Experts warn about this email scam that knows too much!
- Replies 6
In an age where our inboxes are flooded with everything from newsletters to special offers, it's becoming increasingly difficult to discern between what's legitimate and what's a scam.
However, there's a new scheme that's particularly alarming, and it's targeting unsuspecting individuals with a level of personalisation that's downright terrifying.
Imagine opening an email to find a picture of your own home, complete with your address, followed by a chilling message: ‘Don’t even try to hide from this. You have no idea what I’m capable of…I’ve got footage of you doing embarrassing things in your house (nice setup, by the way).’
It's enough to make anyone's blood run cold, and it's the latest tactic scammers are using to extort money from people.
This isn't your run-of-the-mill scam; it's a sophisticated extortion scheme that uses specific personal information to deceive people into sending money.
The email leads individuals to believe that the hacker has extensive knowledge about them and that they need to pay a fee or send Bitcoin to protect their information.
Victims like Jamie Beckland, a Chief Product Officer at tech company APIContext, reported,
‘I received a PDF over email that included my address and photo of the address, made outrageous claims about my private behaviour, and claimed to have video documentation captured from spyware on my computer.’
‘The scammer threatened to release the video if I didn’t pay them via Bitcoin.’
So, how do these scammers get such detailed information?
Cyber expert and Industry Research and Community Engagement Lead at the software company Valimail Al Iverson explained that the sender likely obtained your address from a prior data breach that leaked personal data. They then pair this with a Google Maps photo to craft a convincing email.
Beckland verified that this was a scam by comparing the image in the PDF to the Google Maps street view of his home.
Since most images in these scams are sourced from the internet, he advises people to check if the image was taken online.
If it was, it’s a clear indication that the claim is not genuine.
Iverson suggested verifying the authenticity of the email address whenever you receive messages from unfamiliar senders.
‘Check whether the sender’s email domain matches the official organisation’s website,’ he advised.
‘Also, if using Gmail, look for “show original message” and review SPF, DKIM, and DMARC results.’
These methods primarily confirm the legitimacy of the emailer's domain to protect against spam, phishing attacks, and other email security threats.
To check this, click the three-dot menu in the top right corner of your email and select ‘Show Original’.
‘All three should ideally pass authentication checks,’ he added. In other words, it would display ‘PASS’ next to each of the three options.
Scammers have become quite adept at disguising domains, so be cautious of ‘lookalike’ domains that feature minor spelling differences. Iverson suggested that if something appears too good (or too bad) to be true, it likely is.
Additionally, watch for messages that appear to come ‘from’ your own email address. Often, scammers are simply spoofing your email address in the ‘from’ header.
‘These scammers don’t have the time or ability to actually hack into your email accounts. They haven’t found some secret treasure trove of compromising photos. They’re just trying to scare unsuspecting people into coughing up money (or Bitcoin),’ Iverson added.
If an email appears to be genuine, you might inadvertently click on the links for further details.
Zarik Megerdichian, Founder of Loop8, a company focused on safeguarding personal data and privacy from breaches and hackers, warned strongly against doing so.
‘Exercise caution any time you’re asked to click on a link in an email,’ he recommended.
‘Bitcoin transactions are irreversible, as are many other common payment methods including Cash App and Zelle.’
Additionally, scams that request payment should be reported to the Federal Trade Commission either online or by phone.
Megerdichian also advised that if a hacker has accessed your financial information, you should closely monitor your bank accounts, contest any fraudulent charges with your bank, cancel your cards, and take steps to block future transactions.
It’s strongly recommended to change all your passwords if you encounter a sophisticated scam.
Yashin Manraj, CEO of Pvotal Technologies, a company that develops secure technology infrastructures for businesses, emphasised the importance of swiftly securing your data if you suspect it has been compromised.
‘Use a new email address if possible and move critical financial or utilities to it, and then start reporting the case to the local police [and] the FBI and making sure your family is aware of the potential threat of a public shaming in the unlikely event that they did manage to steal some compromising data,’ Manraj advised.
It may be tempting to reply to an email, particularly those that appear very convincing, in an attempt to negotiate with the scammer.
However, Manraj warned against engaging with these emails, as responding can put you on call logs and target lists, increasing your risk of future attacks.
It's also wise to secure your home network by using a separate Wi-Fi or router and connecting to the internet via a VPN.
Most importantly, avoid seeking specific assistance on public forums, especially if it involves uploading logs or error messages.
‘Be especially careful when using virtual numbers and password managers on unpopular websites to avoid reusing personally identified information that could be used to access your important financial services,’ Manraj explained.
Users should keep in mind that data is a valuable commodity, and many businesses collect excessive information, often more than necessary for the transaction.
Megerdichian advised against sharing more information than required when registering for new websites or downloading apps.
‘Always ask yourself, do they really need to know that? It’s up to consumers to be proactive when it comes to their personal data,’ he suggested.
As scams become increasingly sophisticated, the techniques used to deceive individuals are evolving, making it crucial to stay informed and vigilant.
This new trend highlights the terrifying methods behind email scams that aim to steal personal information and financial details.
This alarming trend is echoed in another case, where a woman fell victim to an elaborate scam, losing a staggering sum due to a single letter in an email.
Both stories underscore the importance of being cautious and discerning in our digital interactions, especially when it comes to safeguarding personal information.
Have you or someone you know encountered a scam like this? How did you handle it? Share your experiences and tips in the comments below to help others stay informed and secure.
However, there's a new scheme that's particularly alarming, and it's targeting unsuspecting individuals with a level of personalisation that's downright terrifying.
Imagine opening an email to find a picture of your own home, complete with your address, followed by a chilling message: ‘Don’t even try to hide from this. You have no idea what I’m capable of…I’ve got footage of you doing embarrassing things in your house (nice setup, by the way).’
It's enough to make anyone's blood run cold, and it's the latest tactic scammers are using to extort money from people.
This isn't your run-of-the-mill scam; it's a sophisticated extortion scheme that uses specific personal information to deceive people into sending money.
An advanced phishing scam is sending emails featuring images of victims' homes and threats, using personal information from prior data breaches. Credit: Shutterstock
The email leads individuals to believe that the hacker has extensive knowledge about them and that they need to pay a fee or send Bitcoin to protect their information.
Victims like Jamie Beckland, a Chief Product Officer at tech company APIContext, reported,
‘I received a PDF over email that included my address and photo of the address, made outrageous claims about my private behaviour, and claimed to have video documentation captured from spyware on my computer.’
‘The scammer threatened to release the video if I didn’t pay them via Bitcoin.’
So, how do these scammers get such detailed information?
Cyber expert and Industry Research and Community Engagement Lead at the software company Valimail Al Iverson explained that the sender likely obtained your address from a prior data breach that leaked personal data. They then pair this with a Google Maps photo to craft a convincing email.
Beckland verified that this was a scam by comparing the image in the PDF to the Google Maps street view of his home.
Since most images in these scams are sourced from the internet, he advises people to check if the image was taken online.
If it was, it’s a clear indication that the claim is not genuine.
Iverson suggested verifying the authenticity of the email address whenever you receive messages from unfamiliar senders.
‘Check whether the sender’s email domain matches the official organisation’s website,’ he advised.
‘Also, if using Gmail, look for “show original message” and review SPF, DKIM, and DMARC results.’
These methods primarily confirm the legitimacy of the emailer's domain to protect against spam, phishing attacks, and other email security threats.
To check this, click the three-dot menu in the top right corner of your email and select ‘Show Original’.
‘All three should ideally pass authentication checks,’ he added. In other words, it would display ‘PASS’ next to each of the three options.
Scammers have become quite adept at disguising domains, so be cautious of ‘lookalike’ domains that feature minor spelling differences. Iverson suggested that if something appears too good (or too bad) to be true, it likely is.
Additionally, watch for messages that appear to come ‘from’ your own email address. Often, scammers are simply spoofing your email address in the ‘from’ header.
‘These scammers don’t have the time or ability to actually hack into your email accounts. They haven’t found some secret treasure trove of compromising photos. They’re just trying to scare unsuspecting people into coughing up money (or Bitcoin),’ Iverson added.
If an email appears to be genuine, you might inadvertently click on the links for further details.
Zarik Megerdichian, Founder of Loop8, a company focused on safeguarding personal data and privacy from breaches and hackers, warned strongly against doing so.
‘Exercise caution any time you’re asked to click on a link in an email,’ he recommended.
‘Bitcoin transactions are irreversible, as are many other common payment methods including Cash App and Zelle.’
Additionally, scams that request payment should be reported to the Federal Trade Commission either online or by phone.
Megerdichian also advised that if a hacker has accessed your financial information, you should closely monitor your bank accounts, contest any fraudulent charges with your bank, cancel your cards, and take steps to block future transactions.
It’s strongly recommended to change all your passwords if you encounter a sophisticated scam.
Yashin Manraj, CEO of Pvotal Technologies, a company that develops secure technology infrastructures for businesses, emphasised the importance of swiftly securing your data if you suspect it has been compromised.
‘Use a new email address if possible and move critical financial or utilities to it, and then start reporting the case to the local police [and] the FBI and making sure your family is aware of the potential threat of a public shaming in the unlikely event that they did manage to steal some compromising data,’ Manraj advised.
It may be tempting to reply to an email, particularly those that appear very convincing, in an attempt to negotiate with the scammer.
However, Manraj warned against engaging with these emails, as responding can put you on call logs and target lists, increasing your risk of future attacks.
It's also wise to secure your home network by using a separate Wi-Fi or router and connecting to the internet via a VPN.
Most importantly, avoid seeking specific assistance on public forums, especially if it involves uploading logs or error messages.
‘Be especially careful when using virtual numbers and password managers on unpopular websites to avoid reusing personally identified information that could be used to access your important financial services,’ Manraj explained.
Users should keep in mind that data is a valuable commodity, and many businesses collect excessive information, often more than necessary for the transaction.
Megerdichian advised against sharing more information than required when registering for new websites or downloading apps.
‘Always ask yourself, do they really need to know that? It’s up to consumers to be proactive when it comes to their personal data,’ he suggested.
As scams become increasingly sophisticated, the techniques used to deceive individuals are evolving, making it crucial to stay informed and vigilant.
This new trend highlights the terrifying methods behind email scams that aim to steal personal information and financial details.
This alarming trend is echoed in another case, where a woman fell victim to an elaborate scam, losing a staggering sum due to a single letter in an email.
Both stories underscore the importance of being cautious and discerning in our digital interactions, especially when it comes to safeguarding personal information.
.png){kind=icon}
