Don’t open this email about a ‘Zoom conference call’ – it’s a ‘sextortion’ scam

October 31, 2020

By Kim Komando

Sextortion is a nasty kind of scam that too many people are unfortunately falling for. Most of the time, scammers are bluffing when they claim to have blackmail over their victims — but that hasn’t stopped them from racking up millions of dollars in stolen funds.

When scammers make sextortion threats, they’re playing on paranoia and fear. Despite all the bluster, they almost never have access to your webcam or illicit footage of you. Tap or click here to see Kim’s guide to these scams and how to avoid them.

To keep money flowing, scammers pay close attention to current events that can give their lies more weight. And now, they’re claiming to have access to Zoom calls — where they can record unsuspecting victims without them knowing. Here’s the real truth behind these blackmail schemes.

Scammers are watching the news, too

Recently, a prominent journalist from the “New Yorker” was caught performing indecent acts during a Zoom call with his colleagues. According to him, he had no idea his webcam was turned on — which meant everyone else in the call witnessed the debacle.

The story, which made Jeffrey Toobin the second most searched Google topic on Oct. 19, showed the darker side of video calls with apps like Zoom.

But scammers may have been paying attention to this story, too. A new type of sextortion scam discovered by researchers at Bitdefender Antispam Lab appears to have been launched the very next day — and includes the same lurid story details about compromising sexual footage and Zoom calls.

Here’s how the scam works: Victims get an email from an unknown sender that claims to be a hacker. They mention a zero-day vulnerability that they used to hack into Zoom and threaten to share a recording they made of you unless you pay $2,000 in Bitcoin.

Source: BitDefender

What’s more, the message references several other current events like COVID-19, the looming eviction crisis and Jeffrey Toobin himself. If you didn’t know any better, the sheer amount of current events almost makes the message seem real.

But as it turns out, it isn’t. It’s just another empty threat sent to at least 250,000 people during the last two weeks. And because Bitcoin is untraceable, once you pay, the money is gone forever.

How can I protect myself from this sextortion scam?

Sextortion scammers are banking on two things to succeed in their crimes: Their creative writing skills and your lack of tech knowledge. As of now, there is no zero-day vulnerability in Zoom that could allow such a break-in to happen. And if there was, it would be front-page news (given how critical the software has been to companies around the world during COVID-19).

The threat of sextortion is usually enough to get victims to pay, but some scammers have been known to go further. There have been cases where they’ve shown “evidence” that they’ve hacked your accounts by sending you stolen usernames and passwords. But this data is almost never obtained by them directly. Instead, they grab it from known data breaches and leaks.

In fact, this is usually how these scammers get your contact information in the first place. Tap or click here to see if your data is included in some of the year’s biggest data leaks.

If you do get one of these messages, there’s only one thing you should do: Ignore it! Responding in any way will let the hackers know they can reach you — which means they could try again or add you to a spam mail list.

At the same time, you should never attempt to pay the ransom. Bitcoin is an anonymous digital currency, and just like with cash and gift cards, there’s no way to get it back once you’ve paid.

Plus, the Bitcoin software you download to pay the scammer could be infected with malware of its own. Tap or click here to see why Google pulled several Bitcoin extensions for Chrome.

Thankfully, sextortion isn’t as dangerous of a threat as ransomware or phishing. Think of it as a scary variety of spam mail instead of an actual form of blackmail. And like every other piece of spam mail, it’s best left to your email filter instead of you.

https://www.komando.com/news/zoom-sextortion-scam/