights, case updates, and security awareness:

👉 https://whatsapp.com/channel/0029Vb7UGiSFy72BprmXF61k

Click Follow and tap the bell icon 🔔 to stay updated.

Contact SA Digital Forensics and Investigations:

Phone: +27 77 480 3161

Email: info@sa-dfi.co.za

Website: www.sa-dfi.co.za

Follow us on social media:

• https://www.facebook.com/sadfi.investigators

• https://www.instagram.com/sadfi.investigators

• https://www.youtube.com/@sadfi.investigators

• https://www.tiktok.com/@sadfi.investigators

• https://www.linkedin.com/company/sadfi.investigators/

• https://x.com/SA_DFI

Copyright © 2026 | SA Digital Forensics and Investigations | All rights reserved.