Sextortion Scams Now Include Photos of Your Home
“I actually installed spyware called "Pegasus" on an app you frequently use. Pegasus is a spyware that is designed to be covertly and remotely installed on mobile phones running iOS and Android. When you were watching those videos, your system began operating as an RDP (Remote Control), which gave me total accessibility to your system.”
An old but persistent email scam known as “sextortion” has a new personalized touch: The missives, which claim that malware has captured webcam footage of recipients pleasuring themselves, now include a photo of the target’s home in a bid to make threats about publishing the videos more frightening and convincing.
This week, several readers reported receiving sextortion emails that addressed them by name and included images of their street or front yard that were apparently lifted from an online mapping application such as Google Maps.
The message purports to have been sent from a hacker who’s compromised your computer and used your webcam to record a video of you while you were watching porn. The missive threatens to release the video to all of your contacts unless you pay a Bitcoin ransom. In this case, the demand is just shy of $2,000, payable by scanning a QR code embedded in the email.
Following a salutation that includes the recipient’s full name, the start of the message reads, “Is visiting [recipient’s street address] a more convenient way to contact if you don’t take action. Nice location btw.” Below that is the photo of the recipient’s street address.
Krebson Security Demand Letter Excerpt:
I suggest you read this message carefully. Take a moment to chill, breathe, and analyze it thoroughly. 'Cause we're about to discuss a deal between you and me, and I ain't playing games. You do not know anything about me; however, I know A LOT about you, and right now, you are thinking how, correct?
Well, you've been a bit careless lately, scrolling through those filthy videos and venturing into the darker corners of cyberspace. I actually installed spyware called "Pegasus" on an app you frequently use. Pegasus is a spyware that is designed to be covertly and remotely installed on mobile phones running iOS and Android. When you were watching those videos, your system began operating as an RDP (Remote Control), which gave me total accessibility to your system. I can look at everything on your display, switch on your cam and mic, and you wouldn't even notice. Oh, and I've got access to all your emails, contacts, and social media accounts too.
What do I want? I've been keeping tabs on your pathetic existence for a while now. It is simply your hard luck that I found your bad deeds. I invested more time than I should have exploring your data. I extracted quite a bit of juicy info from your system, and I've seen it all. Yeah, yeah, I've got footage of you doing embarrassing things in your room (nice setup, by the way). I then developed videos and screenshots where, on one side of the screen, there's whatever garbage you were watching, and on the other part, it is you doing naughty things. With just a click, I can send this filth to every single one of your contacts.
What should you do? I feel your worry and confusion. In good faith, I am ready to wipe the slate clean and let you move on with...
