Scammers have been hard at work over the long weekend, and while New Zealanders were out enjoying the three day break, CERT NZ received a significant spike in reports of webcam blackmail scams.
“Scams where attackers claim to have access to people’s webcams tend to go through spikes and that’s what we’re experiencing at present. Over Labour Weekend, CERT NZ received as many reports of webcam blackmail scams in three days as we received in the previous month – the largest spike we’ve seen since CERT NZ was launched in April 2017,” says Declan Ingram, Manager Operations, CERT NZ.
“We know that scams like this prey on people being too embarrassed to seek help, so we assume that the reports we’ve received are only the tip of the iceberg.”
“It can be frightening to receive an email where someone claims to have access to your computer or device and tries to blackmail you. We want to reassure New Zealanders that this is a well-known scam, and that the best thing to do is report it to CERT NZ and then delete it.”
In the reports received by CERT NZ, the blackmail email includes a password that the victim has used in the past and may still be using. The email also claims that the person visited an adult website. The scammer claims to have turned on the victim’s webcam while the victim was on the adult website and recorded what was happening.
“We can’t confirm if video recordings actually exist, or if it’s an opportunistic scam. We haven’t had any reports of scammers releasing a video when a ransom isn’t paid.”
The scam uses publically leaked information from data breaches to make people think that an attacker has access to their computer or device.
“The scammer gets the password from one of the data leaks that have been posted online. They are taking advantage of finding this data leak and are trying to pretend they have access to your computer. These data leaks contain huge numbers of account names and passwords; some contain millions of credentials.”
If you or someone you know has been affected by a webcam blackmail scam, the best thing to do is to seek help. People can report confidentially to CERT NZ to get help to recover, either at www.cert.govt.nz or by calling 0800 CERT NZ (0800 2378 69).
Note: CERT NZ has issued an advisory on this issue, further detail can be found at https://www.cert.govt.nz/businesses-and-individuals/recent-threats/webcam-and-password-blackmail-scam/
Media contact: 027 442 2141 or email firstname.lastname@example.org