Week 39: Another fake sextortion scam: Now the scammers know where you live.

01.10.2024 - The NCSC reported on the use of data leaks in fake sextortion emails a few weeks ago. To make victims believe their computers had been hacked, scammers told them they knew their phone number. The scammers have now adapted their approach and are using home addresses to increase pressure on their victims. Our research shows that scammers also get this information from data leaks.

Fake sextortion emails have been around for a long time. They claim that the victim's computer has been infected with malware that has recorded intimate videos of them. The scammers threaten to release the videos if the ransom is not paid. But the scammers – who are actually bluffing and don’t have any video of the victim – use a variety of tricks to intimidate and persuade their targets. For example, the scammers make it look like their blackmail email was sent from the victim's own account, which must therefore have been hacked. Or they may provide a password that the victim is using or has used in the past. These methods are designed to persuade the victim to comply (see weekly review 39/3023). 

In the last few weeks, new versions of the scam have been observed. A few weeks ago, the NCSCS reported that scammers were using paerts of their victims' phone numbers in their fake sextortion messages to make their threats seem more credible (see weekly review 33/2024). The scammers try to make the victim believe that they know a lot about them and have access to sensitive personal information.

Criminals are now also using home addresses, also obtained from data leaks, which they have linked to the victim's email address. Such cases were first observed in the USA. Now the NCSC has also received reports from Switzerland. However, unlike previous versions of the scam, the criminals are going one step further and not only mentioning the victim's home address in their blackmail email, but also attaching images of the building or its surroundings that they have found on Google Maps. They do this to convince [SJB1] their victim that they have full control over their computer and know a lot about their personal life. This serves to reinforce the threat and makes the victim more likely to give in.

Fake sextortion email with the victim's phone number, address and Google Maps image of their home.
Fake sextortion email with the victim's phone number, address and Google Maps image of their home.

This rapid evolution of fake sextortion scams suggests that the scammers are systematically searching for usable information in data leaks to add weight to their threatening emails. They use all the information they can get about their victims, especially from known data leaks, to manipulate and intimidate them.
By searching the Have I Been Pwnded website, we were able to determine that all of the email addresses reported to us us were part of the Eye4Fraud data leak. This data leak also contained people's addresses.

The Eye4Fraud data leak included both email and home addresses. All fake sextortion cases reported to us that included a home address were part of this leak.
The Eye4Fraud data leak included both email and home addresses. All fake sextortion cases reported to us that included a home address were part of this leak.

Recommendations

To help protect your personal information and prevent scams, the NCSC recommends that you do the following:

  • Ignore this type of email and do not respond to any ransom demands;
  • Be careful with your data. Only share your information when necessary and make sure it is protected;
  • Don't be pressured by emails telling you to act fast. If you are unsure whether a message is legitimate or not, you can contact the NCSC and ask us.

Last modification 01.10.2024

Top of page

https://www.ncsc.admin.ch/content/ncsc/en/home/aktuell/im-fokus/2024/wochenrueckblick_39.html