Don't panic and don't pay: extortion email scam at UB

It is day. The white light of winter seeps through the windows. A woman looks at her computer screen, shocked and dismayed.

Published December 5, 2019

by Orly Stein

Members of the University at Buffalo have reported receiving an extortion scam via email, in which the sender claims to have sensitive information about you and demands payment.

The email claims that the recipient's account has been compromised, that the recipient has viewed pornography, and demands payment (often via crypto-currency like Bitcoin) to keep this from becoming public. 

Please be assured that this is just a scam. While it is not impossible that the sender could have your password, the sender does not have evidence of you viewing pornography, and recipients should not pay the money.

What is extortion?

Author

UBIT Student Ambassador Orly Stein.

Orly Stein (UB Student, Class of 2022) is an Information Technology and Management major from Long Island, NY. In the future, she hopes to get more experience with cyber security and pursue a career in the field. In her free time, Orly enjoys playing soccer, going to SoulCycle with her friends and snowboarding.

Extortion is an attempt to obtain money from victims through the use of threats. 

These scams are typically not targeted at a specific individual. Instead, they are sent out as automated mass-mailing campaigns, using leaked login information. 

What does the scammer really have?

While the scammer may have access to one of your passwords (and therefore possibly your online accounts), it is unlikely the scammer has access to your computer, or any records or videos of you.

How can I protect myself?

  • Use two-factor authentication for all of your accounts (UB students, faculty and staff have Duo two-step verification for their UBITName accounts). 
  • Do not use the same password for multiple sites. Use a unique password for each account, and never recycle old passwords when changing a password or setting up a new account.

I think my account is compromised. What should I do?

If you receive an email like the one described above, do not reply to the sender and ignore any requests made. 

You can report these emails as a phishing attempt. Please contact the UBIT Help Center immediately if you think your UBITName account has been compromised, or if you have questions about your UBITName account. 

If you’re dealing with a non-UB email account, be sure to contact your service provider. If you use that password on other accounts (tip: you should never use the same password on multiple sites!) go change those passwords as well.  

A thief can often guess what other online accounts you have, especially if they have access to your email. If they have access to your email, your banks, social media pages, etc. are all at risk, since the attacker can click the "forgot my password" link on those sites and intercept the reset link sent to your compromised email.

If you have fallen for this scam and provided money to the attacker, you should contact your local law enforcement. If you are a member of the University at Buffalo, please contact University Police