Zoom and Sextortion Scam

This year, cybercriminals were getting creative: playing on coronavirus panic, deepfake voices, using remote workers to hack into companies. Considering that sextortion has returned with new force, the creative ideas began to run out. But this time hackers focused on a specific group of people.

Bitdefender Antispam Lab experts recently discovered a new wave of ransomware targeting users of Zoom, a popular video conferencing service. Interestingly, this time the cybercriminals have worked on their mistakes and implemented more psychological tricks in their emails.

Anatomy of sextortion

To make sure the victim didn’t miss the message, the blackmailers decided to start with a catchy headline “Regarding a recent video conference at Zoom”. Further along in the first paragraphs, they draw attention with the words “you recently used Zoom and we have bad news for you.” Since during the coronavirus many people switched to working and studying remotely, the likelihood of hooking someone with such a phrase is very high. But that’s just the beginning.

Blackmailers are also referring to new 0-day vulnerabilities allegedly discovered in the app that allowed access to the camera and some other metadata in the user’s account. There have indeed been many reports this year of Zoom’s weak cybersecurity, from Zoom bombing to account theft.

Classically, cybercriminals insinuate that they managed to film sex scenes featuring you through a webcam. There seems to be nothing unique about this email, but the author suddenly starts making excuses and pressing pity. “I’m very sick, I lost my job, I’m about to be moved out, and I have no money to survive. It’s all because of a stupid virus. I’m very sorry. I have no other choice.”

The psychological pressure doesn’t stop there, and cyber blackmailer cites the recent case of CNN journalist Jeffrey Toobin, who was suspended for masturbating during a Zoom video chat at work. “I don’t want you to be the next Jeffrey Toobin,” he writes.

To keep the video from reaching your loved ones and employers, a hacker gives you three days to pay him $2,000 in bitcoins. The amount is non-negotiable, and he promises to delete the sensitive file after receiving payment.

Does it work?

You’d be surprised, but the psychological game based on shame and fear is very effective. Cybercriminals get millions of dollars out of their victims’ pockets every year. At the same time, the chances that such videos exist are negligible.

If you become the recipient of such an email, we advise you to delete it immediately, without opening it. Mostly, cybercriminals send out such threats randomly, using large batches of email addresses from data leaks.

The campaign targeted a quarter of a million recipients, mostly in the United States, and launched on Oct. 20.

Related Posts


Webcam Cover: Paranoia or Necessity

Sorry, this entry is only available in Russian. For the sake of viewer convenience, the content is shown below in the alternative language. You may click the link to switch the active language. Обычно люди делятся на два лагеря: те, кто заклеивает камеру и те, кто нет. Кто из них прав и почему? Для начала […]


The Biggest Hacks of 2021

Sorry, this entry is only available in Russian. For the sake of viewer convenience, the content is shown below in the alternative language. You may click the link to switch the active language. За последние пару лет стало трудно игнорировать тот факт, что цифровая жизнь, частью которой мы все являемся, совершенно уязвима перед киберпреступниками. Хакеры […]


Cyber Pandemic: Worldwide Drill

What would you do if today you couldn’t access your bank accounts, the Internet, or your cell phone suddenly stopped working? A pretty unpleasant scenario, but a very real one. Cybersecurity was one of the top topics on the global agenda during the World Economic Forum (WEF) 2021. Experts emphasize that as global digitalization accelerates, […]

Leave a Reply

Your email address will not be published. Required fields are marked *