Don't be fooled: Sextortion scam uses your home photos, but has no real leverage
They are bluffing, the EFF says
by Skye Jacobs · TechSpotServing tech enthusiasts for over 25 years.
TechSpot means tech analysis and advice you can trust.
In a nutshell: Fraudsters are constantly refining their methods to trick potential victims into paying up. The latest scam circulating is a variation of sextortion, where scammers attach a picture of the target's home to their threats. But don't be fooled, the Electronic Frontier Foundation warns – scammers are simply taking advantage of Google Street View.
The scheme is a variation of sextortion, or sexual blackmail. However, in this case, there is no incriminating photo in the scammer's possession, despite their claims.
Still, the would-be victim could easily believe such a photo exists because the threatening email includes their full name and a picture of their home. The scammers likely use publicly available information or data from a breach to gather intel on their targets. "This is a type of online phishing that is targeting people around the world and preying on digital-age fears," the EFF said.
Like many email scams, the messages are sent in bulk, hoping that a small percentage of recipients will respond. They are typically riddled with poor grammar and spelling errors. In addition to including a photo of the victim's home – likely sourced from Google Street View or a real estate website – the emails are also personalized, as demonstrated in a sample published by the EFF.
[Name],
// Related Stories
• Thunderbird e-mail client will soon stop supporting older Windows and macOS releases
• FBI says Americans lost $5.6 billion to crypto scams only in the last year
I know that calling [Phone Number] or visiting [your address] would be a convenient way to contact you in case you don't act. Don't even try to escape from this. You've no idea what I'm capable of in [Your City].
They are also worded vaguely enough that anyone might believe the sender really does have embarrassing content about them.
You do not know me but I know you very well and right now, you are wondering how, right? Well, you've been treading on thin ice with your browsing habits, scrolling through those videos and clicking on links, stumbling upon some not-so-safe sites.
They explain how they obtained the information using the right amount of tech jargon to convince the average person that it really did happen.
I placed a Malware on a porn website & you visited it to watch (you get my drift). While you were watching those videos, your smartphone began working as a RDP (Remote Control) which provided me complete control over your device. I can peep at everything on your display, flick on your camera and mic, and you wouldn't even suspect a thing. Oh, and I have got access to all your emails, contacts, and social media accounts too.
True to form of an extortionist, they make clear what will happen if you don't do what they say.
Your video will get sent to all your contacts. The video was lit, and I can't even fathom the humiliation you'll endure when your colleagues, friends, and fam check it out. But hey, that's life, ain't it? Don't be playing the victim here.
Once they've played on your emotions, the promises follow.
Your secret remains private. I will destroy all the data and evidence once you come through with the payment.
And, of course, payment is in the form of a cryptocurrency.
You'll transfer the payment via Bitcoin only.
The amount is hefty enough to be believable but small enough to be affordable to many.
Required Amount: $1950
If you receive one of these emails, you might be tempted to panic – but don't, the EFF advises. Most importantly, do not pay the ransom, as the scammer is bluffing. "If you do pay, then the scammers may also use that as a pressure point to continue to blackmail you, knowing that you're susceptible," it says. The best approach is not to answer at all.
There are several precautions everyone should take to guard against this scam and other types of online threats. Using a password manager helps protect against weak or commonly used passwords. Additionally, enable two-factor authentication whenever possible for added security on online accounts. Since camera hijacking is also a risk, it's wise to cover your computer's camera. While camera covers are available online, a simple piece of electrical tape works just as well.
The EFF also highlights what it believes to be the root of the problem: data brokers and companies are allowed to collect and store vast amounts of personal information about consumers. "Inevitably this data gets breached and makes its way into criminal markets where it is sold and traded and used for scams like this one," the EFF noted.