NOTICE: Extortion scam emails with stolen passwords not credible
by Michelle Saport |
We've had some reports of members of the UAA community seeing a new variation on an old scam-an email claiming that the recipient has viewed pornography and demanding payment (often via crypto-currency like Bitcoin) to keep this from becoming public. See a sample of the text at Sextortion Scam Uses Recipient's Hacked Passwords (Krebs on Security, 7/12/18).
The new twist with this particular scam is that the email includes a password previously associated with the recipient's email address for an online account-likely a compromised password that was used many years ago.
Please reassure people in your units that this is a scam. The sender does not have evidence of the viewing of pornography, and recipients should not pay the money.
How You Can Tell This Is a Scam
- There are numerous reports of this scam on the web. Copy a sentence from the extortion email and Google it, and you likely will see numerous articles describing the scam.
Both UAA's IT Services and UA's Office of Information Technology consider the emails not credible.
How to Protect Yourself From Scams Like This
- Do not use the same password for multiple sites. Use a unique password for each account.
- Do not recycle old passwords. Some people have a small collection of their favorite passwords that they cycle through when they change passwords. We recommend creating a new password when you change a password or set up a new account.
- If you suspect your university account has been compromised, change your password and security questions for that account and report it to IT Services.
- Use two-factor authentication where possible. Set it up for all your personal accounts that offer it.
- Report if your actual University of Alaska password is involved. If you receive a scam email that includes your current password, report it. (907) 786-4646. IT Services will follow up to see if there are log-ins to your university account from suspicious Internet Protocol (IP) addresses.
References:
- Sextortion Scam Uses Recipient's Hacked Passwords (Krebs on Security, 7/12/18)
- Don't Fall for This Scam Claiming You Were Recorded Watching Porn (Gizmodo, 7/17/18)
- A frightening email that is spreading online (Kim Komando, 7/10/18)
- Phishing scam known as 'sextortion' is using people's real passwords to blackmail them for supposedly watching porn (Mirror, 7/16/18)
- Scam Alert: Sextortion Email Using Real Passwords (Infogressive, 7/13/18)
"NOTICE: Extortion scam emails with stolen passwords not credible" is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License.