An old but persistent email scam known as “sextortion” has a new personalized touch: The missives, which claim that malware has captured webcam footage of recipients pleasuring themselves, now include a photo of the target’s home in a bid to make threats about publishing the videos more frightening and convincing.
This week, several readers reported receiving sextortion emails that addressed them by name and included images of their street or front yard that were apparently lifted from an online mapping application such as Google Maps.
The message purports to have been sent from a hacker who’s compromised your computer and used your webcam to record a video of you while you were watching porn. The missive threatens to release the video to all of your contacts unless you pay a Bitcoin ransom. In this case, the demand is just shy of $2,000, payable by scanning a QR code embedded in the email.
Following a salutation that includes the recipient’s full name, the start of the message reads, “Is visiting [recipient’s street address] a more convenient way to contact if you don’t take action. Nice location btw.” Below that is the photo of the recipient’s street address.
A semi-redacted screenshot of a newish sextortion scam that includes a photo of the target’s front yard.
The message tells people they have 24 hours to pay up, or else their embarrassing videos will be released to all of their contacts, friends and family members.
“Don’t even think about replying to this, it’s pointless,” the message concludes. “I don’t make mistakes, [recipient’s name]. If I notice that you’ve shared or discussed this email with someone else, your shitty video will instantly start getting sent to your contacts.”
The remaining sections of the two-page sextortion message (which arrives as a PDF attachment) are fairly formulaic and include thematic elements seen in most previous sextortion waves. Those include claims that the extortionist has installed malware on your computer (in this case the scammer claims the spyware is called “Pegasus,” and that they are watching everything you do on your machine).
Previous innovations in sextortion customization involved sending emails that included at least one password they had previously used at an account online that was tied to their email address.
Sextortion — even semi-automated scams like this one with no actual physical leverage to backstop the extortion demand — is a serious crime that can lead to devastating consequences for victims. Sextortion occurs when someone threatens to distribute your private and sensitive material if you don’t provide them with images of a sexual nature, sexual favors, or money.
According to the FBI, here are some things you can do to avoid becoming a victim:
-Never send compromising images of yourself to anyone, no matter who they are — or who they say they are.
-Don’t open attachments from people you don’t know, and be wary of opening attachments even from those you do know.
-Turn off [and/or cover] any web cameras when you are not using them.
The FBI says in many sextortion cases, the perpetrator is an adult pretending to be a teenager, and you are just one of the many victims being targeted by the same person. If you believe you’re a victim of sextortion, or know someone else who is, the FBI wants to hear from you: Contact your local FBI office (or toll-free at 1-800-CALL-FBI).
I received the same email today.
I wonder if they would send a copy, too?
I received this earlier this week. HOWEVER, the address and photo was to a house I don’t own, but frequented often. I have no legal ties to the property nor share a last name. I’m still puzzled how they connected these dots…
Also happened to me. How to secure against this? are there cases where this actually happens?
I literally just got this exact email today. I blocked the email after reading it and uploaded my mcafee software on my phone.
We were ahead of this the minute a helpdesk ticket came in about it. Shockingly, we beat these guys to a post. Not getting a lot of traction because most people just think it’s the same. It’s definitely not the same. With the Google Maps API, they are able to grab photos of the home address, crop them to the shape of what looks like having been taken IN PERSON from a mobile device, AND use A.I. to replace the Google Maps watermarks.
You will see this attack targeting a group of people with rare names. Why? Because “National Public Data” was breached, and threat actors have this data. It’s quite easy to filter it out of all common names and then find the ones that have a very rare name that HIT WITH ACCURACY in the email campaigns. Very terrible.
My article here of an in-depth outline: https://www.linkedin.com/feed/update/urn:li:activity:7236734330151084032/
I just got this “sextortion” thing with my full name, phone number, and a Google Street View picture of my neighborhood. I only used the email address I’ve received that message on once – at a sporting goods website in 2021. My data could’ve been a part of the Eye4Fraud leak in February, 2023.
Looks like this one is a result of the Eye4Fraud leak in February, 2023. And not just this one – I’ve been receiving all kinds of spam to the apparently leaked since April.
I have nothing to hide. But then, I never use the camera on my laptop either – so I toggled it off, just to be safer.
Peggy Rowe’s husband (parent of Mike Rowe of Dirty Jobs) received one recently and she emailed the story about it to Mike who read it on YouTube. His dad is 91 and has had a number of ailments that make the contents of the email … unlikely.
It’s a hilarious read/listen/watch.
https://youtu.be/ReQInImPXz0?si=o5frYGicxMzvCDtx
I got this exact same email yesterday. Except it was a photo of my neighbor’s house instead of mine. So I figured it was a scam from the start. And especially since they weren’t very specific on the “filthy” videos I was supposedly watching.
With AI though this sort of thing will be getting more common and probably a lot better at fooling people. Just gotta stay vigilant of all these potential scams.
There is no real “solution” to AI fakes. People will have to learn to treat photos like hand sketched drawings. Anyone can sketch anything, and now they can create a photo of anything. You can’t think a photo shows something that really happened anymore. You will eventually get an email of your daughter topless, and you need to be so comfortable believing it is fake you just delete it without even thinking about it. What else can we do? Photos now mean nothing
Weird part of the message is in the PDF attachment. Most people would never open that to read it. I sure wouldn’t.
For webcams the best rule is to not have any inside your house! I only have one and it’s the latest Wyze Pan Cam, which faces down when it’s turned off, so it can’t take pictures, and moves when it’s turned on so you’ll notice it. Wyze isn’t know for the best security in the world, but if you don’t have any inside your house but that model it really doesn’t matter.
I replied to one saying I hoped they got the best side of my junk, but the email bounced.
I can’t believe people fall for this.
I received this same type of email with name, home address and cell phone number and an old picture of the road I live on, some of those houses and vehicles are no longer there now. So I knew it was a scam. But I must say, at first, I was a little concerned as to how they got all this info. I simply erased the email.
YAY! i just got the message. i’m a cool kid now, finally picked for the team.