A new wave of personalized sextortion scams—Using Google Street View images to startle targets

Branislav Kramar 24 Sep 2024

New-and-improved sextortion scam emails are being used to target people in the US and Canada, employing a more personalized and invasive approach than ever seen before.

Many have received that email before—the one were the scammer claims to have footage of you in “compromising situations” and you need to pay up to avoid being exposed. However, not everyone has received such an email with images of their actual home. Creepy, to say the least.  

These emails contain highly personalized information aimed at manipulating targets into believing that their privacy has been breached—good old social engineering. The attackers demand payment to avoid the release of “humiliating” videos, a tactic commonly referred to as sextortion 

How does this scam work? 

Targets receive an email with a PDF document attached. The document contains automatically generated text, including personal details such as the target’s name, phone number, or home address. This information is likely obtained from publicly available databases following large-scale data breaches.  

In a new twist, some PDFs include images of the target’s house, taken from Google Maps Street View, to make the threat more credible and put undue pressure on whom they’re aiming the attack. 

The attacker’s claims 

In the document, the attacker asserts that they have gained access to the device, using the notorious spyware Pegasus and employing a remote desktop protocol. However, Pegasus is typically used against high-profile targets by intelligence agencies. Its use in these scams is almost certainly fabricated, intended to frighten their targets into compliance.  

All these name-drops are to bolster the attacker’s claims, intended to convince their target that they have full control over their device. Often, they threaten to release compromising videos allegedly recorded while the target was watching NSFW content. This is purely a scare tactic, as there is no evidence to support these claims. 

The ransom demand 

The attacker demands a ransom payment in Bitcoin (BTC) with the wallet address and a QR code—conveniently included in the PDF document to facilitate payment.  

Our experts are currently tracking more than 15,000 unique BTC wallets associated with this campaign. However, this is likely just the tip of the iceberg, as there could be millions of wallets involved in this extensive operation.

So far, only two wallets we’re monitoring have recorded transactions: one with $1,532 and another with $2,142. Both transactions lead to a single attacker wallet and occurred on the same day, September 23, 2024. 

This primary attacker wallet consolidates 104 inputs, which suggests that many more payments have been made to different wallets, all ultimately converging here. The total value in this wallet is approximately $128,114 (2.02 BTC), which highlights the widespread nature of the scam.  

Given that less than $4,000 was tracked across the 15,000 monitored wallets and that this main wallet has accumulated over $128,000, this suggests that the true scale of the scam is much larger and that many other wallets and transactions are yet to be uncovered.  

How to protect yourself 

These emails are classic examples of phishing and extortion tactics. If you receive such a message: 

  • Don’t be intimidated or respond. The threats are empty, and engaging with the attacker may encourage further harassment. 
  • Don’t open suspicious attachments. This is especially important, as the PDFs may contain malicious links or content designed to further scare targets.  
  • Report the email as spam. Help others avoid falling victim to the same scam.  
  • Consult a cybersecurity expert. If you have any concerns about your device’s security or the authenticity of the threats, it’s better to be safe than sorry.   

Prevention is key 

Sextortion scams often rely on personal information gathered from data breaches. To minimize the risk of being targeted: 

  • Be cautious about where you share personal information. Avoid entering personal details on unsecured or untrustworthy websites. 
  • Enable two-factor authentication (2FA) wherever possible. Add an extra layer of security to your online accounts. 

Always question suspicious emails 

This new sextortion campaign represents a disturbing evolution in social engineering tactics, leveraging publicly available data to create highly convincing and personalized threats. Awareness and vigilance are critical in combating these scams.  

Remember, no matter how intimidating these messages may seem, they are based on lies and deception. Stay informed, stay safe and protect your digital life. 

Indicators of Compromise (IoC) 

  • PDF hash: 72a7f293512a7a68c4dbb95e9df043fd41dd259d7e2803b4eb7975926740f9ce 
  • BTC Wallets
    • 1ADrCbmGkcYokESBj6NypbvkRmexQcozin ($1,532) 
    • 19yKXUf63dQ32AYahntfzf7HiPxvfGEPJR ($2,142) 
    • Consolidated Wallet: bc1qx86jspx6l9frhuk3ctrq8gc7kmjlra2atatfd2 (Total: $128,114 / 2.02 BTC) 

 

--> -->