I know where you live: Creepy scam emails with personal details
Phishing emails are bad enough. But have you ever opened your inbox to find a threatening message claiming that hackers have access to your webcam – complete with some personal information or even a photo of your home? These frightening emails are part of a growing trend of blackmail email phishing scams and extortion online.
But is the threat real – and what should you do about it?
By Alyssa Schmitt
This autumn, reports have been surging of email scams with a frightening twist: personalized threats. People are receiving blackmail emails that contain eerily correct personal information, like their name and address, their cellphone number, a password, or even a photo of their home.
These scams follow a common pattern: The emails usually claim that the sender has hacked into the recipient’s webcam and has recorded them visiting adult websites, often specifying that this was made possible by malware such as Pegasus spyware. They go on to demand a ransom, paid using cryptocurrency, or else they will send the compromising images to the recipient's colleagues, friends, and family.
The blackmail message will often look something like this:
Keep reading to learn how to recognize and handle these blackmail email scams.
Do the scammers actually have these videos? It is highly unlikely – and you can tell because they are short on specifics. Although the email may contain personal data harvested from public sources, like your home address, it is missing details like what adult website you are supposed to have visited and when, what sort of device or web browser you used, etc.
And although the scammers may attach an image of the exterior of your home – also from public sources – they do not include any “samples” of the supposedly compromising images of you.
Is Pegasus spyware real? Yes, but it is only distributed to law enforcement and intelligence organizations and is extremely expensive – which means it’s unlikely to be used by ordinary scammers. In most cases, the blackmail scam targets you using information that is available online, e.g. on social media sites – no spyware is necessary to obtain it.
Cybercriminals now use sophisticated databases that can automatically piece together information that is publicly available online. Some also use information from data breaches or social media profiles to make their emails more convincing.
So, that photo of your home is probably an image from a map app, a real-estate site, or even one you shared yourself on social media. Whereas it used to take a lot of time and effort to gather this sort of personal information online, AI tools have unfortunately supercharged the process.
Images: 1&1/Shutterstock
By Alyssa Schmitt
This autumn, reports have been surging of email scams with a frightening twist: personalized threats. People are receiving blackmail emails that contain eerily correct personal information, like their name and address, their cellphone number, a password, or even a photo of their home.
These scams follow a common pattern: The emails usually claim that the sender has hacked into the recipient’s webcam and has recorded them visiting adult websites, often specifying that this was made possible by malware such as Pegasus spyware. They go on to demand a ransom, paid using cryptocurrency, or else they will send the compromising images to the recipient's colleagues, friends, and family.
The blackmail message will often look something like this:
Hello [your name],
You don't know me, but I know you very well! I have infected your computer with Pegasus spyware and have been watching you through your webcam. I know how much you like visiting porn sites and to prove it I have a very embarrassing video of you. If you don't want your friends and family to see your disgusting behavior, scan the QR code below and send $2,000 in bitcoin to the wallet address within 48 hours. Otherwise, I will send the video to everyone on your email contact list. Just imagine what your boss will think!
If you think I'm bluffing, remember - I know where you live: [your address] Don't believe me? Look at this picture (nice house btw): [image of exterior of your home].
You don't know me, but I know you very well! I have infected your computer with Pegasus spyware and have been watching you through your webcam. I know how much you like visiting porn sites and to prove it I have a very embarrassing video of you. If you don't want your friends and family to see your disgusting behavior, scan the QR code below and send $2,000 in bitcoin to the wallet address within 48 hours. Otherwise, I will send the video to everyone on your email contact list. Just imagine what your boss will think!
If you think I'm bluffing, remember - I know where you live: [your address] Don't believe me? Look at this picture (nice house btw): [image of exterior of your home].
New twist on extortion emails
Blackmail scams are unfortunately nothing new, and emails threatening to share compromising videos of the recipient have been circulating for at least a decade. In fact, such scams are common enough to have been given the name “sextortion emails.” A more recent development? The ability of the scammers to use AI to quickly harvest all sorts of information from the internet and send out frighteningly tailored threats.Keep reading to learn how to recognize and handle these blackmail email scams.
What is a sextortion email and it is real?
A “sextortion email” is a form of blackmail in which scammers claim to have hacked into your webcam and taken compromising photos or videos – usually of you watching pornography. They threaten to share the images with all your contacts unless you pay, usually in cryptocurrency.Do the scammers actually have these videos? It is highly unlikely – and you can tell because they are short on specifics. Although the email may contain personal data harvested from public sources, like your home address, it is missing details like what adult website you are supposed to have visited and when, what sort of device or web browser you used, etc.
And although the scammers may attach an image of the exterior of your home – also from public sources – they do not include any “samples” of the supposedly compromising images of you.
What is the Pegasus spyware scam?
In recent months, there have also been increasing reports of scam emails in which hackers claim to have used the sophisticated Pegasus spyware to access devices and steal data.Is Pegasus spyware real? Yes, but it is only distributed to law enforcement and intelligence organizations and is extremely expensive – which means it’s unlikely to be used by ordinary scammers. In most cases, the blackmail scam targets you using information that is available online, e.g. on social media sites – no spyware is necessary to obtain it.
How do scammers have photos of your home?
One of the most frightening developments in scam emails is the inclusion of one of your online passwords, your home address, or even a street-view image of your house. Although this can be very scary, the odds are basically zero that the hacker has actually been standing on your street snapping photos.Cybercriminals now use sophisticated databases that can automatically piece together information that is publicly available online. Some also use information from data breaches or social media profiles to make their emails more convincing.
So, that photo of your home is probably an image from a map app, a real-estate site, or even one you shared yourself on social media. Whereas it used to take a lot of time and effort to gather this sort of personal information online, AI tools have unfortunately supercharged the process.
What should you do if you receive a blackmail email?
- KEEP CALM. Virtually all of these threats are fake and rely on fear to trick you into paying the ransom.
- Do not respond to the email. Interacting with the scammer only encourages them to keep trying to scam you.
- Do not pay anything. You will not only lose your money, but also motivate the scammer to keep targeting you and others.
- Do not click on any links in the email – they may be phishing links
- If the email mentions a password that you still use, change it immediately. You can also go to https://haveibeenpwned.com/ to check whether an account password has been compromised in a data breach.
- Report the scam. All forms of phishing and scam emails can be reported to your email provider. The FBI also has a site for reporting online extortion.
Remember to always protect yourself online by being aware of phishing, using unique and complex passwords, enabling multi-factor authentication, and keeping your devices and software up-to-date.
How to report a scam
To report an internet scam, including the Pegasus spyware email scam or a sextortion email scam, you can contact:- The FBI Internet Crime Complaint Center (IC3)
- Your email provider
- The US government also has a tool that can guide you in finding where to report a specific scam: Where to Report Scams
- As always, if you have lost money in a scam or have reason to believe you are in danger, please contact local law enforcement
Images: 1&1/Shutterstock
35 people found this article helpful.
Related articles