Checklist 391: Sextortion Scams and QR Codes, Revisited
Sextortion Scam Alert: Now Including Photos of Your Home
A growing sextortion scam is now using personal details like home addresses and images from online mapping services, according to a recent Krebs on Security report. While sextortion scams aren’t new, this latest twist increases the fear factor by including details such as the victim’s name and street address. Victims receive an email threatening to release supposedly compromising videos unless they pay a Bitcoin ransom.
These scams prey on fear and urgency, often including passwords that victims have used before, further enhancing the sense of credibility. However, these claims are baseless; the scammers don’t actually possess compromising material. The latest scam ups the ante by adding images of the victim’s home from services like Google Maps.
In response, the FBI has issued guidance on how to protect oneself:
- Stay calm and do not send compromising images or money.
- Avoid opening attachments from unknown senders.
- Keep your webcam covered when not in use.
- If you believe you’ve been targeted, report the crime to your local FBI office or call 1-800-CALL-FBI.
Sextortion scams are serious crimes, and even though many don’t involve actual compromising material, they can still have devastating effects on victims.
Source: Krebs on Security
QR Code Phishing Scams Resurface in Southern California
Police in Southern California are warning residents about a surge in QR code phishing scams involving fake stickers placed on parking meters. According to a Gizmodo report, scammers are attaching fraudulent QR codes that direct unsuspecting users to fake payment sites resembling legitimate services like ParkMobile or PayByPhone. These phishing websites often mimic the real ones closely, sometimes differing by just one letter in the URL.
This scam isn’t new. Similar QR code phishing incidents were reported in Texas in 2022, where scammers placed fake QR codes on parking meters in cities like Houston, San Antonio, and Austin. The codes directed users to fraudulent websites, stealing their credit card information.
Southern California’s current wave includes at least 150 fake QR codes found in Redondo Beach, with similar reports from San Clemente, though no fraudulent stickers have been confirmed there.
QR codes gained widespread use during the COVID-19 pandemic for contactless transactions, making them a target for cybercriminals. These codes, often scanned in a hurry, can hide malicious websites, making it easier for scammers to exploit.
To avoid falling victim to these scams:
- Inspect the sticker: Check for signs it may have been placed over an official one or if fonts and materials look suspicious.
- Verify the URL: When scanning a QR code, check the URL preview in your smartphone’s camera app before tapping it. If the link seems off, do not proceed.
- Use cash when possible: If parking meters still accept cash, consider using it to avoid potential scams.
- Avoid random QR codes: Be wary of QR codes on junk mail or random public places, as it’s hard to verify their origin.
Source: Gizmodo