Happy Cybersecurity Awareness Month! This week we’re discussing email extortion, and we’ll be covering a common scam that we see at PSU along with tips for navigating real harassment and extortion attempts.
Over the past couple of months, the Information Security team has noticed an uptick, and slight twist, in a common email extortion scam. The goal of these scams is to scare someone into paying money out of fear of damage to their reputation, by inciting relationship turmoil, or even professional consequences.
The scam goes like this:
You receive an email that claims that malware has been installed on an adult website that you visit, or even your computer itself.
You may be surprised to see personal information in the email, such as your name, phone number, address, or even a valid password.
Because of the supposed malware, the sender now has evidence of the adult websites that you visit.
They often claim to have compromised your camera and that they have video of you during the time you were on the website.
The sender states that if you do not pay them a specified amount, usually via bitcoin, they will send all of this information, with the evidence that they have, to your contacts, friends, family, and colleagues.
These scams have been around for a long time, and the inclusion of personal information is to increase the sense that it is legitimate. The latest version of this scam builds on this, including an image of the address that appears to be taken from the sidewalk.
We understand that receiving a message like this can be confusing, upsetting, and even frightening. In the majority of cases, these messages are scams. Personal information about most of us is readily available for scammers to use. Personal information is a high value commodity and some companies sell the data that they hold, and sometimes those same services have that data stolen from them.
In this particular scam, personal information has likely been pulled from a data breach, and sometimes an image has been pulled from a map service. Scammers send the message to countless people hoping that just a few will pay. Although some personal information (typically name, email address, and occasionally phone number or mailing address) has been leaked the claims relating to evidence of online activity, and any accompanying threats, are baseless. It is important to not engage with the scammer and not to send money.
Resources and Support
The Information Security team is here to help you stay safe online. If you receive a message that you know to be phishing, a scam, or you otherwise believe to be unsafe, please forward the message to security@pdx.edu. Additionally, if you are unsure whether a message is legitimate, the Information Security team can assess the message and let you know if it is safe to engage.
If you are experiencing harassment, blackmail, non-consensual image sharing, or revenge porn related to intimate or explicit images, there are organizations that can assist with the removal of these images. Visit https://stopncii.org to learn more or open a case for free assistance in removing your images from platforms that they partner with.
If the images are of an individual under the age of 18, StopNCII will direct you to open a case with the National Center For Missing and Exploited Children at https://takeitdown.ncmec.org, where a similar takedown service is available.
Neither of these services require you to share personal information or upload a copy of the images that you are requesting assistance in removing.
In addition to these takedown services, many states have laws on the books pertaining to intimate image abuse and revenge porn. To explore that avenue, contact your local police department to inquire further and file a report. Additionally, the FBI maintains the Internet Crime Complaint Center at https://www.ic3.gov/Home/ComplaintChoice. The Information Security team recommends that anyone who has fallen prey to an internet crime of any kind file a complaint.
Finally, the faculty, staff, and administration at PSU care about you. There are resources available to those who may be experiencing challenges such as this. Some resources include: