September 3, 2024

An old but persistent email scam known as “sextortion” has a new personalized touch: The missives, which claim that malware has captured webcam footage of recipients pleasuring themselves, now include a photo of the target’s home in a bid to make threats about publishing the videos more frightening and convincing.

This week, several readers reported receiving sextortion emails that addressed them by name and included images of their street or front yard that were apparently lifted from an online mapping application such as Google Maps.

The message purports to have been sent from a hacker who’s compromised your computer and used your webcam to record a video of you while you were watching porn. The missive threatens to release the video to all of your contacts unless you pay a Bitcoin ransom. In this case, the demand is just shy of $2,000, payable by scanning a QR code embedded in the email.

Following a salutation that includes the recipient’s full name, the start of the message reads, “Is visiting [recipient’s street address] a more convenient way to contact if you don’t take action. Nice location btw.” Below that is the photo of the recipient’s street address.

A semi-redacted screenshot of a newish sextortion scam that includes a photo of the target’s front yard.

The message tells people they have 24 hours to pay up, or else their embarrassing videos will be released to all of their contacts, friends and family members.

“Don’t even think about replying to this, it’s pointless,” the message concludes. “I don’t make mistakes, [recipient’s name]. If I notice that you’ve shared or discussed this email with someone else, your shitty video will instantly start getting sent to your contacts.”

The remaining sections of the two-page sextortion message (which arrives as a PDF attachment) are fairly formulaic and include thematic elements seen in most previous sextortion waves. Those include claims that the extortionist has installed malware on your computer (in this case the scammer claims the spyware is called “Pegasus,” and that they are watching everything you do on your machine).

Previous innovations in sextortion customization involved sending emails that included at least one password they had previously used at an account online that was tied to their email address.

Sextortion — even semi-automated scams like this one with no actual physical leverage to backstop the extortion demand — is a serious crime that can lead to devastating consequences for victims. Sextortion occurs when someone threatens to distribute your private and sensitive material if you don’t provide them with images of a sexual nature, sexual favors, or money.

According to the FBI, here are some things you can do to avoid becoming a victim:

-Never send compromising images of yourself to anyone, no matter who they are — or who they say they are.
-Don’t open attachments from people you don’t know, and be wary of opening attachments even from those you do know.
-Turn off [and/or cover] any web cameras when you are not using them.

The FBI says in many sextortion cases, the perpetrator is an adult pretending to be a teenager, and you are just one of the many victims being targeted by the same person. If you believe you’re a victim of sextortion, or know someone else who is, the FBI wants to hear from you: Contact your local FBI office (or toll-free at 1-800-CALL-FBI).


79 thoughts on “Sextortion Scams Now Include Photos of Your Home

  1. SAM

    My husband got the same email. He’s worried the whole secure album of his wife was going to go to all his contacts. 2 mins of googling this situation I found this page. They sent the email to his stepmom who he never talks too. She then forwarded the email to him. That in itself was embarrassing enough. He screenshot the letter to me and it wasn’t even our house. It was our driveway and the neighbor’s house. Idiots. Zillow had a better pic. I definitely am not getting FBI involved … (eyeroll) Just glad to know it’s a scam. If they sent 500 people, the email and got 10 gullible people to send 2k that’s a lot of money in destitute countries. JERKS!

    Reply
    1. LC

      You should report it to the FBI online via IC3. https://www.ic3.gov/ This way they can track the email address and bitcoin wallet addresses. Not everyone’s email may have originated from the same place or direct funds to the same wallet. This will help catch the crooks faster.

      Reply
  2. Dianne S

    “… be wary of opening attachments even from those you do know.”

    OK, how? How does one “be wary” of opening an attachment? I find advice like this to be pretty unhelpful.

    Much more helpful advice would be: “Don’t run Windows; use Linux instead” which actually would reduce your exposure to the vast majority of end-user-targeted malware.

    Reply
    1. Catwhisperer

      Which is even less helpful, IMHO, to 99% of computer users out IRL Probably a good portion of KOS readers already use Linux, and Apple users use it by default (Darwin is a ‘nix flavor) but many don’t realize it because they don’t get past the GUI. The average person, though, that buys a laptop or gaming tower on Amazon probably isn’t going to receive it and install Linux over Windows 11. So the advice from the feds to the masses is probably good.

      Reply
  3. A. R.

    This scam only makes much sense in a society that stigmatizes sexuality and doesn’t respect consent.

    If these webcam videos really existed, the one to fear social repercussions from them being shared ought to be the cybercriminal who took nonconsensual webcam photos in the first place, not the victim shown in them!

    (Excepting edge cases where the victim had actually been cheating on a spouse etc., but mostly the scam just seems to assume that everyone’s ashamed of sexuality itself.)

    The bipartisan rise of erotophobic neo-Puritanism in America is exhausting. *cough*Etsy, e6, bad legislation…*cough*

    Let’s as a society leave shame over harmless things behind – many good reasons to, but this scam shows we can add “improving America’s cybersecurity posture” to the list!

    Reply
  4. Aaron C

    I got this email. I thought it was the funniest thing ever. As others mentioned, they didn’t have the right house, but used my neighbors house instead. My name wasn’t capitalized in the email, suggesting they got my records from a compromised site and scripted it into the body of the email.
    I challenged them to come visit me, as their threat entailed. I’m still waiting.

    Idiots.

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *