Sextortion scams trick victims into thinking Nest cameras record themJanuary 19, 2020
Fabrice Lerouge | Getty Images
A new form of sextortion scam bilks unsuspecting victims out of money after telling them they’ve been recorded privately on home security cameras.
It’s an alarming new version of the old scam where criminals try to convince you they have illicit recordings or information about you, which they’ll release unless you pay them a ransom, said Kiri Addison, head of data science at IT security company Mimecast. She said Mimecast recorded a huge spike in the new tactic, with more than 1,600 scam emails intercepted in just a two-day period from Jan. 2 to Jan. 3.
“This one is a bit different. It stood out, because it’s really convoluted in a way,” Addison said.
“It starts out with a single email saying ‘we’ve got some nude photos of you.'”
The email then provides a link that leads to a landing page on a website, showing generic footage from a Nest camera or another surveillance camera in a common area, like a bar or restaurant. This, according to the ransomers, is supposedly an area familiar to the victim. The generic footage, which looks like any location the average person may have visited in the last week, is meant to convince the victim he or she has been recorded elsewhere, possibly via smartphone, for a long period of time.
Email demands for sextortion.
“Imagine everything you have done in over 11 months and imagine what we have seen you do,” one such landing page reads. “Your videos are currently being uploaded on several porn websites and you have only one week until they [are] free for the public to view.”
Taking advantage of real events in the news
The scam has emerged after several worrying videos showing how criminals were able to gain of access to home cameras, including Google’s Nest cameras, Amazon’s Ring cameras and even — in previous years — baby monitors.
The scam, like most sextortion scams, relies on “social engineering,” a process through which the scammer induces shame, panic or guilt in a victim in order to get them to act quickly — often without thinking.
After the initial email, the scammers lead the victim through an elaborate maze, asking them to sign up for another type of email address, where they will supposedly receive further proof and information.
More “proof” may come in the form of a generic smart phone recording image, and further messages often ask users to set up yet another email address.
Along the way, they ask the victim to establish a bitcoin wallet and pay around $500 in cryptocurrency to keep the supposedly damning photos or video from being released, according to the research from Mimecast. The company does not track statistics on how many people have fallen for the scam.
Email demands for sextortion.
The photos and video don’t exist, Addison said. The fraudsters make the scheme complicated so it’s harder for security companies to trace the email threads or track the origins of the criminal’s bitcoin wallet.
“It also gets the [victim] a little more involved, and has the effect of,…