Bitcoin-hungry criminals are targeting owners of Google Nest home security cameras in their latest sextortion campaign, Computer Weekly reports.
Email cybersecurity company Mimecast says the campaign mostly targeted individuals in the US earlier this month.
Kiri Addison, Mimecasts’s head of data science overwatch, said this particular campaign was unusual in that criminals were using a more complex methodology to hide the origins of the scam emails in hope of concealing their identity even further.
As is often the case in these types of campaigns, criminals claim to have footage of the victim and threat to release it unless a ransom, typically in Bitcoin, is paid.
What makes this particular campaign stand out, though, is that criminals typically share a Bitcoin wallet address with the victim in their original email but that’s currently not the case. Instead, the criminals simply tell the victim they have the footage.
The hackers then give the victims a password that enables them to access an external email account.
Once they log in, the victims will see an email containing a link to a site that hosts genuine footage downloaded from the Nest site. But there’s a catch: the footage isn’t actually taken from the victim’s device!
The victims are then directed to yet another email inbox where they are told the footage will be published within seven days unless they pay the requested ransom.
In an email seen by Computer Weekly, the hackers asked for €500 ($557) in Bitcoin. They were also happy to receive payment in Amazon, iTunes, Best Buy, and Target gift vouchers.
Addison told the publication that she thought the campaign was likely a result of email addresses being harvested from another database.
“Any incident where someone is made to feel unsafe in their home is deeply unfortunate and something Nest works hard to prevent. That’s why privacy and security are the foundation of our mission,” a spokesperson for Google Nest told Computer Weekly.
“Incidents like this campaign typically occur when a bad actor tries their luck with email addresses from databases of stolen information. Nest users who are contacted by these actors should not respond and we encourage them to contact Nest support if needed,” they added.
A lucrative method
A report by UK firm Digital Shadows found that cybercriminals made over $300,000 in Bitcoin payments during a ‘sextortion‘ campaign, which was first spotted in the wild in 2017 but saw increased activity in the middle of last year.
According to the firm, blackmailers raked in some $332,000 from over 3,000 unique sender Bitcoin addresses.
Published January 15, 2020 — 12:43 UTC