This is a clever exploit of the way most people do not appreciate how much data has been breached. It seems convincing if you don’t just how many email and street address pairs are effectively public, and once you get them to panic a reliable fraction of the population isn’t going to pause and reconsider that assumption.
>It seems convincing if you don’t just how many email and street address pairs are effectively public
I don't think it's that convincing even if you're unaware of that fact because if someone tries to "sextort" you, if they've indeed owned you, why wouldn't they just send you a piece of that footage? I'd assume anything else is by default a bluff even if I knew nothing about tech
Remember that this is a numbers game. They don’t need to convince everyone, just enough people that they make a profit. Say they get their hands on a breach data set with 50 million people – if you live in a low cost of living country with negotiable law enforcement like, say, Nigeria or Russia how many of them do you need to sucker at $1,400 apiece to pay for the cost of generating a few million emails? I’d bet that anything over the first few is pure profit.
It only takes a moment of weakness to fall for it, you need to spread information of these scams so people are prepared for it. Sex is shamefull for so many people that they will not talk about being scammed.
On the opposite side of this I've gotten several pieces of junk mail from some home flipper guy offering to buy my home that include a photo of my house, along with a disclaimer to the effect of "No we weren't creepy and driving by your house, we just pulled this off of Google Maps."
Same - if it was up to me, it’d be illegal to sell mortgage information since I’m sure those sleazy companies pretending to sell insurance or home services do it because it’s profitable.
This type of scam is so lazy and obvious I'm surprised it's not been reported before. Anyone with your name and approximate location, provided your name isn't something insanely common like John Johnson, can yield your address within a few minutes. Seems like just a variation of the "I have your IP address" scams prevalent in IRC a long ass time ago, even the tone of the letter sounds the exact same.
It is the type of thing nobody thinks about though. Sure it is easy to figure out where I live (though odds are good you will get a previous address), but most people never attempt to do that and so don't realize how easy it is. It seems like if you know where I live you just have gone through a lot of effort. I have no doubt someone could break into my house and install hidden cameras without leaving a trace, but it would be a lot of effort, and it seems like the hardest part is finding my house.
>I have no doubt someone could break into my house and install hidden cameras without leaving a trace
Yes, but it feels like it would be hard to do that without the risk of witnesses. Sure, you could probably muddy the waters by claiming to be official or something, but it only takes one person to actually check your credentials or call the cops or even just tell the person "Hey this person went into your house, did you hire them?" to blow up your spot.
If someone is going to do a B&E on your house then they have many better options of getting a payday than some weaksauce sextortion scheme. And worse, law enforcement might actually care enough to investigate if you're going that far out of your way. High risk low reward. It's a bad scheme.
Weirdly getting the Google street view of my house makes the threat seem less credible. If they have the ability to send me a picture and they don't include one of the blackmail shots as proof and instead just something easily scraped from the web then they've already shown that they have nothing. At least when these threats were text only there was a plausible reason why they wouldn't send the proof right from the start and if people aren't thinking about it they might not realize that the scammer has provided basically zero details that aren't public knowledge. Sending the useless picture just highlights the scam.
Ten years ago someone told me that you can find out where someone lives by typing their name into Google Maps. I tried it on a few friends and it was shockingly accurate. I was completely mystified by how it worked (we were all college kids and none of us owned property) Doesn't seem to work any more though.
Honestly, it’s just not a common knowledge. I still can shock people by telling there are practically free versions of Clearview-like services online. Like finding people in random pictures by doing a reverse image search.
I'm curious how many people just send back nude photos of themselves and just call the bluff. You can always claim it was AI generated, wait, send back AI generated nudes and see if it also works.
I hate that I typed any of this on HN. Programmer brain of trying to break software.
Preemptively go online and talk about the dangers of AI generated content, post a modified yet non lewd image of yourself and expose the scam in a write-up telling the story of how people have tried to blackmail you with false, manufactured information. Problem solved.
"It makes sense that you'd know about insert act here, it involved your mother" - what you tell the scammer before ignoring any further communications from them
Business model?
Create AI generated versions of a person in similarly compromising situations to basically just flood ones network and drown out the actual sextortion images.
That's ingenious: the technology simultaneously makes and breaks the scam.
The cleverest business name idea that comes to mind is also the one most likely to get this comment deleted: consider the Scunthorpian[1] business name Cuntermeasure.
Not sure if I want risk all the images going online and plenty of it even if it’s fake. What you should do is just let time run its course and just don’t focus on the subject which is what the entire scam is standing on, which is embarrassment.
When someone blackmails you, even if you pay them, they will continue to have leverage on you and ask for additional payments. So payment doesn't guarantee anything.
If you agree to pay, they can ask you for more in response.
When they cannot confirm that you have read an e-mail, simply don't respond to it. Do not even let them know you have received the message.
Even if they capture video, who would actually watch it? I'm certainly interested in the preventative or reactive security steps to address this sort of thing. But I just don't see myself caring about somebody seeing me do something that basically everyone does.
Readit News
I don't think it's that convincing even if you're unaware of that fact because if someone tries to "sextort" you, if they've indeed owned you, why wouldn't they just send you a piece of that footage? I'd assume anything else is by default a bluff even if I knew nothing about tech
Yes, but it feels like it would be hard to do that without the risk of witnesses. Sure, you could probably muddy the waters by claiming to be official or something, but it only takes one person to actually check your credentials or call the cops or even just tell the person "Hey this person went into your house, did you hire them?" to blow up your spot.
I'm curious how many people just send back nude photos of themselves and just call the bluff. You can always claim it was AI generated, wait, send back AI generated nudes and see if it also works.
I hate that I typed any of this on HN. Programmer brain of trying to break software.
Checkmate, con artists.
(* no this does not exist)
(Already had this thought process when I was getting so many of these, I wanted to invite a bidding war)
The cleverest business name idea that comes to mind is also the one most likely to get this comment deleted: consider the Scunthorpian[1] business name Cuntermeasure.
[1] https://en.wikipedia.org/wiki/Scunthorpe_problem
If you agree to pay, they can ask you for more in response.
When they cannot confirm that you have read an e-mail, simply don't respond to it. Do not even let them know you have received the message.