Posted by Geraldine Hunt on Thu, Nov 12th, 2020
The Zoom video conferencing app has been the success story of the Covid-19 pandemic. By April, over 300 million of us had settled into the home office and began the Zoom meeting routine. This routine means that we may sometimes become a little ‘too comfortable’ with sitting in front of our device camera for video calls. This comfort zone has become another way for cybercriminals to exploit employees and businesses, this time in the form of Zoom sextortion scams.
What is Sextortion?
Sextortion has become increasingly used by cybercriminals to extort money from unsuspecting users. The scam has typically been email-based. The scam is, simply put, blackmail. Sextortion, also known as ‘porn scams’ is not new to the cybersecurity threat scene. A report from Sophos found that millions of sextortion emails were sent in 2019-2020 making the fraudsters behind the emails over $500,000. Cybercriminals love successful scams, so they continue to innovate around a theme.
The sextortion emails typically contain a threat to reveal sexually explicit material, usually in the form of a video. The scammer explains in the sextortion email that the video was captured by malware installed on the user's device. The threat continues that if the victim does not pay a ransom (usually in bitcoin) within a given time period, the compromising video will be sent to the user’s contacts.
An example of a sextortion email (received recently) is shown below:
“Hi, my prey.
This is my last warning.
I write you since I embed a malware on the web site with porno which you have viewed.
My trоjan capturеd аll yоur private datа аnd switched оn yоur cаmеra whiсh reсоrdеd the act of yоur sоlitary sеx. Just аfter thаt thе trojаn sаved your contаct list.
I will еrasе thе comprоmising videо rесоrds аnd infоrmаtiоn if yоu send me 1100 EURO in bitcoin.
This is addrеss for рayment : 1PTGiBdKsZdHxBm4961tTToqiA7B8fy3ZN
I givе you 30 hоurs aftеr you оpеn my mеssage fоr mаking thе рaymеnt.
Аs sооn аs yоu reаd the message I'll sее it right awаy.
It is not nесessаry tо tеll mе that you hаve sent mоnеy tо me. This address is соnnected tо you, my system will erasеd autоmaticаlly аfter transfеr cоnfirmаtion.
If you nееd 48h just Oреn thе сalсulatоr on your dеsktop аnd prеss +++
If yоu don't pay, I'll send dirt to аll yоur cоntaсts.
Lеt mе rеmind yоu-I sее whаt you'rе doing!
Yоu cаn visit thе pоlicе officе but аnybody сan't helр yоu.
If you try to dесеive mе , I'll know it immediаtely!
I dоn't livе in yоur cоuntry. So аnyоnе can nоt track my lоcation еven for 9 months.
bye. Don't fоrgеt аbоut thе shame аnd to ignоre, Your life can be ruined.”
As always, cybercriminals are masters of an opportunity, and as Zoom has loomed large in our daily lives, so cybercriminals have navigated their sextortion tactics to the video conferencing platform. This latest version of a sextortion scam, ‘Zoom sextortion’, has been linked to an incident that involved TV analyst Jeffrey Toobin. Toobin was caught in a compromising position on a Zoom video conference with members of the media. Whilst Toobin was not specifically a victim of sextortion, in this case. However, the fact such a high-profile person was caught ‘on camera’ in a compromising position, has allowed fraudsters to use the incident as added pressure in sextortion campaigns.
Sextortion and Zoom and Email Security
In this latest sextortion scam Zoom looms large. Zoom has become a ubiquitous tool in our everyday working lives since remote working took hold due to social distancing. Cybercriminals behind sextortion campaigns use the same tactics as always to extort money, just this time with a Zoom twist.
Email is again the central vector to deliver the threat. Coupled with this the sextortion email plays on Zoom security fears. As the Zoom app increased in use, security started to emerge as a problem for users. Zoom security, has, from the outset, been in question. “Zoombombing”, where Zoom conferences are infiltrated by uninvited people was a particular issue in the early days of lockdown. In March, the FBI issued a warning about the hijacking of Zoom and other video conferencing platforms:
“FBI has received multiple reports of conferences being disrupted by pornographic and/or hate images and threatening language.”
Security flaws centered around access control issues in the Zoombombing incidents
This latest Zoom sextortion scam plays a double-whammy: Zoom user fears of security in the app and exposure of any embarrassing Zoom episodes.
The sextortion email states that a zero-day vulnerability in the Zoom app has allowed access to the victim’s camera and other device metadata. The scammer continues by explaining that they have taken embarrassing footage of the user during a Zoom meeting, pointing to the Jeffrey Toobin case.
“I do not want you to be the next Jeffrey Toobin” -- states the sextortion scammer...
Most people receiving this email will not feel threatened; most of us don’t do anything worse than wear PJ bottoms during a Zoom call. However, a minority may feel bullied and worried that even a minor misdemeanor may end in a warning or even a sacking. As such, the victim may capitulate and pay the ransom, which in this particular scam is $2000 in bitcoin.
Cyber-extortion is gaining ground as cybercriminals seek quick wins. Interpol’s assessment of the cybercrime landscape during Covid-19 found the pandemic spawned attacks that take advantage of the situation. In the four-months to April 2020, Interpol received indicators of “907,000 spam messages, 737 incidents related to malware and 48,000 malicious URLs – all related to COVID-19”.
This latest cyber-threat is part of the ongoing exploitation of changing working patterns and new modes of collaboration. We should expect this situation to continue and attack patterns to persist with the use of email as the delivery mechanism.
Email Security During Covid-19 and Beyond…
Email has been weaponized by cybercriminals in a myriad of ways. It is the ideal conduit for the delivery of threats and malware. An enterprise must baseline email security to stop this delivery mechanism. Email security platforms deliver a holistic suite of protection mechanisms to deal with sophisticated threats, including protecting employees from email sextortion campaigns. These advanced systems prevent email spoofing and phishing as well as provide Web Content Filtering to stop attacks via malicious websites. As we move out of this pandemic, cybercriminals will continue to evolve their tactics. However, we can be assured that email will still help to deliver cyber-threats, including sextortion. By using smart email security platforms, we can all make sure we are not caught with our digital trousers down.