HomeTechThe terrifying Google Maps tactic now used by email scammers

The terrifying Google Maps tactic now used by email scammers

Date:

Related stories

How many people claim sickness benefits?

About a quarter of working-aged adults in the UK...

EY UK Weighs Cutting 150 Consulting Jobs Amid Softening Demand

EY has proposed eliminating 150 consulting jobs in the...

What is Travel Tuesday – and what are the best travel deals?

Sign up to Simon Calder’s free travel email for...
spot_imgspot_img

Scammers want to let you know they know where you live

People are being sent screenshots of their home location in a bid to scare them into paying cyber criminals.

Those being targeted see a familiar area on Google Maps, with a caption along the lines of ‘Can you notice something here?’ or ‘Is this the right place to meet?’

The idea is to threaten victims by claiming this is not purely an empty online threat.

Details of the creepy new tactic were revealed by cybersecurity firm Barracuda, who said ‘sextortion’ is now a major problem making up 3% of targeted phishing attacks.

Criminals threaten to share explicit photos or videos unless they receive payment, usually in Bitcoin.

They claim to have been able to access the images from the victim’s computer and use identifying details from usernames and passwords stolen in data breaches, but they likely do not really have compromising material.

A typical phishing email including personalisation (Picture: Barracuda)
They may include a Google Maps photo from where you live or work (Picture: Barracuda)
Often thousands of similar emails will be sent on the hope some will take the bait
If you pay the ransom, you may well be targeted by even more scams

In many cases, they have sent similar emails to thousands of people at a time as part of large spam campaigns

Higher levels of personalisation make them harder to filter out automatically, and victims are likely to take them much more seriously.

Barracuda said some emails address the victim by their first and last name, and open by detailing their telephone number, street address, and city.

In many cases, emails start like this: ‘I know that calling [telephone number] or visiting [street address] would be a better way to have a chat with you in case you don’t cooperate. Don’t even try to escape from this. You have no idea what I’m capable of in [city].’

The payment demands are also increasing. In the past, sextortion emails typically demanded payments of a couple hundred dollars, up to about $500 (£393) maximum. In the latest attacks seen by Barracuda researchers, the amounts are $1,950 (£1534) and $2,000 (£1573).

While most of the copy in the emails is identical or very similar, there are some variations.



What to do

The UK’s National Cyber Security Centre said: As with other phishes, our advice is not to engage with the phisher, forward the email to report@phishing.gov.uk which is the NCSC’s Suspicious Email Reporting Service (SERS), and then delete it.

If you are tempted to pay the BitCoin ransom, you should be aware that doing so will likely encourage more scams as the phisher will know they have a ‘willing’ customer.

Do not worry if the phish includes your password; in all likelihood this has been obtained from historic breaches of personal data. You can check if your account has been compromised and get future notifications by visiting: https://haveibeenpwned.com

If the email includes a password you still use then change it immediately.

If you have been a victim of a sextortion scam and have paid the BitCoin ransom, then report it to your local police force by calling 101. 

Likewise, variations are being used in the line of copy that appears just below the bitcoin payment information, including:

  • Once you pay up, you’ll sleep like a baby. I keep my word.
  • Let me tell ya, it’s peanuts for your peace.
  • Let me tell ya, it’s peanuts for your tranquility.

In some cases, quick response (QR) codes are being provided in the emails to make it faster and easier for victims to send bitcoin payments.

The National Cyber Security Centre said: ‘The phisher is gambling that enough people will respond so that their scam is profitable; they do not know if you have a webcam, have been visiting adult websites, or the means by which you communicate with people – in short, they are guessing.

‘The phisher hopes to emotionally trigger people so that they will ‘take the bait’ and pay the ransom – a typical modus operandi.’

Get in touch with our news team by emailing us at webnews@metro.co.uk.

For more stories like this, check our news page.


MORE : Southport stabbing suspect appears in court and refuses to show his face


MORE : Sara Sharif’s dad sobs as he ‘takes full responsibility’ for daughter’s death


MORE : Girl, 12, arrested after ‘attacking school staff member with scissors’

- Never miss a story with notifications

- Gain full access to our premium content

- Browse free from up to 5 devices at once

Latest stories

spot_img