Pitt Information Technology has received reports of new variations of an email phishing scam announced in May. The original scam claimed to have evidence that the recipient visited an adult website and threatened to release the evidence unless the recipient paid a ransom in Bitcoin.
Newer variations of the scam may also include a password offered as “proof” that they have compromising information about the recipient. In many cases, it is a compromised password used by the recipient many years ago. Regardless, there is no indication that the perpetrators of this scam possess any compromising information about the recipients.
The scammer demands payment to a Bitcoin address within a short time period—typically between 24 and 72 hours. The scammer indicates they will delete all information about the recipient once they receive payment.
How to Protect Yourself from Phishing Scams
- If you receive a message similar to the one described above, please report it as a phishing scam by forwarding the email as an attachment to email@example.com. Detailed instructions on reporting scams are available at http://technology.pitt.edu/phishingscams.
- CSSD strongly recommends that you do not reply to unsolicited emails or messages from unverifiable sources.
- Avoid clicking on links contained in unsolicited emails, as these may lead to sites that contain harmful software.
- Install Symantec Endpoint Protection software and use the LiveUpdate feature to get the latest virus definitions. As a complement to Symantec Endpoint Protection, CSSD offers Malwarebytes Premium for individuals and departments at no cost. Students, faculty, and staff can download Malwarebytes and Symantec Endpoint Protection at no cost through the Software Download Service at My Pitt. Departments can submit a help request to obtain Malwarebytes for multiple machines.
Examples of this Scam in the News
- How Not to Fall Prey to the Latest ‘Sextortion’ Email Threat (USA Today, Sept. 11, 2018)
- Sextortion Scam Uses Recipient’s Hacked Passwords (Krebs on Security, July 12, 2018)
- Don't Fall for This Scam Claiming You Were Recorded Watching Porn (Gizmodo, 7/17/18)
Please contact the Technology Help Desk at 412-624-HELP (4357) if you have any questions regarding this announcement.