Sextortion scams, where a malicious actor attempts to extort money by threatening to publish stolen intimate photographs or video, are one of the most insidious forms of online scams. But in a disturbing twist, a new report from Cofense Inc. today finds, those scammers are now using images from Google Street View as their latest tactic.

In recent weeks, the Cofense Phish Defense Center has observed an evolution of sextortion scams. The scams are prevalent across different sectors and industries and are difficult to stop given the general lack of malicious URLs or attachments within the email, randomized sending addresses and each scam being tailored to the target in question. These factors make it difficult for traditional security suites to detect and neutralize the threat.

Though usual sextortion scam emails will originate from random or spoofed email addresses, the latest trend is that the emails originate from Gmail accounts that appear randomly chosen. Previous scam emails are also simpler in that everything is contained within the email body and rarely comes with URLs or attachments, but the new emails only contain unique individual information: the name, address and contact information of the potential target.

Attached to these emails are PDF documents containing the language expected from sextortion emails with the notable addition of an image of the target’s supposed home or place of work obtained from Google Street View. The report notes that the images used are not always of the victim’s residence or place of work; instead, they might just be pictures of the street or the environment around it.

The attached document starts by addressing targets by their first and last name along with their street address and an image of the addresses. The threat actor then threatens to visit the victims if they don’t respond to the email.

The assailants assert that they compromised the target’s system using “Pegasus” spyware and then use additional technical verbiage to prey on the target’s potential lack of knowledge. Those behind the messages then claim that they’ve been watching the target for an extended period, amassing a large amount of information. In addition, the threat actors will also use casual language and slang, expressing confidence while suggesting they have recorded the target, even complimenting their surroundings.

The threat actors present two options to the target. The first is to ignore the email, which would result in the sender releasing the supposed image or videos to the target’s contacts. The second choice given is the threat actor claims that they will delete any stolen images and video and disappear if the target pays them a certain amount in bitcoin, for which they provide a bitcoin wallet address and QR code for payment.

“The way this has evolved from previously observed scams of this type comes in the form of consistently using random Gmail addresses and the inclusion of the target’s residency or place of work as well as potential photos of it,” the report notes. “It seems that threat actors are beginning to shift their focus towards the more direct and more easily intimidating approach of threatening the target in a much more personal way.”

Image: SiliconANGLE/Ideogram