“I know where you live!”: the latest sextortion scam exposed

In September, the Internet was abuzz again with reports of the latest sextortion scam email making the rounds. Now known as the “Hello Pervert” email, it followed the typical formula of a sextortion email, except for one new and very scary tactic – a photo of the recipient’s home!

Hackers are getting smarter and more menacing, so we have to be on our digital security game to stay protected. It’s important to understand how to identify scam emails, what do you do if you get one and proactive measures you can take to stay secure.

A typical sextortion scam

Typical sextortion scam emails intimidate victims to pay a certain sum (using Bitcoin or some other non-trackable digital currency). If they don’t pay, the hacker threatens to expose “deviant” behaviour to all their personal contacts.

That follows the typical formula of a sextortion scam. Here’s how to identify it if you ever receive the same type of email:

• The email seems legitimate because it appears to come from your own email address (spoofing) and may reference your personal information (name, address, email, phone number, username and/or a password you may have used in the past)
• There is a threatening and urgent tone to the email (you better pay or else; you have 24 hours to pay)
• The hacker informs you they have taken over your devices remotely
• They have recorded “compromising” video and images of you and have your browsing history
• They will share these images/videos with your family, friends and other contacts to humiliate you and ruin your reputation
• When they receive the money from you, they will wipe their stored files

Taking intimidation to the next level

There is a wealth of information available on the dark web from data breaches (if you’ve never done a dark web scan, you would be shocked about what you find). And hackers mine it to use as much personal information as possible to try to fool you into giving them money.

In the Hello Pervert scam, hackers added two new elements of threat and intimidation:

• They insisted they had used Pegasus spyware to commandeer recipients’ devices (Pegasus got a lot of media hype but was sold primarily to governments for high level surveillance)
• They included a photo of the recipients’ homes from the outside

It’s fairly easy to find someone’s address online, and once hackers have it, they use location mapping technologies like Google Maps to capture an image of that person’s home and street.

How to protect yourself

How can you fight against this new intimidation tactic? According to Forbes, you can blur your house on Google Maps Street View to protect your property and yourself by following these steps:

• Search for your home address in Google Maps
• Click on your home on the Street View sidebar to go to the full street view page
• Find your house and click on the image
• If the property and address information are correct, click on the three dots and select report
• A new form will pop up with a view focused on the property you are reporting
• You can then request Google to blur that property

If you receive the Hello Pervert email or any scam/sextortion emails like it, there are important actions to take:

Specific to the email:

• Do not respond or engage with the hacker under any circumstance
• Resist the urge to pay, no matter what
• Document the scam email with screenshots
• Report the email to local law enforcement and The Canadian Anti-Fraud Centre

For your general online protection:

• Do a dark web scan to see how much of your personal information has been compromised in data breaches (TELUS Online Security offers this service)
• Keep up to date on your password hygiene – use a strong password, change passwords often and use a secure password manager
• Conduct regular virus and malware scans on your computer and devices
• Review and adjust your privacy settings across all your devices and apps to proactively maximize your online protection

The reality of life today is that hackers are gonna hack. It’s an unfortunate but inevitable part of our digital existence. It’s important to educate yourself on the latest scams and intimidation tactics, so you can identify them if they pop up in your inbox. In addition to awareness, there are proactive steps you can take to protect your personal information and devices from compromise. By combining awareness with action, you can create a safer digital environment for yourself and your family.