That tiny camera on your laptop, smartphone, or tablet – the one that’s pointing your direction all hours of the day and night – has been the MVP of COVID. Many of us have relied on webcams for work, connecting with family, and even going to school this past year and a half.
But webcams can have a dark side, too. Cybercriminals use them – or, more likely, use our fear about what a stranger might see if someone hacks into them – all too often these days.
The Better Business Bureau warns people about a sextortion scam that’s been around for a few years but hit people especially hard as the pandemic boosted webcam use.
It often starts with an email claiming that some creep’s been spying on you through your device camera while you watch porn on your device. Or maybe they claim to have caught you in the act of getting undressed or having “grown-up time” with your significant other.
Whatever the actual threat, the premise is the same: I’m spying on you and I’ll unleash the video to the internet – and send a copy to all your colleagues, friends, and family – if you don’t pay up within 48 hours or less.
While most of us recognize this bogus threat for what it is – spam to delete right away – people lose hundreds of thousands of dollars to it every year. Law enforcement in the U.S. and the U.K. even blame the sextortion scam for a spate of suicides.
Can hackers access your webcam?
Is someone actually spying on you through your webcam? The simple answer is not likely – especially not in the way this particular scam often threatens. But webcam hacks do happen, and there are ways to keep the creeps out that go beyond covering your camera with a piece of tape.
“Malware, hackers, and nation-states have long used people’s webcams to spy,” Roger Grimes, data-driven defense evangelist at security training firm KnowBe4, explained over email. “But they are rare attacks.”
Hackers can’t just access any connected webcam with their mad cyberpunk skills. They typically need to install a remote administration tool (RAT) on your computer first. They mainly do this by sending emails with malware attachments and convincing you to open them. Or, they lure you to click phishing links that download malware on your device and through other clever ruses. If you’re savvy enough not to fall for these scams, use strong passwords and run a reliable, up-to-date virus protection software, you’re ahead of the game.
“The best way to fight surreptitious recording is to make sure your device doesn’t get compromised in the first place,” Grimes wrote. “Make sure you aren’t socially engineered into running a trojan horse program you shouldn’t have executed; your device is fully patched at all times; and you use different, strong, passwords at every website and service. Do that, and you’ll defeat every malicious hacker and malware program – not just the ones that do secret webcam recordings,” Grimes added.
How can I tell if my webcam has been hacked?
Will you know, though, if someone’s watching you through your webcam? You should.
Most webcams have a green, red or white light to show they’re on. “The best webcams have a light that indicates when they are being used,” explained Grimes. “But people don’t always notice that the light is on or don’t know that they’re being recorded – especially if they’re not expecting it.”
If your webcam light comes on at strange times, especially when you didn’t just walk over and turn it on, that’s a giant red flag. Even if a scammer doesn’t capture compromising video of you doing things you don’t want your mother to see, webcams shouldn’t accidentally turn themselves on, and it’s a device malfunction at best.
If this happens, close down all your active apps, including any that are running in the background. This will let you know if any apps are turning on your webcam by themselves, which could happen if you gave them permission to do that when you downloaded or signed up for them. Delete any you find that might be turning your webcam on when not in use.
Has a browser extension gone rogue?
Another potential cause of your webcam going rogue could be a browser extension. Close all of your internet browsers and then reopen them one at a time. Does your webcam indicator light come up when you click on a particular browser? If the answer is yes, your next step is to delete every single browser extension, then add them back one by one to figure out exactly which one causes the camera to turn on. If you find the culprit, delete it. Chances are there’s an equally good browser extension you can use that doesn’t accidentally turn your webcam or microphone on at random.
Have you run trusted antivirus software, even on a Mac?
If you think your computer has been compromised in any way, run a trusted malware scan, yes, even on a Mac. I’ve used Sophos, AVG, Malwarebytes and many others.
If you already have a good antivirus app, running a manual scan will let you know if there’s anything suspicious on your device. If there is, click on the specifics to see if your webcam’s compromised and make sure the antivirus app removes potentially problematic apps or files.
If you have been hit by malware, there’s a chance it installed a RAT on your system, which may give it access to your webcam, which is often called, “camfecting.” Well-known camfecting attacks include Rbot-GR, Mirai and InvisiMole, among others. If a keyword like any of these pops up, you know you’re dealing with the big dogs, and it’s definitely time to clean up your computer. If you have a RAT, you want to get rid of it as soon as possible. It can do more than record you. It can access files and possibly log keystrokes to access passwords.
One caveat here: Make sure the antivirus scan, especially if you get it from an app, is a legit one, too. That means downloading it from Apple’s App store, Google Play or straight from a verified company site. People have been tricked into installing malicious software masquerading as antivirus apps. The apps – Mac Defender, MacProtector or MacSecurity – promised to get rid of malware on your Apple device but actually planted it there instead.
Have you checked your security settings?
While you’re troubleshooting, open your webcam app and check the security and accessibility settings, too. Do you have strong webcam passwords that no one has changed? Do any apps have access to your webcam that you don’t remember granting permissions to?
Your antivirus software should let you check to make sure limited-access features are disabled and webcam alerts are turned on, so you’ll always know when the camera’s on. It’s also a good idea to make sure your operating system is up to date and that no firewalls or other security settings have changed or been disabled recently.
The easiest way to prevent anyone from seeing through that camera, though, might just be to cover it up when you’re not using it. Many new laptops, smart home screens, and tablets now come with a built-in webcam cover. Or you can buy a two-pack of webcam covers on Amazon for $7. Or take a cue from Facebook CEO Mark Zuckerberg and former FBI director James Comey and use tape to cover it – and your device microphone – when you’re not using them.
Even experts like Grimes still cover theirs. “If I don’t have one of those sliders, I use a black piece of electrical tape. It’s cheap and easy to take on and off.”
No matter how you plan to protect your privacy, remember the most important point here: Don’t send money to anyone. Take the sextortion scam for what it is – another sleazy cybercrime that you’re too smart to fall for.
***This story originally ran in USA Today.***