Sextortion Scams Surging During Pandemic: Avast

Avast, a global enabler in digital security and privacy products, announced it has blocked over half a million sextortion attack attempts in January.

Most of these attacks targeted English-speaking users including 3,980 in India, but Avast threat labs researchers have also seen campaigns in other countries in local languages.

All of the sextortion campaigns seen by Avast use the same modus operandi, with scammers sending emails to users claiming they recorded the user during private, intimate moments, and threatening to expose them to the public unless the victim pays money to the attacker. Avast threat labs researchers advise people to stay calm and ignore sextortion emails instead of reacting to them, as they usually are fake claims.

“Sextortion scams are dangerous and unsettling, and can even have tragic consequences resulting in the suicide of affected users. During the Covid-19 pandemic, cybercriminals likely see a strong opportunity for success as people spend more time on Zoom and in front of their computer overall,” said Marek Beno, malware analyst at Avast. “As scary as such emails may sound, we urge people to stay calm if they receive such a message in their inbox and ignore it, as it is just a dirty trick that cybercriminals use to try to get your money.”

The most prevalent sextortion campaign takes advantage of the increased use of video conferencing services during the Covid-19 pandemic, falsely claiming to have accessed a user’s device and camera. Avast saw an uptick of these campaigns during the holiday season in December 2020. The threat actors claim in an email they took advantage of critical vulnerabilities in the Zoom application, allowing them access to the user’s device and camera. Avast has not found any actual vulnerabilities in the Zoom application. The email also mentions a “recorded sexual act”, that the attacker got “access to sensitive information”, and that this can lead to “terrible reputation damage” unless a payment of $2,000 in Bitcoin is made. A distinctive feature of this campaign is that emails look like they are sent from the user’s email address to themselves, however, only the sender name displayed has been modified and clicking on it reveals the real email address of the sender.

The second most common campaign sends an email in which the attackers claim a Trojan was installed on the recipient’s machine a few months ago, which then recorded all of the potential victim’s actions with a microphone and webcam, and exfiltrated all data from the devices, including chats, social media, and contacts. The attackers demand a ransom in cryptocurrencies, and include a note about a fake “timer” that started when the email was received, in order to set a ransom deadline.

“As with the Zoom campaign, these threats are all fake. There are no undetectable Trojans, nothing is recorded, and attackers do not have your data. The timer included in the email is another social engineering technique used to manipulate victims into paying,” continued Marek Beno.

Avast threat researchers have observed additional sextortion campaigns some of which are originally in different languages and the content is automatically translated in a tool like Google Translate.

How to recognize sextortion emails

Sextortion scams are emails that falsely claim that the sender of the email owns a recording of their screen and camera, showing the user in intimate moments.

The attackers often emphasize the humiliation and embarrassment of the situation to blackmail the victim into paying them money, often in cryptocurrencies like Bitcoins.

Often, the language used is perfect, however sometimes attackers simply seem to be using Google Translate to localize a message, which can be another indicator for users that the message is not trustworthy.

In some cases, the email looks like it is sent by the victim itself, but the true sender can easily be revealed by clicking on the sender name, which will show the email address the message was sent from.

Attackers may show you old, leaked passwords of yours to make their message more credible. However, leaked passwords are sold on the dark web and attackers can easily use them for their campaigns to cause additional concern.

How to protect yourself from sextortion emails

Stay calm. In reality, the attacker does not actually own any recordings and is using social engineering techniques to scare and shame you into paying.

Treat the email like you would treat spam emails: ignore them. Do not respond and don’t pay any money.

If the attacker has included an older leaked password of yours, change your password to a long, complex password if you haven’t done so already.

ChannelDrive Bureauhttp://www.channeldrive.in
ChannelDrive Bureau covers the latest developments in the space of ICT, technology, solutions and implementations and delivers content focused around solution providers, system integrators, distributors and technology partner community in India. ChannelDrive Bureau is headed by Zia Askari. He can be reached at ziaaskari@channeldrive.in

Recent Articles

UK public demands more online gov services after lockdown: Infosys

The pandemic has significantly changed how UK residents engage with online public sector services according to new research from Infosys, a global enabler in...

Piraeus Bank Picks Accenture, Microsoft to Embrace Cloud Transformation

Piraeus Bank is collaborating with Accenture and Microsoft to accelerate its digital transformation, leveraging a cloud-first approach. The shared ambition of this initiative is...

KPMG and ServiceNow Expand Alliance

KPMG and ServiceNow announced an expansion to their alliance relationship to deliver environmental, social, and governance (ESG) focused solutions and services that extend KPMG...

TCS Sustainathon Drives Inclusive Education Solutions in ASEAN

Tata Consultancy Services (TCS), a global IT services, consulting, and business solutions organization, announced the launch of TCS Sustainathon ASEAN 2021, a problem-solving competition...

Blume Global runs logistics platform natively on Google Cloud

Blume Global, the provider of supply chain execution and visibility solutions, is proud to be the first to deliver logistics execution and supply chain...

Related Stories

Stay on op - Get the daily news in your inbox