You may have noticed in the news, or perhaps even in your own inbox, that a "sextortion" scam is picking up traction. This scam is not a new one, but it is adapting and starting to target victims of recent security breaches that have occurred off-campus. If you see the scam in your Auburn email account, then the data came from a site where you registered with that address. Some recent breaches of note have been Facebook, Reddit, LinkedIn, Target, and Equifax, but we do not know where this data originated.
The exact wording may vary, but you can recognize this scam because the subject line and introduction will most likely contain a legitimate password that you may or may not still be using. The body of the email typically claims that someone has hacked your webcam and recorded videos of you while watching pornography. In exchange for deleting the video, the sender asks for a bitcoin transfer or some other form of payment.
So what does this mean for you? Here are some Dos & Don'ts for handling email scams like this one:
- Change any account that still uses the password.
- Send the original email as an attachment to firstname.lastname@example.org before deleting it.
- Plan to change your passwords frequently; Auburn Policy requires changing them every 6 months.
- Click on any link in the email.
- Send any bitcoin, gift card, money transfer, etc.
- Use the same password across multiple accounts.
If you have any questions, please contact your IT service provider, contact the IT Service Desk at 844-4944 or email@example.com, or send an email to our information security team at firstname.lastname@example.org.