A new email-based sextortion scheme is making the rounds recently, claiming to have evidence of its targets “venturing into the darker corners of cyberspace” and threatening to release videos of you jerking off.
The emails 404 Media has viewed—from readers and friends who’ve been targeted—contain the person’s full name, address, and phone number in the body of the email, an attached PDF that contains a photo of the person’s street (likely screenshotted from Google Maps), and a lengthy letter claiming that they’ve been watched through their webcam.
“I suggest you read this message carefully. Take a moment to chill, breathe, and analyze it thoroughly,” the message says. “We're talking about something serious here, and I don't play games. You don't know anything about me but I know ALOT about you and right now, you are wondering how, right?”
It continues:
“Well, You've been treading on thin ice with your browsing habits, scrolling through those filthy videos and venturing into the darker corners of cyberspace. I actually installed a Spyware called "Pegasus" on a app you frequently use. Pegasus is a spyware that is designed to be covertly and remotely installed on mobile phones running iOS and Android. And when you got busy watching our videos, your system started functioning as a RDP (Remote Control) which provided me total control over your device. I can peep at everything on your screen, switch on your camera and mic, and you wouldn't even suspect a thing. Oh, and I've got access to all your emails, contacts, and social media accounts too.”
At the end, it demands a Bitcoin ransom: “Your filthy secret will remain private. I will destroy all the data and evidence once you send payment.”
As cybersecurity expert Brian Krebs who reported about this scam today pointed out, you can report these types of schemes to the FBI.
Pegasus is a powerful spyware product owned by Israeli cyber-arms company NSO Group, which has been used by governments to spy on journalists and political dissidents. Pegasus can be installed on a target’s phone to access text messages, contacts, location, and passwords, as well as access the phone’s microphone and camera. It does all this without being detected, and is installed remotely without the target needing to click on anything. Motherboard reported in 2022 that a section of the New York Police Department received a demo of Pegasus.
But that’s not what’s going on here. This is a clear example of sextortion—extorting someone with blackmail related to intimate images—and is very fake. If you’ve received this email, you can, in fact, “chill, breathe, and analyze” without sending anyone a Bitcoin ransom. Some people are getting the email with incorrect information, like old addresses or wrong numbers,
Lots of people are reporting that they got this email, including on Reddit, where people are documenting their reactions. “Also got this today, was scared shitless lowkey,” one person said. “They had my school mailing address and a picture of some random trees so hopefully they can’t find me! I’m just going to block and ignore.”
Mailing addresses, names, and cell phone numbers are exposed en masse all the time in data breaches and data broker hacks, which is likely where these extortionists got individual people’s addresses and emails. But this one's a sophisticated operation, with the picture of your street adding to the spookiness.
