Taking advantage of increased Zoom use and people’s fear of intimate moments being exposed, scamsters are using a new extortion method called sextortion. Researchers at Avast claim that they have blocked over five lakh such attacks, where users were threatened by scammers with a threat to make their intimate moments public.
Sextortion scams are dangerous and unsettling, and can even have tragic consequences for affected users. During the Covid-19 pandemic, cybercriminals see a strong opportunity for success as people spend more time on Zoom and in front of their computers all the time.
Sextortion starts with an email. Sextortion emails mislead victims into thinking the attacker owns a recording of their screen and camera and that recording contains images or videos of the potential victim in sexually explicit situations. The attackers use this claim of a recording to blackmail the victim into paying the attacker.
Digital security and privacy products developer Avast says it has blocked over half a million sextortion attack attempts in January itself. “Most of these attacks targeted English-speaking users including 3,980 in India, but Avast threat labs researchers have also seen campaigns in other countries in local languages.”
“All of the sextortion campaigns seen by Avast use the same modus operandi, with scammers sending emails to users claiming they recorded the user during private, intimate moments, and threatening to expose them to the public unless the victim pays money to the attacker,” it added.
The most prevalent sextortion campaign takes advantage of the increased use of video conferencing services during the Covid-19 pandemic, falsely claiming to have accessed a user’s device and camera. Avast says it saw an uptick of these campaigns during the holiday season in December 2020.
The scamsters claim in an email they took advantage of critical vulnerabilities in the Zoom application, allowing them access to the user’s device and camera. However, Avast says it has not found any actual vulnerabilities in the Zoom application.
The email also mentions a “recorded sexual act”, that the attacker got “access to sensitive information”, and that this can lead to “terrible reputation damage” unless a payment of $2,000 in Bitcoin is made.
A distinctive feature of this campaign, according to Avast, is that emails look like they are sent from the user’s email address to themselves, however, only the sender name displayed has been modified and clicking on it reveals the real email address of the sender.
In the second most common campaign, an email is sent to the user in which the attackers claim a Trojan was installed on the recipient’s machine a few months ago, which then recorded all the potential victim’s actions with a microphone and webcam, and exfiltrated all data from the devices, including chats, social media, and contacts. The attackers demand a ransom in…