1

Zoom and Sextortion Scam

This year, cybercriminals were getting creative: playing on coronavirus panic, deepfake voices, using remote workers to hack into companies. Considering that sextortion has returned with new force, the creative ideas began to run out. But this time hackers focused on a specific group of people.

Bitdefender Antispam Lab experts recently discovered a new wave of ransomware targeting users of Zoom, a popular video conferencing service. Interestingly, this time the cybercriminals have worked on their mistakes and implemented more psychological tricks in their emails.

Anatomy of sextortion

To make sure the victim didn’t miss the message, the blackmailers decided to start with a catchy headline “Regarding a recent video conference at Zoom”. Further along in the first paragraphs, they draw attention with the words “you recently used Zoom and we have bad news for you.” Since during the coronavirus many people switched to working and studying remotely, the likelihood of hooking someone with such a phrase is very high. But that’s just the beginning.

Blackmailers are also referring to new 0-day vulnerabilities allegedly discovered in the app that allowed access to the camera and some other metadata in the user’s account. There have indeed been many reports this year of Zoom’s weak cybersecurity, from Zoom bombing to account theft.

Classically, cybercriminals insinuate that they managed to film sex scenes featuring you through a webcam. There seems to be nothing unique about this email, but the author suddenly starts making excuses and pressing pity. “I’m very sick, I lost my job, I’m about to be moved out, and I have no money to survive. It’s all because of a stupid virus. I’m very sorry. I have no other choice.”

The psychological pressure doesn’t stop there, and cyber blackmailer cites the recent case of CNN journalist Jeffrey Toobin, who was suspended for masturbating during a Zoom video chat at work. “I don’t want you to be the next Jeffrey Toobin,” he writes.

To keep the video from reaching your loved ones and employers, a hacker gives you three days to pay him $2,000 in bitcoins. The amount is non-negotiable, and he promises to delete the sensitive file after receiving payment.

Does it work?

You’d be surprised, but the psychological game based on shame and fear is very effective. Cybercriminals get millions of dollars out of their victims’ pockets every year. At the same time, the chances that such videos exist are negligible.

If you become the recipient of such an email, we advise you to delete it immediately, without opening it. Mostly, cybercriminals send out such threats randomly, using large batches of email addresses from data leaks.

The campaign targeted a quarter of a million recipients, mostly in the United States, and launched on Oct. 20.

Related Posts

card__image

Cyber Insurance: What To Expect In The Next Five Years

Sorry, this entry is only available in Russian. For the sake of viewer convenience, the content is shown below in the alternative language. You may click the link to switch the active language. Всё больше компаний в мире страхуют киберриски, а не надеются на удачу. В Украине пока с опаской относятся к такому виду услуг, […]

card__image

Ransomeware 2021: New Extortion Tactics

Sorry, this entry is only available in Russian. For the sake of viewer convenience, the content is shown below in the alternative language. You may click the link to switch the active language. Интересно, что нам принесет 2021 в контексте кибербезопасности? Конечно, каждый из нас надеется на лучшее, но по факту из года в год […]

card__image

2020: Cybersecurity Landscape

The year is coming to an end, and it was certainly an eventful one. In 2020, hackers found new vulnerabilities and took advantage of people’s weaknesses. What was the result? Let’s take a look at some key 2020 numbers: 90% of companies experienced an increase in cyberattacks during COVID-19. According to Tanium Global Research, 90% […]

Leave a Reply

Your email address will not be published. Required fields are marked *