Scammers are using images from Google’s Street view to intimidate internet users, according to security researchers.
The extortion attacks – also described as “sextortion” – typically accuse the victim of visiting pornographic websites. The attacker then asks for a fee, typically in Bitcoin or other cryptocurrencies, to “wipe” the evidence.
According to researchers at Cofense, attackers are now using images from Street View to further intimidate victims.
The scammers add Street View images to email demanding payment, implying that they know the victim’s address and have visited it, as part of their reconnaissance.
In a sample sextortion email obtained by Cofense, attackers also claimed to have access to the Pegasus spyware application and have installed it on the victim’s device. They then used a remote access protocol to control the device, record the victim’s actions and obtain copies of their emails and contacts.
The scam emails are targeted to each victim. Typically, the threat actor creates a PDF making the extortion demands and includes the victim’s address and phone number in the body of the scam email “to grab the target’s initial attention.”
Now, attackers are also adding images – claiming to be of the target’s address – in the PDF, along with text implying they have visited the area.
However, Cofense researchers believe that attackers are automatically generating images of the victim’s address, with some images showing pictures of the street or neighborhood, rather than a specific property.
“The threat actor has likely made use of mapping services such as Google Street View to obtain an image of the target’s residency or place of work and threatens to visit them if they don’t respond to the email,” the researchers said.
Cofense believes that scammers have moved on, from using spoofed email addresses to a “more direct and more easily intimidating approach,” based on a more personalized approach. As with other sextortion attacks, the victim is given the choice of ignoring the threat and risk having the “evidence” sent to their contacts, or paying the fee.
The researchers warn that attackers are using random Gmail addresses, as well as avoiding URLs or malicious attachments, to make it harder for conventional security tools to detect and block the attacks.
Image credit: Randy Miramontez / Shutterstock.com