Nest Video Extortion' Email Scam

Email tactics have existed since the dawn of the Internet. One of the newest schemes that are gaining prominence quickly is called the ‘Nest Video Extortion’ email scam. This campaign appears to target users located in the United States, mainly. According to reports, the authors of the ‘Nest Video Extortion’ tactic have sent fraudulent emails to more than 1,500 users. This tactic also can be classified as ‘sextortion’ as the attackers claim to be in possession of nude footage of the target and threaten to send them to various adult entertainment websites. The attackers also claim to have access to the user’s mobile device, which serves to intimidate the target further. Instead of just asking for cash in exchange for wiping out the supposed nude videos, the attackers take a different path.

Uses Various Social Engineering Tricks

Firstly, the user will be asked to log into a protonmail.com email account provided by the attackers. Upon logging into the email account, the target will see a message stating that this account has been compromised by the attackers, and it can serve as a means of communicating with them solely. However, this is not the case, and this is yet another social engineering trick employed by the authors of the ‘Nest Video Extortion’ email scam that serves to present them as threatening and highly-skilled hackers. Next, the user is redirected to a website hosting live streams from Nest devices. The attackers claim that these are other users whose systems they have compromised. They also add a fake stream that is meant to come from the victim’s smartphone that is not operational. However, the live streams provided by the attackers are not from devices they have compromised but are available live video feeds publicly. The authors of the ‘Nest Video Extortion’ tactic also provide the user with a ransom note that urges the victim to get in touch with the attackers via Gmail.

The Attackers Demand Bitcoin or Gift Cards

Targets who follow the instructions and send an email to the provided Gmail address will get another set of login credentials corresponding to a different Protonmail.com email account. Again, the creators of the ‘Nest Video Extortion’ tactic apply the same trick – they state that the Protonmail.com account is hacked and is meant to only serve as a means of communicating with them. After completing all the steps, the target will see the ransom message of the attackers. The con-men behind the ‘Nest Video Extortion’ tactic demand €500 in the shape of Bitcoin as a ransom fee. As an alternative, the victim also can pay the fraudsters with Gift Cards totaling $600 from popular services like eBay, Amazon, Target, Steam, iTunes, etc.

Most con-artists who operate in this field keep their schemes rather simple and straight to the point. However, the creators of the ‘Nest Video Extortion’ tactic try to appear more harmful and more experienced in cybercrime than they are. Naturally, this is a social engineering trick used to scare the users into thinking they are dealing with highly skilled individuals. Remember, most cyber crooks who claim to have compromising information about you are lying. Do not trust their claims, and do not pay the ransom fee as your money will go towards funding their criminal activities in the future.