🚫 Subject -‘Regarding Zoom conference call’. Don’t open this email

It’s a ‘sextortion’ scam

What is Sextortion?

“Sextortion refers to a form of blackmail in which sexual information or images are used to extort sexual favors from the victim.” says Wikipedia.

source: InternationalInsider

Since the COVID-19 pandemic has taken over the world and humans have switched to the digital mediums to connect with the world, the one service that shot-off the ranks was Zoom. The popularity of video conferencing platform Zoom has gone through the roof in 2020 and since there are fewer humans on roads to do the crime, it comes as no surprise that cybercriminals are targeting the platform.

As per a report by BitDefender, cybercriminals are using a new ‘sextortion scam’ and targeting Zoom users. The report says that the scam is targeting users over the globe. So far, 2.5 lakh users have been targeted since October 20 and most of them have been from the United States of America.

How does the ‘sextortion scam’ work?

Users have reported getting an email with the subject line “Regarding Zoom Conference call”. The email starts like this, “You have used Zoom recently, like most of us during these bad COVID times,” the scammers said. “And I have very unfortunate news for you.”

source: BitDefender — Zoom sextortion email

The scammers then mention how they’ve accessed the users’ camera. “There was a zero-day security vulnerability on Zoom app, that allowed me a full-time access to your camera and some other metadata on your account,” the email further reads. “I found a few interesting targets through random lookups. You were just unlucky to be on the list.” For the uninitiated, zero-day security vulnerabilities are bugs that are spotted by researchers that companies might have missed. On Zoom, there have been a few zero-day vulnerabilities that have been reported.

The email then further goes on to scare the users. “After that, I did some creepy stuff and a few recordings, just for fun and to test a few things,” reads the email. “And as you can imagine in your worst dreams, this happened. I have made a recording, where you work on yourself.”

What’s worse is that the scammers end up blaming coronavirus and try to evoke sentimentality in users. “Please don't blame me or yourself for this, I didn’t have any bad intentions,” said the scammers. “I got very sick, lost my job, about to be evicted, and have no money to survive. All of this because of the stupid virus. I’m sorry. I have no other choice.”

Then comes the extortion part. The scammer asks the user to pay $2,000 in bitcoin within three days or the “video” will be revealed to family, friends, and colleagues. Once the amount is paid, the scammer claims to completely delete the video. “If you do something stupid, I will distribute the video,” the scammer warns the users.

How to protect yourself from this scam?

Sextortion scammers are banking on two things to succeed in their crimes: Their creative writing skills and your lack of tech knowledge. As of now, there is no zero-day vulnerability in Zoom that could allow such a break-in to happen. And if there was, it would be front-page news (given how critical the software has been to companies around the world during COVID-19).

The threat of sextortion is usually enough to get victims to pay, but some scammers have been known to go further. There have been cases where they’ve shown “evidence” that they’ve hacked your accounts by sending you stolen usernames and passwords. But this data is almost never obtained by them directly. Instead, they grab it from known data breaches and leaks.

If you do get one of these messages, there’s only one thing you should do: Ignore it! Responding in any way will let the hackers know they can reach you — which means they could try again or add you to a spam mail list.

At the same time, you should never attempt to pay the ransom. Bitcoin is an anonymous digital currency, and just like with cash and gift cards, there’s no way to get it back once you’ve paid.

Thankfully, sextortion isn’t as dangerous of a threat as ransomware or phishing. Think of it as a scary variety of spam mail instead of an actual form of blackmail. And like every other piece of spam mail, it’s best left to your email filter instead of you.

So next time you see an email regarding your Zoom conference call, be careful and don’t fall for this scam doing the rounds.

Spread the word

If you have enjoyed this article, do check our other articles (link below). Also, do share it with your friends and family. You can also click on the clap button (The limit is 50. Just use all of it). Your support would be incredible.

TheLatestCheckout — thelatestcheckout.medium.com

👏👏👏👏👏👏👏👏👏👏👏👏