In August 2019 we told you about the first extortion blackmail campaign that we echoed, in which cybercriminals asked users who had been watching pornographic content for a payment in exchange for not distributing their supposed sexual content, pointing out that they had hacked the computer camera and recorded the user watching this content, which was false, although several ‘bit’ and paid the ransom to the hackers.
We jump back in time to April 2020, right in the middle of confinement, and we see that again there is a sextortion campaign, only this time it does not bother to search for users whose IPs have been in contact with pages of adult content, but rather anyone. The reason? Take advantage of the confusion and confinement that confinement was causing, along with the increase in the use of video calling apps.
Sextortion campaigns soar
And this brings us to January 2021, almost a year after the start of the pandemic, to a reality in which online classes and telecommuting are no longer a curiosity, but a measure implemented in many cases. A month in which, according to the cybersecurity expert company Avast, more than half a million attempts at sextortion attacks have been registered, triggering the number of scams using this method.
Sextortion campaigns consist of emails claiming to have recorded the user during her private sexual moments, and threatening to make them public unless the victim pays a sum of money to the attacker. Avast researchers directly advise ignoring sextortion emails rather than reacting to them, as “they are often false claims.”
Sextortion by ZOOM
Given the increase in the use of applications like Zoom for video calls, classes and streaming meetings, cybercriminals use this in their campaigns, but they also use social engineering by trying other topics, such as Trojan viruses. According to Avast:
The most frequent sextortion campaign uses Zoom as an excuse, pointing out in an email written to scare users that they have exploited vulnerabilities in the Zoom application to access the user’s device and camera. The reality is that Avast has not detected any real vulnerabilities in Zoom. The email also mentions a “recorded sexual act”, and that the attacker has accessed “sensitive information” that can cause “terrible damage to reputation” unless a payment of $ 2,000 in Bitcoins is made.
A distinctive feature of this campaign is that the emails appear to be sent from the user’s own email address. However, only the sender’s name displayed has been modified, and clicking on it reveals his true email address.
The second most frequent campaign is the one in which an email is sent threatening that a few months ago a Trojan was installed on the victim’s computer and recorded all of his movements with the microphone and the webcam. Furthermore, it also claims to have extracted all data from the device, including chats, social media interactions, and contacts. The attackers demand a cryptocurrency ransom, including a note with a fake “timer” that starts when the victim receives the email, in order to set a deadline for the ransom.