Sextortion Scams Now Include Photos of Your Home – Krebs on Security

An old but persistent email scam known as the “sextortion“has a new personalized touch: The missives, which claim that malware has captured webcam footage of recipients pleasuring themselves, now include a photo of the target’s home in an effort to make the threats about posting the videos more frightening and convincing.

This week, several readers reported receiving sextortion emails that addressed them by name and included images of their street or front yard that were apparently taken from an online mapping application such as Google Maps.

The message claims to have been sent by a hacker who compromised your computer and used your webcam to record a video of you watching porn. The missive threatens to release the video to all your contacts unless you pay a ransom in Bitcoin. In this case, the demand is just under $2,000, payable by scanning a QR code embedded in the email.

After a greeting that includes the recipient’s full name, the beginning of the message reads: “Is it more convenient to go to (recipient’s mailing address) to make contact if you don’t take action? Nice place, by the way.” Below that is a photo of the recipient’s mailing address.

A semi-redacted screenshot from a new sextortion scam that includes a photo of the target’s front yard.

The message tells people they have 24 hours to pay, or their embarrassing videos will be broadcast to all their contacts, friends and family.

“Don’t even think about replying to this message, it’s useless,” the message concludes. “I don’t make mistakes, (recipient’s name). If I notice that you’ve shared or discussed this email with anyone else, your shitty video will instantly start being sent to your contacts.”

The remaining sections of the two-page sextortion message (which arrives as a PDF attachment) are fairly conventional, and include thematic elements already present in most previous waves of sextortion. These include allegations that the extortionist has installed malware on your computer (in this case, the scammer claims the spyware is called “Pegasus” and that it monitors everything you do on your machine).

Previous innovations in sextortion personalization involved sending people emails containing at least one password they had previously used on an online account linked to their email address.

Sextortion, even semi-automated scams like this one, with no physical means to counter the extortion demand, is a serious crime that can have devastating consequences for victims. Sextortion occurs when someone threatens to distribute your private and sensitive documents if you do not provide them with sexual images, sexual favors, or money.

According to the FBI, here are some steps you can take to avoid becoming a victim:

-Never send compromising images of yourself to anyone, no matter who that person is — or who they say they are.
-Do not open attachments from people you do not know and be wary even when opening attachments from people you know.
-Turn off (and/or cover) all webcams when not in use.

According to the FBI, in many cases of sextortion, the perpetrator is an adult posing as a teenager, and you are just one of many victims targeted by the same person. If you think you are a victim of sextortion, or know someone who is, the FBI wants to hear from you: contact your local FBI field office (or call toll-free 1-800-CALL-FBI).