Threatening emails with a picture of your home. Several news sources have recently been reporting that scammers are sending threatening emails that include personal information and a picture of the recipient’s home. The Bellevue Police Department issued an alert earlier in September stating that the emails often contain home addresses, full names and a picture. Other sources have noted that the emails contain a picture of a house.
The emails claim
to be from a hacker who hacked into the recipient’s computer and collected the recipient
visiting adult websites. Sometimes the emails claim that the recipient is being
watched and tracked by Pegasus spyware, an app produced be an Israeli company that
sells the app to governments, law enforcement, and militaries around the world.
The scammer tries to give the impression that they have a lot of information
about the recipient and if they do not pay a ransom, often with Cryptocurrency,
they will release the information to the recipient’s friends and family.
The
information about the recipient contained in the email is easily accessed in
the open on the internet. A picture of the recipient’s house can be freely obtained
on Google Maps’ Street View mode.
The emails
represent a new “feature” by sextortion scammers to jolt you into paying them to
“suppress” incriminating information.
Of course, if
you receive a sextortion email like this, don’t click on any links or
attachments. Report it to the FBI’s www.IC3.gov
website. Also, to avoid sextortion emails, never send compromising images of
yourself to anyone and turn off (and/or cover) any web cameras when you are not
using them
MyNorthwest KIRO Newsradio:
https://mynorthwest.com/3986583/bellevue-under-attack-from-ongoing-bitcoin-scam/
Verify:
Krebs on Security:
https://krebsonsecurity.com/2024/09/sextortion-scams-now-include-photos-of-your-home/
Authorities prosecute cyber criminals. We usually hear about scams and how it
can be impossible to prosecute the criminals behind the fraud much less return any
funds stolen from the victim. Here are two recent examples of authorities
investigating and prosecuting international cyber criminals.
Two Nigerian brothers were convicted of targeting a 17-year-old
male in a sextortion scheme that resulted in the teenager’s suicide in April
2024. Samuel Ogoshi, 24, and Samson Ogoshi, 21, from Lagos, were sentenced to
17 years and six months in prison in the U.S. for luring Jordan DeMay of
Marquette, Michigan, by pretending to be a pretty girl, flirting with DeMay to
convince him to send explicit pictures of himself then blackmailing him. John
DeMay committed suicide less than six hours after the brothers started talking
to him on Instagram. 38 other US victims identified as targeted by the men with
13 of them being minors.
The second case occurred in the United Kingdom. On August 30, 2024,
the National Crime Agency (NCA) announced that three men pleaded guilty to
operating an online service that helped attackers intercept one-time passcodes
(OTPs) used to authenticate entry into many online accounts. Callum Picari, 22,
from Hornchurch, Essex; Vijayasidhurshan Vijayanathan, 21, from Aylesbury,
Buckinghamshire; and Aza Siddeeque, 19, from Milton Keynes, Buckinghamshire hosted
a website called OTP Agency that intercepted OTPs used in Multi-Factor
Authentication schemes in a cybercrime as a service enterprise. Scammers would
steal or purchase on the dark web someone’s bank account credentials, phone
number, and name. The service would initiate an automated phone call to the
target to alert them to supposed unauthorized activity on their account. The phone
call would prompt the target to enter the OTP that they received via SMS text
that the scammers initiated when they tried to log into the account. Any codes
that were transmitted via the phone call were shared with the scammers to complete
the log in process.
For more detail about both cases check out the links below.
BBC:
https://www.bbc.com/news/articles/cr7rxpdyz9yo
Krebs on Security:
https://krebsonsecurity.com/2024/09/owners-of-1-time-passcode-theft-service-plead-guilty/
