Zoom users are being cautioned about a new sextortion scam, which security experts warn is on the rise. Last month, internet security firm Avast blocked over half a million sextortion attack attempts, with cybercriminals targeting English-speaking users in the UK and US. Avast said the scams all have a common modus operandi – with scammers claiming they have X-rated footage of a victim that was recorded secretly.
The callous scammers say they will expose footage of private and intimate sex acts involving the victim secretly filmed from their webcam unless they pay a ransom. In the scams spotted by Avast, victims were told the X-rated footage was recorded thanks to an alleged vulnerability in the hugely popular video conferencing app Zoom.
And victims are asked to pay $2,000 in Bitcoin to avoid having this alleged private video exposed.
These types of emails would be extremely scary to receive. But Avast is urging potential victims to try to stay calm as the scammers behind these sextortion attempts are usually bluffing.
Marek Beno, a malware analyst at Avast, said: “Sextortion scams are dangerous and unsettling, and can even have tragic consequences resulting in the suicide of affected users. During the Covid-19 pandemic, cybercriminals likely see a strong opportunity for success as people spend more time on Zoom and in front of their computer overall.
“As scary as such emails may sound, we urge people to stay calm if they receive such a message in their inbox and ignore it, as it is just a dirty trick that cybercriminals use to try to get your money.”
Avast said the uptick in people using web conferencing services such as Zoom during the Covid-19 pandemic is one reason hackers might be name-dropping such a popular app.
The security experts began to see more of these scams during December, when people socially distancing may have been using Zoom or other such services more often to connect with family and friends over the Christmas and holiday period.
One scam email sent during this period that Avast spotted mentioned that attackers had “recorded” a “sexual act” involving the victim that could lead to “terrible reputation damage”. The email, which appears to have been sent from the victim’s own email address, also says attackers have “access to sensitive information”.
The nefarious parties claim they managed to get hold of this compromising footage and sensitive information via ‘critical vulnerabilities’ in the Zoom app. However, Avast has not found any actual vulnerabilities in the Zoom application.
Speaking to Express.co.uk, a Zoom spokesperson also said: “These scammers are doing what they do best: lying. Zoom’s application protects against such vulnerabilities. Zoom takes security and privacy very seriously and does not offer the ability to secretly record others, or allow secret access to other users’ devices or cameras. Users across all services and technology platforms should be cautious with emails or links received from unknown senders.”
In the second type of scam, Avast spotted attackers claim a Trojan has been installed on the victim’s machine and it’s been running for months.
The attackers claim they have recorded all of the victim’s actions with a microphone and webcam during this period, as well as stealing data from the allegedly targeted device on chats, social media activity and contacts.
A ransom is then demanded with a fake timer appearing in the email counting down till when a ransom has to be paid. But as Avast said, this threat once again is fake.
Beno went onto add: “As with the Zoom campaign, these threats are all fake. There are no undetectable Trojans, nothing is recorded, and attackers do not have your data. The timer included in the email is another social engineering technique used to manipulate victims into paying.”
Advising people on how to stay safe from sextortion scams, Avast added…
• Stay calm. In reality, the attacker does not actually own any recordings and is using social engineering techniques to scare and shame you into paying.
• Treat the email like you would treat spam emails: ignore them.
• Do not respond and don’t pay any money.
• If the attacker has included an older leaked password of yours, change your password to a long, complex password if you haven’t done so already.
Published at Mon, 22 Feb 2021 08:01:00 +0000