Online Sextortion Attacks Increased During Pandemic, Demanded Ransom in Cryptocurrencies

·3-min read

Taking advantage of people's fear of intimate moments being exposed, crooks are targeting more and more users in their attempts to extort money by sending email with threats to release sexually explicit images or videos. In January alone, cybersecurity firm Avast blocked over half a million sextortion attack attempts. Most of these attacks targeted English-speaking users including nearly 4,000 in India.

Most of the sextortion campaigns use the same modus operandi, with scammers sending emails to users claiming they recorded the user during private, intimate moments, and threatening to expose them to the public unless the victim pays money to the attacker.

"Sextortion scams are dangerous and unsettling, and can even have tragic consequences resulting in the suicide of affected users," Marek Beno, malware analyst at Avast, said in a statement. "During the Covid-19 pandemic, cybercriminals likely see a strong opportunity for success as people spend more time on Zoom and in front of their computer overall."

But instead of reacting to them, people should stay calm and ignore sextortion emails as they usually are fake claims, according to the the security researchers. "As scary as such emails may sound, we urge people to stay calm if they receive such a message in their inbox and ignore it, as it is just a dirty trick that cybercriminals use to try to get your money," Beno said.

The most prevalent sextortion campaign takes advantage of the increased use of video conferencing services during the Covid-19 pandemic, falsely claiming to have accessed a user's device and camera. Avast said it saw an uptick of these campaigns during the holiday season in December 2020.

The threat actors claim in an email they took advantage of critical vulnerabilities in the Zoom application, allowing them access to the user's device and camera, although no actual vulnerabilities in the Zoom application was found by Avast. The email also mentions a "recorded sexual act", that the attacker got "access to sensitive information", and that this can lead to "terrible reputation damage" unless a payment of $2,000 in Bitcoin is made.

A distinctive feature of this campaign is that emails look like they are sent from the user's email address to themselves, however, only the sender name displayed has been modified and clicking on it reveals the real email address of the sender.

The second most common campaign sends an email in which the attackers claim a Trojan was installed on the recipient's machine a few months ago, which then recorded all of the potential victim's actions with a microphone and webcam, and exfiltrated all data from the devices, including chats, social media, and contacts.

The attackers demand a ransom in cryptocurrencies, and include a note about a fake "timer" that started when the email was received, in order to set a ransom deadline. "As with the Zoom campaign, these threats are all fake. There are no undetectable Trojans, nothing is recorded, and attackers do not have your data. The timer included in the email is another social engineering technique used to manipulate victims into paying," said Beno.

If the attacker has included an older leaked password of yours, it is important to change your password to a long, complex password if you have not done so already.