An old but persistent email scam known as “sextortion” has a new personalized touch: The missives, which claim that malware has captured webcam footage of recipients pleasuring themselves, now include a photo of the target’s home in a bid to make threats about publishing the videos more frightening and convincing.
This week, several readers reported receiving sextortion emails that addressed them by name and included images of their street or front yard that were apparently lifted from an online mapping application such as Google Maps.
The message purports to have been sent from a hacker who’s compromised your computer and used your webcam to record a video of you while you were watching porn. The missive threatens to release the video to all of your contacts unless you pay a Bitcoin ransom. In this case, the demand is just shy of $2,000, payable by scanning a QR code embedded in the email.
Following a salutation that includes the recipient’s full name, the start of the message reads, “Is visiting [recipient’s street address] a more convenient way to contact if you don’t take action. Nice location btw.” Below that is the photo of the recipient’s street address.
A semi-redacted screenshot of a newish sextortion scam that includes a photo of the target’s front yard.
The message tells people they have 24 hours to pay up, or else their embarrassing videos will be released to all of their contacts, friends and family members.
“Don’t even think about replying to this, it’s pointless,” the message concludes. “I don’t make mistakes, [recipient’s name]. If I notice that you’ve shared or discussed this email with someone else, your shitty video will instantly start getting sent to your contacts.”
The remaining sections of the two-page sextortion message (which arrives as a PDF attachment) are fairly formulaic and include thematic elements seen in most previous sextortion waves. Those include claims that the extortionist has installed malware on your computer (in this case the scammer claims the spyware is called “Pegasus,” and that they are watching everything you do on your machine).
Previous innovations in sextortion customization involved sending emails that included at least one password they had previously used at an account online that was tied to their email address.
Sextortion — even semi-automated scams like this one with no actual physical leverage to backstop the extortion demand — is a serious crime that can lead to devastating consequences for victims. Sextortion occurs when someone threatens to distribute your private and sensitive material if you don’t provide them with images of a sexual nature, sexual favors, or money.
According to the FBI, here are some things you can do to avoid becoming a victim:
-Never send compromising images of yourself to anyone, no matter who they are — or who they say they are.
-Don’t open attachments from people you don’t know, and be wary of opening attachments even from those you do know.
-Turn off [and/or cover] any web cameras when you are not using them.
The FBI says in many sextortion cases, the perpetrator is an adult pretending to be a teenager, and you are just one of the many victims being targeted by the same person. If you believe you’re a victim of sextortion, or know someone else who is, the FBI wants to hear from you: Contact your local FBI office (or toll-free at 1-800-CALL-FBI).
I received the same email a few hours ago. Filled out the report form on the FBI website with all the info. I will say that I responded back to the scammer that all my contacts watch porn and that 2k could buy me a lot of Meth so go ahead and send out the pics of me because they aint getting a cent.
Lmao, I just told them to pull up and sent em a pic of a naked guy in tactical gear with a rifle
I got one on the 24th and just opened it today. What’s the repercussions if you don’t bother reporting it?
I don’t think most people even receive a reply from the IC3 when you report such things (or send an email, or attempt to make other sorts of contact, I assume barring something really fascinating to any of them?). I doubt there are any repercussion for NOT reporting you have been victimised by such sorts of individuals, if that is any indication. Maybe that has changed in the past decade or so; No clue.
I received the same email today.
That such techniques work tells a tale in itself, LOL. Word to the wise: If the monkey has been bad, don’t discipline it in front of a web camera!
I wonder if they would send a copy, too?
I received this earlier this week. HOWEVER, the address and photo was to a house I don’t own, but frequented often. I have no legal ties to the property nor share a last name. I’m still puzzled how they connected these dots…
Also happened to me. How to secure against this? are there cases where this actually happens?
I literally just got this exact email today. I blocked the email after reading it and uploaded my mcafee software on my phone.
We were ahead of this the minute a helpdesk ticket came in about it. Shockingly, we beat these guys to a post. Not getting a lot of traction because most people just think it’s the same. It’s definitely not the same. With the Google Maps API, they are able to grab photos of the home address, crop them to the shape of what looks like having been taken IN PERSON from a mobile device, AND use A.I. to replace the Google Maps watermarks.
You will see this attack targeting a group of people with rare names. Why? Because “National Public Data” was breached, and threat actors have this data. It’s quite easy to filter it out of all common names and then find the ones that have a very rare name that HIT WITH ACCURACY in the email campaigns. Very terrible.
My article here of an in-depth outline: https://www.linkedin.com/feed/update/urn:li:activity:7236734330151084032/
Yeah I am not going to linkedin to read your article. Put in on a independent website.
It’s safe to view with a text browser through a vpn or your website’s shell terminal if you use that. I don’t recommend viewing it from your home location, though.
What I like the most about what Paul says is: “… Many people would do anything if they felt their families were at risk. The next waves won’t be sextortion like this one. It will be timely and targeted. …”
It also has a weird URL that fails linking to a .pdf site? WTH?
Hmmm… Thanks for the heads up, LOL. You know where to find my email address.
I just got this “sextortion” thing with my full name, phone number, and a Google Street View picture of my neighborhood. I only used the email address I’ve received that message on once – at a sporting goods website in 2021. My data could’ve been a part of the Eye4Fraud leak in February, 2023.
Looks like this one is a result of the Eye4Fraud leak in February, 2023. And not just this one – I’ve been receiving all kinds of spam to the apparently leaked since April.
I have nothing to hide. But then, I never use the camera on my laptop either – so I toggled it off, just to be safer.
Peggy Rowe’s husband (parent of Mike Rowe of Dirty Jobs) received one recently and she emailed the story about it to Mike who read it on YouTube. His dad is 91 and has had a number of ailments that make the contents of the email … unlikely.
It’s a hilarious read/listen/watch.
https://youtu.be/ReQInImPXz0?si=o5frYGicxMzvCDtx
Thanks for sharing! That is absolutely hilarious!
I got this exact same email yesterday. Except it was a photo of my neighbor’s house instead of mine. So I figured it was a scam from the start. And especially since they weren’t very specific on the “filthy” videos I was supposedly watching.
With AI though this sort of thing will be getting more common and probably a lot better at fooling people. Just gotta stay vigilant of all these potential scams.
There is no real “solution” to AI fakes. People will have to learn to treat photos like hand sketched drawings. Anyone can sketch anything, and now they can create a photo of anything. You can’t think a photo shows something that really happened anymore. You will eventually get an email of your daughter topless, and you need to be so comfortable believing it is fake you just delete it without even thinking about it. What else can we do? Photos now mean nothing
Weird part of the message is in the PDF attachment. Most people would never open that to read it. I sure wouldn’t.
For webcams the best rule is to not have any inside your house! I only have one and it’s the latest Wyze Pan Cam, which faces down when it’s turned off, so it can’t take pictures, and moves when it’s turned on so you’ll notice it. Wyze isn’t know for the best security in the world, but if you don’t have any inside your house but that model it really doesn’t matter.
I replied to one saying I hoped they got the best side of my junk, but the email bounced.
I can’t believe people fall for this.
I received this same type of email with name, home address and cell phone number and an old picture of the road I live on, some of those houses and vehicles are no longer there now. So I knew it was a scam. But I must say, at first, I was a little concerned as to how they got all this info. I simply erased the email.
YAY! i just got the message. i’m a cool kid now, finally picked for the team.
I got the same message Sunday night 9pm. Full name address picture of my apartment. All in a PDF… 24 hr warning to pay…. sent to my email….
Any chance this may come from a compromise of the age verification databases being required in some states for access to adult content? That would give even more credence to the sextortion campaign.
Any chance this may come from a compromise of the age verification databases being required in some states for access to adult content? That would give even more credence to the sextortion campaign.
If you ain’t a Jedi night you can’t stop the scammers. Stop living online.
I got one to-day on an email acct I only used to purchase a moped on Amazon, it also had my OLD phone number and what it claimed was my address was actually a commercial business I used to receive the shipment at- that’s how I know for sure the origin because I NEVER used that address for anything else.
I also dont HAVE a web cam and my PC runs linux LOL
The scammer used;
Neomi Lauritzen
I just got this email at 3 am last night and I was afraid my address was exposed until I came to work and did more research. This is horrible to do to people. The photo they used looks like it was pulled from Google Maps.
I got the same email today!! I just filed a police report.
I received one of these emails and actually opened the attachment. I had to look up the type of email scam and found that it is exactly like the one above. I hit the Report Phishing button, is there something else I should do now?
I did visit porn sites. And did things any man occasionally does. However, it’s my business what I do, as long as it’s private. The ONLY way I would be nervous or believe these utterly useless threats is if in addition to my name, the scammer had attached clear photos of me naked in my room. Until they do, there’s nothing to worry about. Toss out the email.
How can someone be so evil? Try to freak someone out so they’ll hand over money? Send something that by its very content (though it has no teeth) is vaguely degrading unbidden into someone’s inbox? How do they live with themselves?
Yep, I got it too….it was shocking in its anger, but it was very apparent that it was a scam since the the most scandalous thing in my life is yet another Amazon bing.
I’ve gotten two of them over the last few days and just hit blocked after I read the the trash pdf from
the first one. I reported the scam to the internet crimes bureau maybe if enough do then they can trace these assholes and stop it. Not holding my breath, definitely alot of bs now days.
https://complaint.ic3.gov/