Google Nest owners targeted in sextortion campaign

midian182

TechSpot Editor
Staff member

For those who don’t know, sextortion email scams usually involve someone claiming to have obtained explicit video of a person and threatening to share it unless money is paid—one popular version claims a victim’s webcam was hacked and they were caught watching pornography. In reality, the perpetrator almost never has any of the alleged footage, but some people pay up out of fear.

Computer Weekly writes that researchers at cybersecurity company Mimecast uncovered a sextortion campaign that started early in January and targeted almost 1,700 Nest users—most of whom were based in the US.

Unlike similar scams, this one was slightly more complex. Rather than containing a link to, for example, a bitcoin wallet where the victim can pay the money, the initial email only claims to have the footage and doesn’t explain what the blackmailers want.

The message contains a password for logging into an external email account, which contains an email with a link to a site that features genuine footage downloaded from Google’s Nest site. However, the footage isn’t taken from the victim’s device.

Victims are then directed to another email inbox, where they are warned the footage will be posted within a week unless the blackmail is paid. In one example, the criminals demanded around 500 Euros ($556) in bitcoin, “or gift cards redeemable at retailers including Amazon and iTunes, but also US chain stores Best Buy and Target.”

“The campaign is exploiting the fact people know these [IoT] devices can be hacked very easily and preying on fears of that,” Mimecast’s head of data science overwatch, Kiri Addison, told Computer Weekly.

“It is now widely known that many IoT (Internet of Things) devices lack basic security and are vulnerable to hacking, meaning that victims are more likely to believe the fraudsters’ claims, since the possibility of their device having really been hacked is highly plausible."

As is the case with most sextortion campaigns, the hackers don’t have the claimed compromising footage of victims, and any emails should be ignored. And while the security failings of many IoT devices are genuine, there was no breach in this case.

Permalink to story.

 

QuantumPhysics

TS Evangelist
SEXTORTION is one of the more terrifying cybercrimes out there.

You get these chat messages with video recordings of sexy women who perform sex acts and they attempt to trick you into doing the same so the "guy" on the other end can record you and then blackmail you.

Thing is: if this isn't a wake up call for people to stop buying these "home speakers" and putting "Alexa", "Cortana" and "Siri" in your living rooms and bedrooms, then I don't know what is.

I don't even have Kinect in my bedroom. I unplug my webcam till I want to use it. I have no SMART TV with camera/microphone.

George Orwell could never have imagined that we'd be stupid enough to spend money for our own surveillance.

On a side note... people like Kitboga make me proud.
 
  • Like
Reactions: Capaill

Uncle Al

TS Evangelist
YEP .... once again, another great reason to never put that crap in your home .... some say it does more good than bad, but when it's bad it's as bad as bad gets! Not in my house!!!
 

cliffordcooley

TS Redneck
They can try to extort me all they want. I doubt they ever get footage. However if they did manage to get their hands on something. I would simply tell them to do what they want. Because I'm not paying. I'm not delusional in thinking I'm in a minority with my actions.
 

QuantumPhysics

TS Evangelist
They can try to extort me all they want. I doubt they ever get footage. However if they did manage to get their hands on something. I would simply tell them to do what they want. Because I'm not paying. I'm not delusional in thinking I'm in a minority with my actions.
Right on...I'm waiting for the day one of these animals tries to extort me.
 

captaincranky

TechSpot Addict
But how about if they do actually catch the master of the house slamming the 16 year old babysitter? Would the ransom go up? Or. would they do "the right thing", and turn the files over to law enforced thus; "listen, I was trying to blackmail somebody, and caught them banging a girl young enough to be his granddaughter". How much is my reward for thwarting this deviant?