Did you recently get one of those ugly emails that tries to stop your heart for a second, the kind that says a hacking group has been watching you, recording you, and is now giving you a tiny window to pay up before your life supposedly gets blown apart? If that sounds familiar, and especially if the message says it came from the “ShinyHunters hacking group,” mentions CarGurus.com, and demands $2,000 in Bitcoin within 48 hours, then what you are looking at is not some genius operation tailored just for you. It is a sextortion scam built around panic.
Scams of ShinyHunters‘s type are known to steal personal data and passwords. Install SpyHunter Pro to scan for risks, remove any dangerous trackers, and enable real-time protection.
Try Free For 7 Days*
Buy now15% OFF if you buy straight without trial.
OFFERThe email, similar to Pegasus email scam, wants you emotional, embarrassed, rushed, and isolated all at once. Once you see that, the rest of the message starts to fall apart, because instead of looking like proof, it starts looking like a copied script sent to many people in the hope that a few of them will break and pay.
Understanding the “ShinyHunters” Sextortion Email
The message starts with dramatic language: “Sadly, there are some bad news that you are about to hear.” telling the recipient that there is bad news coming and that the sender is part of the ShinyHunters hacking group. They use a threatening name and create the feeling that they already know everything about you before you have had a chance to think clearly.
From there the email builds out its story. It says the sender got access to the CarGurus.com database, found your email address there, and then after you clicked unsafe links they installed an exploit on all your devices, including your phone. According to the email, they now have access to your microphone, camera, keyboard, photos, browsing history, conversations, and contact list. Then the message claims that it discovered visits to adult websites and recorded explicit footage that can supposedly be sent to your friends, colleagues, and family. Finally, it delivers the threat: send $2,000 in Bitcoin to the wallet bc1q6k7j2crsjalh90a78jzw4wqxstfzvyycxhdyrx within 48 hours of opening the email or the supposed videos will be released.
Now here is where this kind of scam shows its hand. The message is trying to look deeply personal while still being generic. It makes massive claims, but it does not back them up. It says it has all this access and leverage, yet instead of showing evidence it gives you a long speech and a Bitcoin demand. Real proof is replaced by pressure, and that is a giant red flag.
What to Do If You’ve Fallen for the Scam
If you opened the email, do not panic. Opening a message is not the same thing as confirming that any of its claims are real. In the discussion that followed the example shared here, multiple people described the email as a lie, a bluff, and a copy pasted message sent out at scale, and that lines up with the way the message reads.
The first thing you should not do is send the money. The demand here is $2,000 in Bitcoin, and the 48 hour deadline is there for one reason only, to push you into acting before you slow down and think it through. The second thing you should not do is reply. Responding only confirms that there is a real person on the other end who is frightened enough to engage.
After that, mark the email as spam and delete it. In the original example, the recipient said the message had already landed in the spam folder. If the email included any password or other personal credential, then change your passwords as a precaution, because one commenter noted that such details are often pulled from an older data breach rather than from any current access to your devices.
How ShinyHunters Scam Tries to Manipulate You
Like a lot of extortion emails, this one stacks several pressure tactics on top of each other so the victim feels boxed in.
First, it borrows a recognizable name. By calling itself ShinyHunters, the sender tries to sound more intimidating and more credible than some random anonymous scammer.
Second, it leans on a real company name. In this case it mentions CarGurus.com, which makes the story sound more grounded because people are more likely to think maybe my email was connected to that account. But notice what the message is doing there. It is taking one believable detail and using it to prop up a much larger story that still is not proven.
Third, it claims total visibility into your private life. Not one account, not one device, not one app. Everything. Phone, camera, keyboard, photos, contacts, conversations, browsing history, all of it. That kind of language is meant to make you feel cornered, because someone who feels cornered is more likely to pay without stopping to verify anything.
Recognizing the Warning Signs in ShinyHunters Email
There are several red flags in this message, and once you know what to look for they start piling up fast. The language is dramatic but vague. The technical claims are, yet the proof is nonexistent. It says videos are stored on remote servers, but that is just another claim sitting there without evidence.
The writing itself is also sloppy in ways that matter. Phrases like “We’ve know each other for a while” and “Beside other things” do not inspire confidence, and the line that mangles the payment demand into distorted text makes the whole thing look even more suspicious. Scammers do this all the time, mixing intimidation with awkward wording and hoping the emotional punch lands before the recipient notices how flimsy the message really is.
Another big warning sign is the isolation tactic. The email says not to contact police or anyone else and not to reset devices either. Legitimate warnings do not try to trap you in silence. Scammers do.
What Other People Said About ShinyHunters Email
The reactions from other people who saw this example were remarkably consistent. One moderator called it sextortion outright. Another person said it was marked spam for a reason and should be ignored. Others described it as a new Pegasus style scam email, said scammers send out thousands of these a day at random, and called it junk that should be deleted.
One comment made a point that is especially useful. If the sender really had blackmail material, the email would probably be much shorter and much more direct. There would be some sample, some attachment, some link, something concrete. Instead the scammer gives you a long dramatic monologue about how they supposedly hacked every part of your life. That is not proof. That is theater.
How to Handle a Message Like This
If you get a message like this, do not treat it like a puzzle you have to solve by talking to the sender. Ignore it, report it as spam, and remove it. If it contains an old password or some personal detail, use that as a reminder to update your account security and move on.
Useful Resources for Scam Reporting and Prevention (By Country)
Open the country-by-country reporting list
| Country / Agency | URL | Category / Use-case | Phone/Email |
| Australia – Crime Stoppers | https://www.crimestoppers.com.au | Anonymous tips about crime | 1800 333 000 |
| Australia – National Anti-Scam Center (Scamwatch) | https://www.scamwatch.gov.au/report-a-scam | General scams; phishing; texts/emails | |
| Australia – Police Assistance Line (non-emergency) | https://www.police.gov.au | Local police report | 131 444 |
| Australia – ReportCyber (ACSC) | https://www.cyber.gov.au/report | Cybercrime (hacks, fraud, extortion) | |
| Canada – Canadian Anti-Fraud Center (CAFC) | https://www.antifraudcentre-centreantifraude.ca/report-signalez-eng.htm | General scams incl. phone/text/email | |
| France – DGCCRF (SignalConso) | https://signal.conso.gouv.fr | Consumer scams/deceptive practices | |
| France – PHAROS – Internet-Signalement | https://www.internet-signalement.gouv.fr | Online content & cybercrime reports | |
| Germany – Bundeskriminalamt / Local Police | https://www.polizei.de/Polizei/DE/Home/home_node.html | Report online fraud | |
| Germany – Weißer Ring – Victim Support | https://weisser-ring.de | Victim support | 116 006 |
| India – DoT Helpline (Sanchar Saathi) | https://sancharsaathi.gov.in | Fraudulent telecom/SIM related | 155260 |
| India – National Consumer Helpline | https://consumerhelpline.gov.in | Consumer scams | 1800-11-4000 / 1915 |
| India – National Cyber Crime Reporting Portal | https://cybercrime.gov.in | Cybercrime incl. online fraud | 1930 |
| Japan – Consumer Affairs Agency (CAA) | https://www.caa.go.jp/policies/policy/consumer_policy/caution/cybercrime/ | Consumer scams | |
| Japan – National Police Agency – Cybercrime | https://www.npa.go.jp/bureau/cyber/ | Cybercrime reporting | |
| Mexico – Guardia Nacional (National Guard) | https://www.gob.mx/gn | Cybercrime reporting | |
| Mexico – Instituto Federal de Telecomunicaciones (IFT) | https://www.ift.org.mx | Telecom/online services scams | |
| Mexico – PROFECO | https://www.gob.mx/profeco | Consumer fraud & ecommerce | |
| Netherlands – AFM – Report investment fraud | https://www.afm.nl/en/consumenten/themas/beleggen/misleiding-misbruik | Investment/crypto | |
| Netherlands – Fraudehelpdesk | https://www.fraudehelpdesk.nl/melden | General scams (incl. phishing/SMS) | 088-7867372 |
| Netherlands – Politie – Meldpunt Internetoplichting | https://www.politie.nl/themas/internetoplichting.html | Online shopping fraud | |
| New Zealand – CERT NZ | https://www.cert.govt.nz/individuals/report-an-issue/ | Phishing, identity scams | |
| New Zealand – Department of Internal Affairs – Spam | https://www.dia.govt.nz/Spam-Contact-Us | Email/SMS spam | [email protected] |
| New Zealand – IDCARE | https://www.idcare.org | Victim support (identity compromise) | 0800 121 068 |
| New Zealand – Netsafe – Report | https://www.netsafe.org.nz/report/ | Online harms & scams | |
| New Zealand – New Zealand Police (non-emergency) | https://www.police.govt.nz/use-105 | Report fraud/online crime | 105 |
| Nigeria – Economic & Financial Crimes Commission (EFCC) | https://www.efcc.gov.ng | Financial scams incl. crypto/investment | [email protected] |
| Nigeria – Nigeria Police Special Fraud Unit (SFU) | https://www.specialfraudunit.org.ng | Serious fraud | Voice/SMS: 0708 227 6895; WhatsApp: 0812 760 9914 |
| Poland – CERT Polska (CERT.PL) | https://cert.pl/en/report/ | Cyber incidents & phishing | |
| Poland – Dyzurnet.pl | https://dyzurnet.pl | Illegal online content (esp. child protection) | |
| Poland – Polish Police (Policja) | https://www.policja.pl | Report scams to police | |
| Singapore – Anti-Scam Centre / Anti-Scam Helpline | https://www.scamalert.sg | General scams; texts; calls | 1800-722-6688 |
| Singapore – Monetary Authority of Singapore (MAS) | https://www.mas.gov.sg/investor-alert-list | Investment/crypto checks | |
| Singapore – Singapore Police Force | https://www.police.gov.sg/iwitness | Police report (cybercrime) | |
| South Africa – Cybersecurity Hub (CSIRT) | https://www.cybersecurityhub.gov.za | Cyber incidents incl. scams | |
| South Africa – South African Fraud Prevention Service (SAFPS) | https://www.safps.org.za | Identity fraud support | 011-867-2234 |
| South Africa – South African Police Service (SAPS) | https://www.saps.gov.za | Police report (cybercrime unit) | |
| South Korea – Korea Communications Commission (KCC) | https://www.kcc.go.kr | Telecom-related fraud | |
| South Korea – Korea Internet & Security Agency (KISA) | https://www.kisa.or.kr | Phishing, online harms | |
| South Korea – Korean National Police Agency – Cyber Bureau | https://ecrm.cyber.go.kr | Cybercrime reporting | |
| Spain – INCIBE – Oficina de Seguridad del Internauta (OSI) | https://www.osi.es/es/reporte | Cybersecurity & online fraud | |
| Spain – Policía Nacional / Guardia Civil | https://www.policia.es | Report scams to police | |
| Sweden – Crime Victim Authority (Brottsoffermyndigheten) | https://www.brottsoffermyndigheten.se | Victim support & compensation | 090–70 82 00 |
| Sweden – Polisen (Swedish Police) | https://polisen.se | Report fraud/cybercrime | 114 14 (non-emergency); 112 (emergency) |
| Sweden – Swedish Consumer Agency (Konsumentverket) | https://www.konsumentverket.se | Unfair business practices | |
| United Arab Emirates – Abu Dhabi Police – Aman Service | https://www.adpolice.gov.ae | Cybercrime tips/reporting | SMS 2828; 800 2626 |
| United Arab Emirates – Dubai Police – eCrime | https://www.dubaipolice.gov.ae | Cybercrime reporting | 04 606 1600 |
| United Arab Emirates – Ministry of Interior – Cyber Crime Dept. | https://www.moi.gov.ae | Cybercrime incl. online scams | |
| United Arab Emirates – Telecommunications Regulatory Authority (TRA) / TDRA | https://www.tra.gov.ae | Telecom-related scams/phishing | |
| United Kingdom – Action Fraud (NFIB) | https://www.actionfraud.police.uk | General scams & cybercrime (non-emergency) | 0300 123 2040 |
| United Kingdom – Citizens Advice Consumer Service | https://www.citizensadvice.org.uk/consumer/get-more-help/if-you-need-more-help-about-a-consumer-issue/ | Consumer problems & scam guidance | 0808 223 1133 |
| United Kingdom – Financial Conduct Authority (FCA) | https://www.fca.org.uk/consumers/report-scam-us | Investment/crypto & financial services | |
| United Kingdom – National Cyber Security Centre (NCSC) | https://www.ncsc.gov.uk/collection/phishing-scams | Phishing emails & suspicious websites | |
| United Kingdom – Stop Scams UK ‘159’ | https://stopscamsuk.org.uk/159 | Banking APP fraud (direct to your bank) | 159 |
| United States – AARP Fraud Watch Network Helpline | https://www.aarp.org/money/scams-fraud/ | Victim support | 833-372-8311 |
| United States – Better Business Bureau – Scam Tracker | https://www.bbb.org/scamtracker | Business/marketplace scams | |
| United States – FBI Internet Crime Complaint Center (IC3) | https://www.ic3.gov | Internet crime incl. investment/crypto | |
| United States – Federal Trade Commission – ReportFraud | https://reportfraud.ftc.gov | General scams, phishing, texts/emails | 1-877-382-4357 |
| United States – National Center for Disaster Fraud | https://www.justice.gov/disaster-fraud | Disaster-related scams | (866) 720-5721 |
| United States – SEC Tips & Complaints | https://www.sec.gov/tcr | Investment & securities/crypto-asset offerings |
The scam only works if it can force you into a state where fear takes over and common sense steps aside. So do the opposite. Slow down. Look at what is actually there. A threatening name, a real company reference, sweeping claims, a demand for Bitcoin, and no evidence. Once you strip away the drama, that is all this email really is, and that is exactly why you should not believe it.
