Students receive 'Sextortion Blackmail' spam emails
Krebson Security, a website for in depth security news and investigation states that the scam email includes a message from a supposed, “hacker who’s compromised your computer and used your webcam to record a video of you while you were watching porn. The missive threatens to release the video to all your contacts unless you pay a Bitcoin ransom.”
According to a MyQ alert that was posted on Nov. 1, the emails that Quinnipiac faculty, staff and students are receiving, include a “new twist” on this spam email that has been circulating for months.
“The new twist with this particular scam is that the email includes a password previously associated with the recipient’s email address for an online account—likely a compromised password that was used many years ago,” stated Brian Kelly, the chief information security officer at Quinnipiac, in a statement included in the MyQ alert.
Kelly says that this variation on a known spam email is a clever trick on the part of the hackers.
“Most people go, ‘Yeah I haven’t been on porn sites or anything,’” Kelly said. “But what freaks people out is it’s a password that they’ve used somewhere in their life. It’s familiar. So that’s what grabs that users attention.”
The Krebson Security website states that the recipient’s password is included in the salutation of the email as a scare tactic reading,“I’m aware that <substitute password formerly used by recipient here> is your password.”
While this is an email being sent to Quinnipiac addresses, the passwords that have been compromised are not from Quinnipiac accounts. Kelly explains that the reason the spam is coming to the QU address is because of people’s tendency to use that address on other websites.
“What happens is, people tend to use their Quinnipiac email address for everything, right? So maybe you’ve got a credit card that you use while you’re on campus and those statements come to your Quinnipiac email address,” Kelly said. “Any of those places where they could have been compromised have your Quinnipiac email address.”
Typically, these passwords are old, and may be inactive. However, this is just another devious maneuver on the part of the “bad guys” according to Kelly. It’s a way for them to monetize off of seemingly useless old passwords.
“If the IDs and passwords are old and no longer good, they can’t do anything with them they’re useless─until now,” Kelly said. “Some bad guy thought, ‘Well we’ll just send out emails and we’ll tell people that we have their password and we’ll see how many pay us.’”
Kelly warns all members of the Quinnipiac community to be suspicious of any similar emails and assures the recipients that the sender does not have “evidence of the viewing of pornography” and there is no need to pay money.
However, there is a need to pay attention to the password mentioned by the hacker.
“If for some reason the password is still something you use, anywhere, you might want to change it as soon as possible,” Kelly warns.
Kelly says Quinnipiac’s information security team is doing their best to keep these emails out of Quinnipiac inboxes.
“What we’re trying to do from an email standpoint is limit those type of emails,” Kelly said. “We talked about spam filters and junk mail filters and trying to tweak those filters to sort of keep the messages out of our user’s inbox.”
Overall, Kelly recommends changing passwords frequently and avoiding the use of the same password on multiple sites.
Kelly also suggests plugging your email address into a “Have I been pwned?” website which will allow you to check if you have an email account that has been compromised.
“It’s called ‘cyber hygiene,” Kelly said.