3 min read

COVID-19, Zoom and Bedroom Lewdness Make for Sly (S)extortion Tactic

Alina BÎZGĂ

October 28, 2020

COVID-19, Zoom and Bedroom Lewdness Make for Sly (S)extortion Tactic

Cybercriminals are getting creative during the Covid-19 social-distancing measures, taking advantage of popular video-conference tools such as Zoom to strengthen their pitch in a fresh sextortion scam.

Bitdefender Antispam Lab spotted a new cyber-extortion campaign that has seemingly spread across the globe over the past week. The campaign targeted a quarter-million recipients, mostly in the United States, starting October 20.

The subject line ostensibly reads “Regarding Zoom Conference call,” to make sure you do not disregard the message.

“You have used Zoom recently, like most of us during these bad COVID times,” the scammers said. “And I have very unfortunate news for you.”

Indeed, many remote workers, students, teachers and families have used Zoom during the past year to connect, work or do business, creating a large pool of potential victims for the hoax.

“There was a zero day security vulnerability on Zoom app, that allowed me a full time access to your camera and some other metadata on your account,” the message continues. “I found a few interesting targets through random lookups. You were just unlucky to be on the list.”

The extortionist has clearly done his homework. Multiple zero-day vulnerabilities have been reported this year, including some that even allow a full takeover of devices. Moreover, the company which announced over “300 million daily Zoom meeting participants,” has been in the spotlight for quite some time, making headlines with topics ranging from Zoom-bombing in online classrooms to phishing campaigns to steal login credentials from users.

Moving forward, the extortionist reveals his actions, hinting at the keynote of the entire message.

“After that, I did some creepy stuff and a few recordings, just for fun and to test a few things,” the scammer adds. “And as you can imagine in your worst dreams, this happened. I have made a recording, where you work on yourself.”

There is nothing unique in this extortionist’s methodology, except for his need to make up excuses for his deeds by blaming the “stupid virus.” He even apologizes and attempts to exploit your empathetic side by claiming he lost his job and is about to be evicted.

“Please dont blame me or yourself for this, I didn’t have any bad intentions,” he said. “I got very sick, lost my job, about to be evicted and have no money to survive. All of this because of the stupid virus. I’m sorry. I have no other choice.”

This extortionist gests additional creativity points by also mentioning the Jeffrey Toobin Zoom scandal, in which the top legal analyst from CNN unknowingly exposed himself in front of co-workers during a Zoom conference.

“I do not want you to be the next Jeffrey Toobin,” he adds. “I’m sure you don’t want to be embarrassed. And I dont want to make this video public so your friends and colleagues can see it.”

The deal is you have three days to pay $2,000 in bitcoin unless you want the “video” revealed to your close family and workplace. He says the amount is non-negotiable and promises to delete the sensitive file once payment is received in his bitcoin wallet.

You are advised not to contact police or reply to the message. “If you do something stupid, I will distribute the video,” he threatens.

Individuals are likely to respond to blackmail messages that threaten to expose sensitive information about them publicly, be they true or not. As such, cyber-extortion has gained more and more traction in recent years, harnessing millions of dollars from victims’ pockets.

However, it’s important not to panic as there is little chance the blackmailer could have spied or recorded you in reality. Cyber-extortionists usually send out threats at random, using large batches of email addresses from data breaches and leaks in the hopes of duping users.

If you are one of the unfortunate recipients, immediately delete the email, and report the extortion attempt to local authorities and email service providers.

tags


Author



Right now

Top posts

Ultimate Privacy Guide for Your Facebook Account

Ultimate Privacy Guide for Your Facebook Account

August 31, 2021

6 min read
7 Signs It’s Time to Use Parental Controls On Your Family’s Devices

7 Signs It’s Time to Use Parental Controls On Your Family’s Devices

August 27, 2021

2 min read
Your Netflix Account May Be on Sale on Darkweb. Protect It

Your Netflix Account May Be on Sale on Darkweb. Protect It

August 13, 2021

3 min read
E-mails claiming your computer was hacked and your privacy exposed - what you need to know (spoiler: you can relax - they’re bluffing)

E-mails claiming your computer was hacked and your privacy exposed - what you need to know (spoiler: you can relax - they’re bluffing)

July 29, 2021

5 min read
Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US

Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US

July 16, 2021

3 min read
How to protect yourself against cyberstalking

How to protect yourself against cyberstalking

July 06, 2021

2 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Microsoft Drops Password Authentication for Most Products Microsoft Drops Password Authentication for Most Products
Silviu STAHIE

September 16, 2021

1 min read
Apple Rolls Out Urgent Patch for Zero-Day Flaws in iOS, macOS and watchOS Apple Rolls Out Urgent Patch for Zero-Day Flaws in iOS, macOS and watchOS
Filip TRUȚĂ

September 14, 2021

2 min read
WhatsApp Users Get Option to Encrypt Backups WhatsApp Users Get Option to Encrypt Backups
Silviu STAHIE

September 13, 2021

1 min read