A bizarre sextortion scam is attempting to trick victims that not only has their smartphone been hacked to spy upon their private lives, but also every other device they have encountered which contains a built-in camera.
As Ionut Ilascu at Bleeping Computer reports the scam begins with victims receiving an email entitled “Your Nudity online”, claiming to come from hackers who say they have spied on their victim for 11 months, and have managed to record nude video footage of the victim through their smartphone camera.
The extortionists offer “proof” to their intended victim, by sharing the login credentials of an email account, which contains a link to a webpage that appears to show a live feed from Google Nest cameras.
However, the Nest camera footage does not show any nude footage of the intended victim. Instead potential victims are tricked into believing that the live feed is unavailable as the connection to their supposedly infected smartphone has been temporarily lost.
The scammers attempt to explain away the lack of any evidence that the users’ phone has been infected with the following technobabble:
“Our virus goes Live at intervals to transmit Feed from any of the other devices which your cell phone infected so it can infected some more devices. During this period we lose visual of the Live Feed from your cell phone and when this happens we can triangulate the signal from your cell phone and we always know where you are.”
The idea that a hacker might be tracing a user’s precise location could, of course, be very unsettling.
Furthermore, the innocent member of the public targeted by the scammers is told by the supposed hackers that “we programmed the virus currently in your cell phone to record what it sees through its camera and to infect any other device with a camera in its range so we can always have an eye on you.”
For non-technical users the idea that smartphone malware could jump to and successfully infect other camera-enabled devices – such as security cameras – in the vicinity might seem plausible. But it’s poppycock.
Nonetheless, the fact that the webpage contains some embedded video feeds from public Nest cameras might be enough to fall the unwary or paranoid.
And then comes the sucker punch:
“We have pornographic type home videos of you already recorded and we intend publishing them all over the internet. Your videos are currently being uploaded by your cell phone on several Porn website servers and you have only a week till they are free for the public to view.”
“Every SINGLE ONE of these Nude Recordings and Other Recordings where you were caught on camera doing something perhaps only you should know about are still on your cell phones iOS and uploads of these videos from your cell phone will continue every minute till all these videos are uploaded as cyberspace Porn.”
To add insult to injury, victims are told by their extortionists that the videos will also be uploaded onto electronic billboards.
The point of all these threats? To get the victim to contact the scammers via email where they will demand 500 Euros in payment through the Bitcoin cryptocurrency or US $600 worth of gift cards
But the truth is that they have not infected your smartphone. They have not infected any Nest cameras or CCTV cameras. They are not monitoring your location, nor spying on your daily activities. They do not have any pornographic videos of you.
Do your bit to discourage extortionists from making similar attacks. Stay clued up about the scams perpetrated via email, and make sure to raise awareness amongst your friends, colleagues and family – especially if you feel they might be vulnerable to falling for this type of unpleasant con trick.