Security researchers have discovered a new tactic being used by scammers in their extortion attacks, which are commonly referred to as “sextortion.” These scammers are now incorporating images from Google’s Street View to further intimidate their victims.
The typical modus operandi of these scammers involves accusing the victim of visiting pornographic websites and then demanding a fee, usually in the form of Bitcoin or other cryptocurrencies, to erase any supposed evidence of this activity. However, in a disturbing turn of events, attackers are now taking it a step further by using Street View images in their emails to make the threats seem more credible.
According to experts at Cofense, scammers are adding Street View images to their emails demanding payment, suggesting that they have knowledge of the victim’s address and have even gone as far as visiting it as part of their surveillance efforts. This additional layer of intimidation is meant to make the victim feel even more vulnerable and pressured to comply with the demands.
In a recent sample of a sextortion email obtained by Cofense, attackers not only claimed to have access to the sophisticated Pegasus spyware application, but also boasted about installing it on the victim’s device. They then used a remote access protocol to take control of the device, monitor the victim’s activities, and gain access to their emails and contacts.
The scam emails are meticulously crafted to target each victim specifically. The threat actors create a PDF outlining the extortion demands and include details such as the victim’s address and phone number to grab their attention. To escalate the threats, attackers are now including images – purportedly of the victim’s address – in the PDF, along with text insinuating that they have been to the area.
However, Cofense researchers suspect that these images are not authentic and are likely being automatically generated. Some of the pictures show generic street or neighborhood views rather than specific properties. It is believed that the threat actors are using mapping services like Google Street View to obtain these images and then use them to frighten the victim into compliance.
The evolution of these scams from using spoofed email addresses to a more personalized and direct approach is alarming. Victims are given a stark choice: either ignore the threat and risk having the supposed evidence shared with their contacts, or pay the demanded fee. The level of intimidation and manipulation involved in these attacks is causing concern among security experts.
To make matters worse, the scammers are using random Gmail addresses and avoiding URLs or malicious attachments to evade detection by traditional security tools. This makes it even more challenging for organizations and individuals to protect themselves against these increasingly sophisticated extortion schemes.
As the threat landscape continues to evolve, it is crucial for individuals to remain vigilant and cautious when receiving unsolicited emails, especially those making demands or threats. Staying informed about the latest tactics used by scammers and taking proactive measures to safeguard personal information is essential in mitigating the risk of falling victim to these malicious schemes.
Croatian 
English 
Albanian 
Serbian 