Avast, the world leader in digital security and privacy products, announced today that there were more than half a million sextortion attack attempts in January.
Most of these attacks targeted English-speaking users in the UK and the US, however, researchers at Avast Threat Labs, the network of cybersecurity researchers that protects more than 400 million people from new and emerging online threats. , they noted for 4,051 such attacks in Mexico.
Sextortion campaigns consist of emails claiming to have logged the user during their private sexual moments and threatening to make them public unless the victim pays a sum of money to the attacker.
Avast researchers advise people to stay calm and ignore sextortion emails instead of fighting back, as they are usually false accusations.
“Sextortion scams are dangerous and intimidating and can even have tragic consequences, leading to suicide in those affected. During the pandemic, cybercriminals saw a great opportunity to carry out these types of attacks successfully, as people spend more time on Zoom and in front of their computers, «said Luis Corrons, Avast Security Evangelist.» Despite the fear. that these emails can give us, we urge people to remain calm if they receive such a message and to ignore it, as it is nothing more than a ploy by cybercriminals trying to get their money. «
The most common sextortion campaign involves taking advantage of the large increase in Zoom usage during the pandemic and falsely claiming that the attackers had access to the user’s device and camera.
Avast saw an increase in these types of campaigns last Christmas. The threat authors claim in an email that they exploited vulnerabilities in the Zoom application to access the user’s device and camera. Avast did not detect any real vulnerabilities in Zoom.
The email also mentions a «recorded sexual act» and that the attacker had access to «sensitive information» that can cause «terrible reputational damage» unless a $ 2,000 payment in Bitcoin is made.
A distinctive feature of this campaign is that the emails appear to be sent from the user’s email address. However, the reality is that the sender’s address has been tampered with and a more detailed analysis can reveal his real address.
The second most frequent campaign is the one in which an email is sent with the threat that a few months ago a Trojan was installed on the victim’s computer that recorded all his movements with the microphone and the webcam. Furthermore, it also claims to have extracted all data from the device, including chats, social media interactions and contacts.
The attackers demand a ransom in cryptocurrencies, as well as include a note with a fake «timer» that starts when the victim receives the email, in order to set a deadline for the ransom.
“As in the Zoom campaign, all of these threats are false. There are no undetectable Trojans, nothing has been recorded about it, and the attackers don’t have the data they claim to have. The timer included in the email is another social engineering technique used to pressure victims to pay, ”said Luis Corrons.
Researchers have detected other sextortion campaigns, some of which are originally written in different languages and the content is translated automatically using a tool like Google Translate.
How to protect yourself from sextortion
Luis Corrons advises users to treat sextortion emails like they would scam emails: by ignoring them.
“Users shouldn’t reply to emails and they shouldn’t pay the attacker money. Nobody will really blackmail you; it’s just spam. Even if you receive an email that appears to have been sent from your account, ignore it. «
Attackers can also provide leaked old passwords to increase the credibility of their threat. If so, users should change their passwords and apply best habits to harden their passwords.