Image Source: KrebsOnSecurity |
The NJCCIC received incident reports indicating that a new version of the well-known sextortion email scam is currently circulating. This version now includes a photo of the recipient’s home, likely found via online mapping applications. The targeted individual’s home address could have been easily obtained in public data records or through compromised personal information resulting from data breaches. This fraudulent scheme claims that the Pegasus spyware was installed on the target’s device and secretly recorded webcam footage of recipients engaging in intimate activities. The targeted individual is then threatened with the release of compromising or sexually explicit photos or videos to contacts and their social media platforms if a Bitcoin payment ranging from $500 to $2,500 is not made. The email states that the targeted individual has 24 hours to pay by scanning the included QR code. The cybercriminal also claims to have embedded a specific pixel to identify when the email was read, starting the 24-hour countdown. |
Recommendations |
The NJCCIC recommends users educate themselves and others on this and similar scams to prevent future victimization. There is no indication that these threats are credible; therefore, users are advised to refrain from sending funds and disregard these emails. Avoid clicking links, responding to, or otherwise acting on unsolicited text messages or emails. Users can search for and report the bitcoin addresses included in the scam email to the Bitcoin Abuse Database. This scam can be reported to the Federal Trade Commission (FTC), the FBI’s IC3 and the NJCCIC. |