Email Extortion Scam October 2018

  • Faculty & Staff
  • Students & Alumni

[image of a fishing hook]

We have seen a wave of email scam messages recently (October 2018) in which the sender claims to have found your email password, taken over your computer, and allegedly recorded your activities via the webcam on your computer and made a record of the websites you have visited, supposedly including porn sites. This scam demands that you pay them in order to not publicize what they know about you and gives a bitcoin wallet for the payment.

This is a hoax. The hoax can seem more believable because they provide a password which in most cases is an actual, but old, password for your account. The way they do this is that there are a lot of websites where bad guys dump email addresses and passwords that are publicized as a result of a breach. These scammers are picking up a lot of this data and sending out these emails in order to try to trick people into thinking they have been hacked.

The only thing you need do in response to this hoax email is make sure that you are no longer using the password named in the email on any account at all, including your Pennkey, your email address, and any other online accounts you may have, including logins to online services like Microsoft, Apple, and The Gap.

For additional security and peace of mind, we recommend that you should turn on two-factor authentication on any accounts where it is permitted (especially commercial email accounts) and perhaps use a password manager like LastPass, which makes it easy to choose complex passwords and also to change the passwords quickly and easily. If you have any questions please contact us here.