In January this year, Avast threat researchers blocked over 500,000 attack attempts from cybercriminals claiming to have recorded videos of unsuspecting victims during private moments online. These attacks, known as sextortion scams, attempt to blackmail victims by threatening to make these apparent recordings public unless a payment is made to the scammer. Avast threat labs researchers advise people to stay calm and ignore sextortion emails instead of reacting to them, as they usually are fake claims.
Cybercriminals have been using the increase in video conferencing services during the Covid-19 pandemic to validate their false claims and provoke a reaction from the victim. The fraudsters allege to have taken advantage of critical vulnerabilities in the Zoom application, allowing them to access a user’s device and camera. It is important to note that Avast has not found any actual vulnerabilities in the Zoom application.
“Sextortion scams are dangerous and unsettling, and can even have tragic consequences resulting in the suicide of affected users. During the Covid-19 pandemic, cybercriminals likely see a strong opportunity for success as people spend more time using video conference applications and in front of their computer overall,” said Marek Beno, malware analyst at Avast.
“As scary as such emails may sound, we urge people to stay calm if they receive such a message in their inbox and ignore it, as it is just a dirty trick that cybercriminals use to try to get your money.”
Another common sextortion campaign identified by Avast is an email in which the attackers claim a Trojan was installed on the recipient’s machine, which has recorded their actions with a microphone and webcam, and extracted all data from their devices including chats, social media and contacts. A ransom is demanded and often includes a note about a fake “timer” that started when the email was received in order to set a ransom deadline. This campaign is also fake and uses social engineering to coerce people into paying.
Read the full article to find out how to recognise and protect yourself from sextortion emails.