One of the main business successes of the Covid-19 pandemis is the Zoom video conferencing app, which registered over 300 million new users by the end of April thanks to the requirements of remote workers and long distance communications.

This new working routine means that some remote workers take a more haphazard attitude towards cybersecurity and what they do in front of their laptop cameras. This comfort zone has results in a new way for hackers to target staff and companies through of Zoom sextortion scams.

Sextortion has become a new vector of attack for hackers to steal money from unsuspecting individuals. The scam is largely email-based. The scam is blackmail based. Sextortion, also called ‘porn scams’ is not new to cybersecurity threats. A recent report released by Sophos discovered that millions of sextortion emails were broadcast in 2019-2020 earning the fraudsters behind the emails over $500,000. Hackers love successful scams, so they continue to come up with new campaigns based on a successful theme.

The sextortion emails normally include a threat to make public sexually explicit material, usually as a video. The hacker explains in the sextortion email that the video was recorded by malware downloaded on the user’s device. The threat continues that if the victim does not meet the ransom demand (usually in bitcoin) within a given time period, the compromising video will be shared to the user’s contact list.

An example of a sextortion email (received recently) is displayed here:

As always, hackers are talented at spotting an opportunity, and as Zoom has become a major part of our daily lives, so cybercriminals have perfected their sextortion tactics to the video conferencing platform. This most recent sextortion campaign, ‘Zoom sextortion’, has been connected to an incident that included TV analyst Jeffrey Toobin. Toobin was caught in a compromising position on a Zoom video conference with other media workers. Whilst Toobin was not specifically a victim of sextortion, in this instance. However, the fact such a famous  person was captured ‘on camera’ in a compromising position, has permitted fraudsters to use the incident as added pressure in sextortion email campaigns.

Email is again the central vector in the Zoom sextortion campaign. As the Zoom app increased in use, security was quickly identified as a major area for concern. “Zoombombing”, involving Zoom conferences being invaded by uninvited users was a particular issue in the early days of COVID-19 lockdown. In March, the FBI released a warning about the hijacking of Zoom and other video conferencing services. Security vulnerabilities were focused on access control issues in the Zoombombing attacks.

This most recent Zoom sextortion targets two weaknesses, the fears of Zoom users in relation to security and being exposed do embarrassing things that are captured on Zoom.

The sextortion email claims that states that a zero-day flaw in the Zoom app has permitted access to the victim’s camera and other device metadata. The hacker continues by outlining that they have captured embarrassing footage of the user during a Zoom meeting, referencing to the Jeffrey Toobin case.

“I do not want you to be the next Jeffrey Toobin”  — states the sextortion hacker scammer…

Most workers being sent this email will not feel threatened. However, a small number of people may feel bullied and concerned that even a minor misdemeanor may end in a warning or even a sacking. Due to this, the victim may decide to pay the ransom, which in this particular scam is $2000 in bitcoin.

Cyber-extortion is becoming more popular as hackers look for quick wins.