A report published by Barracuda Networks warns that sextortion attacks are getting even more personal.

Cybercriminals are increasingly correlating online data with specific locations, social media profiles and other data to aid their extortion efforts. For example, the report notes that images of either a residential or commercial location where a victim lives or works captured from Google Maps are being included in emails that threaten to publicly disclose explicit photos.

Additionally, the report finds payment demands have risen to as high as 2,000, up from $500 a few years ago. Those payments can now also be made using QR codes that enable victims to send Bitcoin directly to a specific account.

Adam Khan, vice president of global security operations at Barracuda, said the tactics employed by cybercriminals that engage in sextortion are clearly evolving. In addition to using publicly available data, many of them are using stolen credentials procured on the dark web to gain access to explicit content residing on a PC or mobile computing device.

Overall, Barracuda Networks research shows that extortion emails make up roughly 3% of the total number of targeted phishing attacks detected annually. While most of these extortion efforts are aimed at individuals, many of the demands are also being delivered to corporate email accounts that cybersecurity teams should be able to block from every arrival by, for example, enabling multifactor authentication (MFA). If victims are contacted, cybersecurity professionals should be clear that they are willing to protect employees as much as possible, he added.

Cybersecurity teams should also educate end users about how the tactics and techniques being employed by cybercriminals are evolving in ways that are deliberately designed to induce the maximum amount of panic possible, said Khan.

Unfortunately, in the age of artificial intelligence (AI), it is increasingly becoming difficult to distinguish between an actual video or image and deep fakes that might be publicly shared regardless of whether any explicit photos or other compromising information was stolen or captured. There may soon come a day when it’s assumed that unless verified by a third party, most explicit content is fake.

It’s not clear to what degree law enforcement officials will ever be able to track down the cybercriminals that perpetrate these types of crimes, but they are getting better at identifying who is responsible by tracking Bitcoin payments. However, law enforcement officials can only target cybercriminals if they know a crime was committed. Most of the victims of sextortion demands would rather quietly make payments in the hope the issue will simply go away. Of course, there’s nothing that prevents cybercriminals from making additional demands that might include, for example, access to intellectual property.

Hopefully, cybersecurity advances will one day make the internet more secure for everyone. Until then, however, end users would be well-advised to assume that everything they access or store on any type of computing device can be seen by others. As such, regardless of how much change in behavior might be required, many types of sensitive data should never be connected to the internet in the first place.