The scam campaign was uncovered by Mimecast, a cyber security company. A deep dive revealed no less than 1,700 scam attempts sent to Google Nest users, mostly in the United States, early this January. So how does this sextortion campaign work? The scammers contact a Google Nest user, claiming to have compromising footage of them. Then, they demand for a payout, which would hypothetically prevent them from releasing that footage. However, this scam differs from most in that the scammers don’t immediately tell their victims what they want. Instead, victims are sent a password to use to access an email account. In that account, they will find a email in which there’s a link to a site that has very real and genuine footage downloaded from the Google Nest site. But the catch? It’s not footage of the victim.
Is the Google Nest sextortion scam a security breach?
To be perfectly clear, the Google Nest sextortion scam is not a security breach. Even though it’s been proven that these internet-connected devices are susceptible to hackers, the scammers in this case are not actually hacking into Google Nest accounts. Instead, they are preying on people by using the fear of a breach against them. That being said, it is still unclear as to how the scammers gained access to Google Nest users’ email addresses.
How can I better protect myself?
Protecting yourself from scammers and hackers is becoming more and more important, especially as we start introducing smart home products into our private spaces. A big step in the right direction is educating yourself about the how hackers target their victims, staying up-to-date on the latest breaches and taking steps to protect your personal information. We also recommend doing your research before you invest in a smart security system: check out our picks for best home security systems (opens in new tab), best video doorbells (opens in new tab), and best wireless security cameras (opens in new tab). However, one very easy step you can take right now is enabling two-factor authentication on your devices to better protect your accounts and your data. This will make it harder for hackers to gain access to your information. You should also look out for signs that you may have been targeted: suspicious emails and log in and account information requests are common. When in doubt, contact the company that supports your device for clarification - in this day and age, there’s no such thing as being too cautious.