An old but persistent email scam known as “sextortion” has a new personalized touch: The missives, which claim that malware has captured webcam footage of recipients pleasuring themselves, now include a photo of the target’s home in a bid to make threats about publishing the videos more frightening and convincing.
This week, several readers reported receiving sextortion emails that addressed them by name and included images of their street or front yard that were apparently lifted from an online mapping application such as Google Maps.
The message purports to have been sent from a hacker who’s compromised your computer and used your webcam to record a video of you while you were watching porn. The missive threatens to release the video to all of your contacts unless you pay a Bitcoin ransom. In this case, the demand is just shy of $2,000, payable by scanning a QR code embedded in the email.
Following a salutation that includes the recipient’s full name, the start of the message reads, “Is visiting [recipient’s street address] a more convenient way to contact if you don’t take action. Nice location btw.” Below that is the photo of the recipient’s street address.
A semi-redacted screenshot of a newish sextortion scam that includes a photo of the target’s front yard.
The message tells people they have 24 hours to pay up, or else their embarrassing videos will be released to all of their contacts, friends and family members.
“Don’t even think about replying to this, it’s pointless,” the message concludes. “I don’t make mistakes, [recipient’s name]. If I notice that you’ve shared or discussed this email with someone else, your shitty video will instantly start getting sent to your contacts.”
The remaining sections of the two-page sextortion message (which arrives as a PDF attachment) are fairly formulaic and include thematic elements seen in most previous sextortion waves. Those include claims that the extortionist has installed malware on your computer (in this case the scammer claims the spyware is called “Pegasus,” and that they are watching everything you do on your machine).
Previous innovations in sextortion customization involved sending emails that included at least one password they had previously used at an account online that was tied to their email address.
Sextortion — even semi-automated scams like this one with no actual physical leverage to backstop the extortion demand — is a serious crime that can lead to devastating consequences for victims. Sextortion occurs when someone threatens to distribute your private and sensitive material if you don’t provide them with images of a sexual nature, sexual favors, or money.
According to the FBI, here are some things you can do to avoid becoming a victim:
-Never send compromising images of yourself to anyone, no matter who they are — or who they say they are.
-Don’t open attachments from people you don’t know, and be wary of opening attachments even from those you do know.
-Turn off [and/or cover] any web cameras when you are not using them.
The FBI says in many sextortion cases, the perpetrator is an adult pretending to be a teenager, and you are just one of the many victims being targeted by the same person. If you believe you’re a victim of sextortion, or know someone else who is, the FBI wants to hear from you: Contact your local FBI office (or toll-free at 1-800-CALL-FBI).
My husband got the same email. He’s worried the whole secure album of his wife was going to go to all his contacts. 2 mins of googling this situation I found this page. They sent the email to his stepmom who he never talks too. She then forwarded the email to him. That in itself was embarrassing enough. He screenshot the letter to me and it wasn’t even our house. It was our driveway and the neighbor’s house. Idiots. Zillow had a better pic. I definitely am not getting FBI involved … (eyeroll) Just glad to know it’s a scam. If they sent 500 people, the email and got 10 gullible people to send 2k that’s a lot of money in destitute countries. JERKS!
You should report it to the FBI online via IC3. https://www.ic3.gov/ This way they can track the email address and bitcoin wallet addresses. Not everyone’s email may have originated from the same place or direct funds to the same wallet. This will help catch the crooks faster.
By not involving the authorities, you allow them to continue terrorizing other victims, including high-profile cases like Amanda Todd, who was just a teenager and ultimately ended her life because she felt isolated and unable to communicate what was happening to her. It’s crucial to always involve the police so they can gather accurate statistics, respond swiftly, and potentially catch the perpetrators. At the very least, file an iC3 report with the FBI and submit the tip.
Oh please. Just ignore the morons. Block their email and be done with it. It’s just typical loser crap.
Well, yes and no. I got one of these and within five minutes filed an IC3 complaint. This was an idiot, or group of idiots. The difference here is the language was overtly threatening. I’m not going to ignore that. The dolt, or dolts who did this need a travel pack through the criminal justice system.
“… be wary of opening attachments even from those you do know.”
OK, how? How does one “be wary” of opening an attachment? I find advice like this to be pretty unhelpful.
Much more helpful advice would be: “Don’t run Windows; use Linux instead” which actually would reduce your exposure to the vast majority of end-user-targeted malware.
Which is even less helpful, IMHO, to 99% of computer users out IRL Probably a good portion of KOS readers already use Linux, and Apple users use it by default (Darwin is a ‘nix flavor) but many don’t realize it because they don’t get past the GUI. The average person, though, that buys a laptop or gaming tower on Amazon probably isn’t going to receive it and install Linux over Windows 11. So the advice from the feds to the masses is probably good.
This scam only makes much sense in a society that stigmatizes sexuality and doesn’t respect consent.
If these webcam videos really existed, the one to fear social repercussions from them being shared ought to be the cybercriminal who took nonconsensual webcam photos in the first place, not the victim shown in them!
(Excepting edge cases where the victim had actually been cheating on a spouse etc., but mostly the scam just seems to assume that everyone’s ashamed of sexuality itself.)
The bipartisan rise of erotophobic neo-Puritanism in America is exhausting. *cough*Etsy, e6, bad legislation…*cough*
Let’s as a society leave shame over harmless things behind – many good reasons to, but this scam shows we can add “improving America’s cybersecurity posture” to the list!
I got this email. I thought it was the funniest thing ever. As others mentioned, they didn’t have the right house, but used my neighbors house instead. My name wasn’t capitalized in the email, suggesting they got my records from a compromised site and scripted it into the body of the email.
I challenged them to come visit me, as their threat entailed. I’m still waiting.
Idiots.
That’s the exact email I got. Do you think the pdf gave my phone a virus from opening it?
Idk what bro is thinking bc if this is real someone’s going to jail bc I’m 16 lmao
I got the same email a few days ago then 1 yesterday sep 7 . I contacted Digital forensics Corp they charge me $1500 to start a case, I canceled it this morning the 7th for 25% of the down i think. Not sure what to do other than hope they get busted before they start sending out photos of me to my contacts, if they have photos. I have yet to hear of them sending any proof. I have not engaged with them, deleted the emails. Now what ? I’m curious about what others are doing differently now.
Hi Scott, they don’t actually have any pictures. This is an automated scam using public information and map photos. You can safely ignore the email. And if Digital Forensics Corp actually took money from you to investigate one of these bogus sextortion scams, they should be shamed and shunned.
How do they get your address?
data breach of some sort to have email-to-address mappings.
I do not even live in the US but Europe and have been getting these from time to time. My late mother, then already in here 80’s also got one once. We had a great laugh. Plus she would not know how to send bitcoin. And since I do not use my phone for whatever they were trying to scare me with it is very clear they have nothing on me.
And as some here suggested. I left windows behind in almost 20 years ago so that takes care of my computer as for my smart phone use it as little as possible.
I love the call I get from sexy sounding women. But they always hang up when I mention how nice he looks in his dilapidated hovel…. Two can play that game….
Yep received this email and exact PDF. I immediately sent to spam and blocked this person but sadly it got into my brain. I don’t like being threatened.
I fully expect that it’s complete BS, and they don’t have anything on anyone. The basic math is simple. Send 1 million emails at $1/thousand, asking a $2,000 payment. Say 0.01% (1 in 10,000) get scared and send the payment: that’s 100 x $2,000 –> $200K revenues in for a $1K investment. Done.
I received two of these emails yesterday. This is a new twist. I ignored it of course, but thanks for giving it more context.
I’ve received two of these as well bring the second one this morning at 3am. I reported both to the FBI. Hopefully, the more that report this the better as they will get busted. I reported the bitcoin address as well to the FBI.
I got one a few days ago and I deleted after I opened it. Was reassuring to see it was happening to many people and everyone seems to be ignoring it without consequences however now I got a second one. I didn’t open it yet but can tell it’s from a diff name but same format. Send to junk right away? Will this stop? It’s freaky.
I just received this email today!! Glad I found this site to verify.
My mum received such an email (sextortion). She was amazed since she didn’t had a webcam :D.
day two and my feature film has yet to make me a star
I hear that takes 3-18 months unless you YouTube.
Maybe your sense of time is just askew.
Ugh, I got one of these too! It actually scared me for a moment, as the letter was very threatening and my name was capitalized. I don’t visit porn sites, but still, I think I Googled the history of pornography once lol. Glad to know this is a scam as it is good to think my personal information, name and address are kept as private as possible. I know you can buy identity lists and people use them for real estate solicitation, etc., but it is kind of scary to think contact information is readily available and that some people may pay the two thousand dollar “ransom”.
I received the email a couple of days ago, kind of scary to see your name, home and for me my personal phone number. Hard to believe how far these extortionists will go, glad to see there are others that were not fooled by the latest scam.
I received this email today. It addressed me using a first and last name that I ONLY use when I order from Temu. It also referenced my Google phone number that I use when placing online orders. I quickly reported my experience since I strongly believe my security breach was via the TEMU app.
I received this email today. It addressed me using a first and last name that I ONLY use when I order from Temu. It also referenced my Google phone number that I use when placing online orders. I quickly reported my experience since I strongly believe my security breach was via the TEMU app.
They weirdly sent me the same email but, from my email.. that’s new and something I haven’t read from many comments yet. Anyone else?
Unfortunately whatever is in the “from” field can be modified. (spoofed to be specific).
So I can change my field to anything like BigCheese@microsoft.com.
You have to send me money or else Microsoft will do X Y and Z with your computer.
Well, ok I deliberately made something up that doesn’t make much sense since Microsoft rarely contacts you legitimately.
Even if the person contacting you is named ‘BigCheese’ 🙂