CERT NZ and Netsafe have issued the joint warning, following a reported rise in these online blackmail incidents.
This is how it works: A scammer will email a person. The email claims that when this person visited an unspecified adult website the scammer turned on the person’s webcam and recorded what was happening.
The scammer threatens to email the video to all the person’s contacts unless they pay a ransom of around $500.
“We can’t confirm whether the video recordings actually exist, or if this is an opportunistic scam,” according to an advisory from CERT.
Netsafe says there is another version of this scam.
A scammer will set up an online profile with an attractive profile picture. This could be on social media or on an online dating site. They connect with a person, and encourage them to perform certain acts with the webcam on. They record this activity, and use it to blackmail the person. There have been reports of these videos being released on social media.
CERT and Netsafe have issued some guidelines for the public.
For extra security, they advise users to cover their webcam with removable tape or a webcam cover when they are not using it.
They should also be smart about making friends on social media and only accept friend invitations from people that they know in real life.
It is also important to understand the privacy settings for each social media accounts. “Think about who you want to see your profile, and what kind of information you want them to see.”
CERT advises not to pay the ransom. “It can be tempting to pay money to make the problem go away. In similar cases overseas, the scammers continue to ask for more money once the first ransom is paid.”
“Do not contact the scammers. Block them on whichever method of communication they’re using to speak to you.”
If you're affected by this scam, there is a chance that you could have malware on your computer system, says CERT. It recommends taking your computer to an IT specialist to check for malware.
You can also report the incident to Netsafe and the Police.
The advisory notes blackmail is a serious criminal offence in New Zealand, punishable by up to 14 years imprisonment.
“Until you decide what you want to do with the incident, don’t delete any information, including the original demand, any other correspondence, social network accounts the scammer has used, and methods of payment.”
Digital evidence is fragile and needs to be captured in a timely fashion, it says. Once deleted or blocked the evidence is generally gone.
Join the CIO New Zealand group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.