Researchers at cybersecurity firm Barracuda have revealed that cybercriminals are now supercharging sextortion scams by using victims’ personal information, such as home addresses and Google Maps images, to make their threats more convincing and increase pressure to pay ransoms.
These scams, designed to extort money from victims, account for around 3 per cent of targeted phishing attacks and typically involve criminals falsely claiming to have explicit material hacked from victims’ devices. Personalised emails including names, phone numbers, and addresses are being used to make the threats appear more credible, and many emails begin with unsettling lines like, “Is this the right place to meet?” alongside images of victims’ homes or workplaces to coerce compliance.
Ransom demands are also reported to have risen sharply, often reaching $2,000, with scammers streamlining payments by including QR codes for Bitcoin transfers. While most attacks are large-scale spam campaigns, the personalised content in these scams enables them to evade spam filters and reach victims directly.
The impact on victims is reported to be severe, with scammers exploiting the distress caused by their invasive threats. However, in most cases, the attackers don’t actually have any of the explicit material they claim to possess, instead simply relying on data from previous breaches to construct their lies.
To combat these scams, businesses should employ advanced email protection systems, monitor for compromised accounts, and educate employees on identifying such attacks. Regular system updates and proactive email analysis are also effective ways to counter this growing cyber threat.