Sextortion Scams Get Personal: Attackers Now Including Photos of Victims' Homes

Written By Jeff Stutzman

Sextortion scams have taken a disturbing new turn, with attackers now including photos of victims' homes in their threatening emails. This latest tactic aims to make the scam appear more credible and increase the fear factor for potential victims.

It is indeed a scam. Do not engage, and read on.

How the New Scam Works

The basic premise of sextortion scams remains the same - attackers claim to have compromising videos or photos of the victim and threaten to release them unless a ransom is paid. However, these new attacks add an extra layer of personalization:

  1. Emails address the victim by name

  2. The message includes the victim's home address

  3. A photo of the victim's house or street likely pulled from Google Street View or similar services, is embedded in the email

The scammer claims this proves they know where the victim lives, making their threats seem more real and immediate.

Why This Tactic is Effective

By including personal details and photos, scammers are banking on:

  • Increased credibility of their claims

  • A heightened sense of vulnerability for the victim

  • Greater urgency to comply with demands

  • This new tactic allows for low-effort, scaleable fake extortion campaigns that can be scripted and automated en masse.

  • Combined with ChatGPT or other LLM models, attackers can further bridge language, diction, style, and grammar barriers they otherwise haven't been able to. 

Seeing a photo of your own home in a threatening email can be deeply unsettling, even if you know the claims are false.

Important Things to Remember

If you receive one of these emails, keep the following in mind:

  1. It's still a scam: Despite the personal touches, these are still mass-produced scam emails. The attackers don't actually have compromising videos or photos of you.

  2. They found your info online: Your name, address, and photos of your home are likely publicly available through various online sources. This doesn't mean you've been hacked.

  3. Don't engage: Do not respond to the email or pay any ransom. This only encourages scammers and may lead to further demands.

  4. Report it: Forward the email to your local law enforcement agency and the FBI's Internet Crime Complaint Center (IC3).

    There is a marked difference between real extortion and mimic'd extortion. In the case of real extortion, the extortionist has true leverage over the victim (actual photos, videos, secrets, or other compromising data, or presents a real and true physical danger). Fake extortion (aka scammed extortion) is only portending to have leverage over victim. 

    A victim may feel the same amount of fear and sense of urgency to act even in the context of fake extortion. Before acting, it is important to pause, get expert insight and analysis, and then choose how to proceed.  

    Rule of thumb for most extortion cases:  Real, professional extortionists are ready, able, and willing to present evidence of their leverage (a sample photo or video, etc). (akin to "proof of life" in the case of a kidnapping). Fake extortionists, however, cannot or will refuse to present such evidence. This latest tactic, attaching a Google Maps Street View image of your home, is particularly effective because it leads the victim's imagination into believing the attacker might present physical danger to the victim or family.

Protecting Yourself

While you can't prevent scammers from accessing publicly available information, you can take steps to protect yourself:

  • Review your online privacy settings on social media and other accounts

  • Be cautious about what personal information you share online

  • Use strong, unique passwords and enable two-factor authentication where possible

  • Keep your computer's security software up to date

  • Do not interact with fake extortion actors or attempt to retaliate or threaten them

  • If the threat actor sends any links, files or documents, do not click on them or open them, as they may contain malware, or alert the scammer that you have seen their extortion letter, which may advance the situation negatively.

These personalized sextortion scams are certainly alarming, but it's important to recognize them for what they are - an evolution of an old scam designed to prey on fear and embarrassment. Stay informed, stay calm, and don't let scammers manipulate you into paying for nonexistent threats.

 

For more information or immediate assistance:
Call Trusted Internet at 800-853-6431
We're here to help!

Jeff Stutzman
Previous

Raptor Train: Chinese State-Sponsored Botnet Threat.

Next

Trusted Internet Welcomes Scott Scheferman to Virtual CISO Team