There were nearly 60,000 sextortion attempts in Australia in January alone, with attackers taking advantage of an increased reliance on video conferencing tools during the COVID-19 pandemic.
According to digital security and privacy firm Avast, there were 59,100 sextortion attack attempts in Australia in just the first month of 2021.
These attacks all revolved around the same strategy, with scammers sending an email to an individual claiming that they have recorded them during private, intimate moments and then threatening to release it publicly unless a ransom is paid in cryptocurrency.
These claims are nearly always fake, and individuals should remain calm and simply delete the emails, Avast malware analyst Marek Beno said.
“Sextortion scams are dangerous and unsettling, and can even have tragic consequences resulting in the suicide of affected users,” Beno said.
“During the COVID-19 pandemic, cybercriminals likely see a strong opportunity for success as people spend more time on Zoom and in front of their computer overall.
“As scary as such emails may sound, we urge people to stay calm if they receive such a message in their inbox and ignore it, as it is just a dirty trick that cybercriminals use to try to get your money.”
The company found that attackers have taken advantage of the COVID-19 pandemic and the increased use in video conferencing tools.
The most common sextortion attempt involved the scammers falsely claiming to have taken advantage of a critical vulnerability in Zoom which allowed them to access the victim’s device and camera.
But Avast said there is no evidence of this apparent vulnerability.
The email then mentions a “recorded sexual act”, and that the attacker has access to the “sensitive information” that will lead to “terrible reputation damage” unless a payment of $2,000 in bitcoin is made.
The email address is spoofed to make it appear to be coming from the user’s own email address, with the sender’s name modified. If the user clicks on the name, it then shows the real email address.
The second most common attack claimed that a piece of Trojan malware was installed on the recipient’s machine months ago, which then allowed them to record with the microphone and camera, and take data from the device including chats and contacts.
The attacker then demands a ransom and claims that a fake timer has started.
“As with the Zoom campaign, these threats are all fake,” Beno said. “There are no undetectable Trojans, nothing is recorded, and attackers do not have your data.
“The timer included in the email is another social engineering technique used to manipulate victims into paying.”
The cyber security firm advised recipients of an attempted sextortion scam to stay calm, treat the email like any other spam email and then change their password.
Australians have regularly been targeted with these kinds of attacks in recent years. In 2019 the Australian Cyber Security Centre issued an alert about the threat, saying that there had been 300 reports of the attacks in just a week in July.
