An old but persistent email scam known as “sextortion” has a new personalized touch: The missives, which claim that malware has captured webcam footage of recipients pleasuring themselves, now include a photo of the target’s home in a bid to make threats about publishing the videos more frightening and convincing.
This week, several readers reported receiving sextortion emails that addressed them by name and included images of their street or front yard that were apparently lifted from an online mapping application such as Google Maps.
The message purports to have been sent from a hacker who’s compromised your computer and used your webcam to record a video of you while you were watching porn. The missive threatens to release the video to all of your contacts unless you pay a Bitcoin ransom. In this case, the demand is just shy of $2,000, payable by scanning a QR code embedded in the email.
Following a salutation that includes the recipient’s full name, the start of the message reads, “Is visiting [recipient’s street address] a more convenient way to contact if you don’t take action. Nice location btw.” Below that is the photo of the recipient’s street address.
A semi-redacted screenshot of a newish sextortion scam that includes a photo of the target’s front yard.
The message tells people they have 24 hours to pay up, or else their embarrassing videos will be released to all of their contacts, friends and family members.
“Don’t even think about replying to this, it’s pointless,” the message concludes. “I don’t make mistakes, [recipient’s name]. If I notice that you’ve shared or discussed this email with someone else, your shitty video will instantly start getting sent to your contacts.”
The remaining sections of the two-page sextortion message (which arrives as a PDF attachment) are fairly formulaic and include thematic elements seen in most previous sextortion waves. Those include claims that the extortionist has installed malware on your computer (in this case the scammer claims the spyware is called “Pegasus,” and that they are watching everything you do on your machine).
Previous innovations in sextortion customization involved sending emails that included at least one password they had previously used at an account online that was tied to their email address.
Sextortion — even semi-automated scams like this one with no actual physical leverage to backstop the extortion demand — is a serious crime that can lead to devastating consequences for victims. Sextortion occurs when someone threatens to distribute your private and sensitive material if you don’t provide them with images of a sexual nature, sexual favors, or money.
According to the FBI, here are some things you can do to avoid becoming a victim:
-Never send compromising images of yourself to anyone, no matter who they are — or who they say they are.
-Don’t open attachments from people you don’t know, and be wary of opening attachments even from those you do know.
-Turn off [and/or cover] any web cameras when you are not using them.
The FBI says in many sextortion cases, the perpetrator is an adult pretending to be a teenager, and you are just one of the many victims being targeted by the same person. If you believe you’re a victim of sextortion, or know someone else who is, the FBI wants to hear from you: Contact your local FBI office (or toll-free at 1-800-CALL-FBI).
My husband got the same email. He’s worried the whole secure album of his wife was going to go to all his contacts. 2 mins of googling this situation I found this page. They sent the email to his stepmom who he never talks too. She then forwarded the email to him. That in itself was embarrassing enough. He screenshot the letter to me and it wasn’t even our house. It was our driveway and the neighbor’s house. Idiots. Zillow had a better pic. I definitely am not getting FBI involved … (eyeroll) Just glad to know it’s a scam. If they sent 500 people, the email and got 10 gullible people to send 2k that’s a lot of money in destitute countries. JERKS!
You should report it to the FBI online via IC3. https://www.ic3.gov/ This way they can track the email address and bitcoin wallet addresses. Not everyone’s email may have originated from the same place or direct funds to the same wallet. This will help catch the crooks faster.
By not involving the authorities, you allow them to continue terrorizing other victims, including high-profile cases like Amanda Todd, who was just a teenager and ultimately ended her life because she felt isolated and unable to communicate what was happening to her. It’s crucial to always involve the police so they can gather accurate statistics, respond swiftly, and potentially catch the perpetrators. At the very least, file an iC3 report with the FBI and submit the tip.
I literally just got that email and i was like wth! Lmao immediate googled and found this!! Lol they even said “nice setup” lmao i was like ayyy i appreciate that.. i was a lil scared not gon lie but they used the name of the previous owners
Oh please. Just ignore the morons. Block their email and be done with it. It’s just typical loser crap.
Well, yes and no. I got one of these and within five minutes filed an IC3 complaint. This was an idiot, or group of idiots. The difference here is the language was overtly threatening. I’m not going to ignore that. The dolt, or dolts who did this need a travel pack through the criminal justice system.
“… be wary of opening attachments even from those you do know.”
OK, how? How does one “be wary” of opening an attachment? I find advice like this to be pretty unhelpful.
Much more helpful advice would be: “Don’t run Windows; use Linux instead” which actually would reduce your exposure to the vast majority of end-user-targeted malware.
Which is even less helpful, IMHO, to 99% of computer users out IRL Probably a good portion of KOS readers already use Linux, and Apple users use it by default (Darwin is a ‘nix flavor) but many don’t realize it because they don’t get past the GUI. The average person, though, that buys a laptop or gaming tower on Amazon probably isn’t going to receive it and install Linux over Windows 11. So the advice from the feds to the masses is probably good.
I think the wording of the advice leaves something to be desired, but it’s still solid. Perhaps something more akin to:
“Verify attachments before opening them. If you are not expecting an attachment from a known sender, reach out via a secondary communication method and verify you should open the attachment. If it comes from an unknown sender, either ignore or open the file in a sandbox environment.”
That’s simply not as catchy.
This scam only makes much sense in a society that stigmatizes sexuality and doesn’t respect consent.
If these webcam videos really existed, the one to fear social repercussions from them being shared ought to be the cybercriminal who took nonconsensual webcam photos in the first place, not the victim shown in them!
(Excepting edge cases where the victim had actually been cheating on a spouse etc., but mostly the scam just seems to assume that everyone’s ashamed of sexuality itself.)
The bipartisan rise of erotophobic neo-Puritanism in America is exhausting. *cough*Etsy, e6, bad legislation…*cough*
Let’s as a society leave shame over harmless things behind – many good reasons to, but this scam shows we can add “improving America’s cybersecurity posture” to the list!
I got this email. I thought it was the funniest thing ever. As others mentioned, they didn’t have the right house, but used my neighbors house instead. My name wasn’t capitalized in the email, suggesting they got my records from a compromised site and scripted it into the body of the email.
I challenged them to come visit me, as their threat entailed. I’m still waiting.
Idiots.
That’s the exact email I got. Do you think the pdf gave my phone a virus from opening it?
Idk what bro is thinking bc if this is real someone’s going to jail bc I’m 16 lmao
I got the same email a few days ago then 1 yesterday sep 7 . I contacted Digital forensics Corp they charge me $1500 to start a case, I canceled it this morning the 7th for 25% of the down i think. Not sure what to do other than hope they get busted before they start sending out photos of me to my contacts, if they have photos. I have yet to hear of them sending any proof. I have not engaged with them, deleted the emails. Now what ? I’m curious about what others are doing differently now.
Hi Scott, they don’t actually have any pictures. This is an automated scam using public information and map photos. You can safely ignore the email. And if Digital Forensics Corp actually took money from you to investigate one of these bogus sextortion scams, they should be shamed and shunned.
Asher,
Thank you for the reply.
Digital forensics is trying everything to not refund my money even after I call and emailed them the next morning. A guy named Jimmy was very rude and hung up on me this morning when I asked for my money for the 4th time. I called the bank and filed a dispute with them.
Also so far I have yet to hear from the sextortionest thank God, I would like to move on with my life and hope these assholes are busted.
I cannot, for the life of me, understand how people would feel all that much more comfortable with providing a private ‘forensics’ outfit (or, for that matter, a public ‘auhority’) with the same sort of potentially embarrassing data that the majority of people would not want any other outfit, legitimate or not, to know about.
Even if the data is not actually real, the mere suggestion of such data, should *their* data get hacked, would be highly uncomfortable for even the straightest of citizens (this is obviously most relevant in places like the USA, Canada, Australia and UK, since they tend to have the longest track record in giving a flying fig about such cases; most other countries’ citizens are inconvenienced but have somewhat less to lose due to far less indexing and agglomoration of records).
totally agree!
I sent a complaint to the FBI online via at https://www.ic3.gov/. Not sure what will come out of it but if it will help in any way to catch these crooks, I’m willing to do my part.
How do they get your address?
data breach of some sort to have email-to-address mappings.
Just recently Change Healthcare(CHC) had a major security breach where personal information such as first and last name, address, date of birth, phone number, and email addresses were possibly compromised.
This from the letter I received from CHC:
“CHC was able to confirm that a substantial quantity of data had been exfiltrated from its environment between February 17, 2024, and February 20, 2024. On March 13, 2024, CHC obtained a dataset of exfiltrated files that was safe to investigate. On April 22, 2024, following analysis, CHC publicly confirmed the impacted data could cover a substantial proportion of people in America.”
The Change Healthcare security breach is probably the latest contributor to this scam.
“CHC was able to confirm that a substantial quantity of data had been exfiltrated from its environment between February 17, 2024, and February 20, 2024. On March 13, 2024, CHC obtained a dataset of exfiltrated files that was safe to investigate. On April 22, 2024, following analysis, CHC publicly confirmed the impacted data could cover a substantial proportion of people in America.”
“While CHC cannot confirm exactly what data has been affected for each impacted individual, information involved for affected individuals may have included contact information (such as first and last name, address, date of birth, phone number, and email)”
I do not even live in the US but Europe and have been getting these from time to time. My late mother, then already in here 80’s also got one once. We had a great laugh. Plus she would not know how to send bitcoin. And since I do not use my phone for whatever they were trying to scare me with it is very clear they have nothing on me.
And as some here suggested. I left windows behind in almost 20 years ago so that takes care of my computer as for my smart phone use it as little as possible.
I love the call I get from sexy sounding women. But they always hang up when I mention how nice he looks in his dilapidated hovel…. Two can play that game….
Yep received this email and exact PDF. I immediately sent to spam and blocked this person but sadly it got into my brain. I don’t like being threatened.
I fully expect that it’s complete BS, and they don’t have anything on anyone. The basic math is simple. Send 1 million emails at $1/thousand, asking a $2,000 payment. Say 0.01% (1 in 10,000) get scared and send the payment: that’s 100 x $2,000 –> $200K revenues in for a $1K investment. Done.
I received two of these emails yesterday. This is a new twist. I ignored it of course, but thanks for giving it more context.
I’ve received two of these as well bring the second one this morning at 3am. I reported both to the FBI. Hopefully, the more that report this the better as they will get busted. I reported the bitcoin address as well to the FBI.
I got one a few days ago and I deleted after I opened it. Was reassuring to see it was happening to many people and everyone seems to be ignoring it without consequences however now I got a second one. I didn’t open it yet but can tell it’s from a diff name but same format. Send to junk right away? Will this stop? It’s freaky.
I just received this email today!! Glad I found this site to verify.
My mum received such an email (sextortion). She was amazed since she didn’t had a webcam :D.
day two and my feature film has yet to make me a star
I hear that takes 3-18 months unless you YouTube.
Maybe your sense of time is just askew.
Ugh, I got one of these too! It actually scared me for a moment, as the letter was very threatening and my name was capitalized. I don’t visit porn sites, but still, I think I Googled the history of pornography once lol. Glad to know this is a scam as it is good to think my personal information, name and address are kept as private as possible. I know you can buy identity lists and people use them for real estate solicitation, etc., but it is kind of scary to think contact information is readily available and that some people may pay the two thousand dollar “ransom”.
I received the email a couple of days ago, kind of scary to see your name, home and for me my personal phone number. Hard to believe how far these extortionists will go, glad to see there are others that were not fooled by the latest scam.
I received this email today. It addressed me using a first and last name that I ONLY use when I order from Temu. It also referenced my Google phone number that I use when placing online orders. I quickly reported my experience since I strongly believe my security breach was via the TEMU app.
I received this email today. It addressed me using a first and last name that I ONLY use when I order from Temu. It also referenced my Google phone number that I use when placing online orders. I quickly reported my experience since I strongly believe my security breach was via the TEMU app.
They weirdly sent me the same email but, from my email.. that’s new and something I haven’t read from many comments yet. Anyone else?
Unfortunately whatever is in the “from” field can be modified. (spoofed to be specific).
So I can change my field to anything like BigCheese@microsoft.com.
You have to send me money or else Microsoft will do X Y and Z with your computer.
Well, ok I deliberately made something up that doesn’t make much sense since Microsoft rarely contacts you legitimately.
Even if the person contacting you is named ‘BigCheese’ 🙂
I’ve now received 3 of these in 2 weeks. It’s getting so bad I’m changing my email address and everything to see if this will stop. I’m reporting everyone and nothings changed. I know it’s a spam and scam email but my anxiety’s been so bad I can’t take it anymore.
This is intense and so scary to read because I feel like this is a threat to the overall population. Why are spyware software such as Pegasus even allowed to be used for any circumstance. An adult or some one with a little more knowledge of how these interactions work can navigate through clearing up this process with dignity and in a timely manner. On the other hand a younger person might feel like they are backed into a corner and might take drastic measures to keep this information, that has been taken for ransom, private at any means. So sad how people want to exploit other people and try to ruin their lives simply for a monetary gain and power.
This very detaiil, we have been watching the new wave of breach an it seems that the larger organization are now the target because the are also known to pay alot and some are carring two cyber insurance policies.
This just happened to me too! It had my number and address but the photo was of the wrong house! . I’m the only one who lives here and have known since the year 2002 when I got my first computer to NEVER click on suspicious links from unknown people, especially the ones that advertise porn sites- where you’ll get viruses that ruin your computer. Also, I have no webcams and there is tape on the computer’s built in camera. It’s a total scam but I will still report it if it will help others.
Hopefully, if any good is to come of this, any one who actually engages in looking at porn will be moved to immediately STOP. Porn is filth and destroys the soul and all relationships. It is a form of slavery and bondage for those who make it and those who look at it. I believe it was introduced in America as a diabolical weapon against humanity, just like drugs, to destroy sacred institutions of marriage and family- the building blocks of society. If this is a sin that has a stronghold on anyone-confess it before our LORD and REPENT. Go and sin no more!
I got it for a third time today – this time I didn’t open the email at all I just sent it straight to
Spam. The first 2 I opened and read and they were mostly similar words and scary ish. I am
Wondering what the third said but decided not to open the file. The other 2 I reported to fbi with the bitcoin numbers/ But three times….who
Else is getting so many?!
I just got one of these yesterday, i decided to check spam folder and there it was. It was just multiple paragraphs about saying oh i downloaded spyware on my phone, and if i didnt pay 1500 in bitcoin they will send it to my family
i started to freak out bc im 16 and is scared to death bc i still got a day left to (send it) does anyone know its real