Security experts have warned of a growing wave of devastating digital attacks targeting Australians with a sex email that can be very convincing.
Attempts at online ‘sextortion’ are rapidly on the rise in Australia, most commonly in an email threatening the recipient with the release of Zoom footage the sender claims recorded them masturbating.
Almost 60,000 attempts to extort Australians were made in January, up from 12,000 attempts in December, according to global digital security company Avast.
Avast blocked 59,100 sex scamming attempts in Australia last month – the third highest of any country in the world. The US had the most attempts blocked, with 122,838, while 97,546 were thwarted in Italy.
The sex scammers sends the same email to users, claiming they obtained footage from a Zoom call left on record while the users performed intimate acts on themselves.
The email threatens to release the footage unless a Bitcoin payment equivalent to $2000 is paid within 48 hours. Avast has not found any actual vulnerabilities in the Zoom application.
The scam email claims to have “some very unfortunate news” that “there was a zero day security vulnerability on Zoom app.”
“In your worst dreams, I have made footage with you as a main actor where you work on yourself (perform sex act to be clear),” the scam email reads. “Having fun is okay with me, but is not OK with your reputation.
“Please don’t blame me or yourself for this. You couldn’t know the camera is working … I’m sure you don’t want to get embarrassed in front of your friends, family and colleagues.
“You should get this very clear, I will send the footage to all your contacts if I don’t get paid.”
Recipients are encouraged to look for grammatical errors given attackers often originated in non-English speaking countries and used Google Translate. Avast’s malware analyst, Marek Beno, said victims should remain calm despite the “dirty trick”.
“Sextortion scams are dangerous and unsettling,” Mr Beno said. “During the COVID-19 pandemic, cyber criminals likely (saw) a strong opportunity for success as people spent more time on Zoom and in front of their computer generally.
“As scary as such emails may sound, we urge people to stay calm if they receive such a message in their inbox and ignore it, as it is just a dirty trick that cyber criminals use to try to get your money.”
The high numbers last month were caused by a peak on January 15. Avast experts believe attackers resumed when they knew potential victims would return to work after the holidays.
They base that theory on the fact Avast saw a significant global rise in the volume of sextortion emails after January 11.
Another common scam attempt sends an email in which attackers claim a Trojan was installed on the recipient’s device a few months earlier, which recorded all of the potential victim’s actions with a microphone and webcam.
It also claims to have collected all data from device, including chats, social media, and contacts.
The attackers demand a ransom in cryptocurrency and includes a fake ransom deadline. But Mr Beno urged recipients not to panic.
“As with the Zoom campaign, these threats are all fake,” Mr Beno said. “There are no undetectable Trojans, nothing is recorded, and attackers do not have your data.”
Mr Beno urged recipients of attempted scams to not respond or pay money to attackers and change passwords to be longer and more complex.