The popularity of video conferencing platform Zoom has gone through the roof in 2020. It comes as no surprise that cybercriminals are targeting the platform. As per a report by BitDefender, a cybercriminals are using a new ‘sextortion scam’ and targeting Zoom users.
The report says that the scam is targeting users over the globe. So far, 2.5 lakh users have been targeted since October 20 and most of them have been from the United States of America.
How does the ‘sextortion scam’ work?
Users have reported getting an email with the subject line “Regarding Zoom Conference call”. The email starts like this, “You have used Zoom recently, like most of us during these bad COVID times,” the scammers said. “And I have very unfortunate news for you.”
The scammers then mention how they’ve accessed the users’ camera. “There was a zero day security vulnerability on Zoom app, that allowed me a full time access to your camera and some other metadata on your account,” the email further reads. “I found a few interesting targets through random lookups. You were just unlucky to be on the list.” For the uninitiated, zero-day security vulnerabilities are bugs that are spotted by researchers that companies might have missed. On Zoom, there have been a few zero-day vulnerabilities that have been reported.
The email then further goes on to scare the users. “After that, I did some creepy stuff and a few recordings, just for fun and to test a few things,” reads the email. “And as you can imagine in your worst dreams, this happened. I have made a recording, where you work on yourself.”
What’s worse is that the scammers end up blaming coronavirus and try to evoke sentimentality in users. “Please dont blame me or yourself for this, I didn’t have any bad intentions,” say the scammers. “I got very sick, lost my job, about to be evicted and have no money to survive. All of this because of the stupid virus. I’m sorry. I have no other choice.”
Then comes the extortion part. The scammer asks the user to pay $2,000 in bitcoin within three days or the “video” will be revealed to family, friends and colleagues. Once the amount is paid, the scammer claims to completely delete the video. “If you do something stupid, I will distribute the video,” the scammer warns the users.
So next time you see an email regarding your Zoom conference call, be careful and don’t fall for this scam doing the rounds.