close
close

Gmail users warned about sneaky scam that spies on search history

Gmail users warned about sneaky scam that spies on search history

The Maryland State Police Department has identified an ongoing cybercrime campaign that it says is specifically targeting Gmail users. The scam itself relies on long-established methods of extorting money from frightened recipients through sextortion tactics and the inclusion of user-specific information.

Maryland Police Gmail Scam Alert

In a Sept. 18 alert, the Maryland State Police’s Office of Media Communications issued a warning to the public about a scam targeting residents with Gmail accounts. “Throughout August and September,” the alert stated, “the Maryland State Police Financial Crimes Unit received reports of several online scams involving Gmail accounts.”

The sexual blackmail attempts appear to be related to a tactic first identified by security researchers at Malwarebytes Labs and reported by me on September 8 that involves using images of recipients’ homes obtained through Google Maps Street View.

Maryland police said the reports they received indicated an attempt to blackmail the victim with accusations of obtaining information by hacking into their computer. As is common with such sextortion campaigns, the information in question involves viewing pornography or creating intimate images and videos. This suggests that the sender of the email was able to hack the reader’s computer or smartphone, access their search history, and some even claim to have installed spyware on the device that watches them as they read.

“Maryland State Police continue to investigate these online scams,” the statement reads, “and residents are urged to be cautious of unsolicited emails sent to their Gmail accounts.”

Are you really being watched by hackers trying to scam you through Gmail?

I mean, nothing is impossible, but the odds are so slim that I’m willing to say with absolute certainty that the answer is no. So if you’re wondering how this complete stranger got a picture of your house, a password you recognize, and your personal information, the answer has three parts:

  1. Your personal information, including address and other details, will be collected from your social media posts and other readily available data online.
  2. With a physical address, an attacker can quickly obtain an image of your home from Google Maps Street View.
  3. As for your password, once an attacker knows your email address, they can easily match it to any number of data breach databases available on the black market.

ForbesHackers are forcing Chrome users to give up their Google passwords. Here’s how

Gmail Scam Mitigation Tips for Law Enforcement

Maryland State Police have some mitigation tips for anyone concerned about this latest sextortion campaign. That includes being wary of links in emails or on websites you don’t trust, not sharing personal information online unless you’re sure the site is safe, and not panicking. “Often, scammers will target potential victims and push multiple emotional buttons to try to get you to stop thinking rationally,” the police alert concludes. “Never let strangers pressure you into making snap decisions.”

All good advice, to which I’ll add that blurring your home address on Google Maps Street View is now also considered a fraud mitigation technique. You can learn how to do it, step by step, here.

If you have already fallen victim to such an attack, you can report it to the FBI’s Internet Crime Complaint Center.