Extortion
Extortion is a strategy which often utilizes blackmailing to pressure a target into engaging in a certain behavior or action.
Sextortion
One type of email extortion is known as sextortion, which is when someone threatens to distribute private or sensitive material of a target unless the target provides the hacker with images of a sexual nature, sexual favors, or money. Targets of sextortion receive an email claiming that their webcam and audio have been compromised and that sensitive material was recorded. The sextortionist threatens to forward the sensitive material to the target's contact list unless the target submits a Bitcoin payment. Although fake, these emails incorporate a variety of tactics to create a sense of legitimacy. Such tactics include making it seem that the email originated from the target’s email address, that the blackmailer has access to a real password the target has used in the past (which was likely collected in a previous data breach), or other personally identifiable information which can be gathered through an Internet search.
Example of SextortionSent: Monday, October 8, 2018 8:33 AM Lets get right to purpose. No one has paid me to investigate about you. You don't know me and you're probably thinking why you are getting this email? |
Job/Tutor/Coach Scam
Another form of extortion is an email about a job, a request for a tutor or a coach. These emails target people interested in work-at-home jobs. Students are a particularly vulnerable audience to such scams which are convincing due to their prospects of “easy money.” One common type of scam job is craft assembly, where the target is told to buy a kit to construct and then “sell”; however, the craft never meets “specifications” and the target is left with a useless craft they paid for. Other common email job scams include calling 1-900 numbers, which always cost money to dial, as well as email processing. In the case of email processing, targets are recruited to perpetuate the scam onto others.
Example of Job ScamSent: Thursday, July 6, 2017 7:04 PM |
Messages Communicating Urgency
Similar to phishing, some scam emails will impersonate a person of importance to the William & Mary community and send messages indicating a sense of urgency to the target. Such messages have impersonated the William & Mary Provost, the President, and other officials. These scams claim that a person of importance needs assistance, is looking for someone, or a variety of other reasons which may require an urgent response.
Example of Urgent Email ScamsFrom: President Katherine Rowe <katherinerowe32@gmail.com> |
What You Can Do
In order to avoid being a victim of a extortion, and sextortion in particular, avoid sending compromising images, do not open unknown attachments, and turn off or cover webcams when they are not in use. Although these scams seem believable, do not blindly trust the display name and report the issue.
For job scam emails, check whether the business offering the job is real by looking for an official name associated with the email, a number to call, or an address besides a PO Box. If you decide to trust the email, use your credit card so as to be able to dispute the charges, but remember, you should not have to pay to work.
Above all, never reply to spam. In order to avoid such scams, always check the originating email address for legitimacy, and do not respond to any emails from spam. For example, official William & Mary emails do not originate from gmail.com addresses.
Forward suspicious emails to [[abuse]] to alert the W&M IT security team of any potentially concerning emails.
Questions? Contact the Technology Support Center (TSC)
757-221-4357 (HELP) | [[support]] | Jones 201, Monday - Friday, 8:00 am - 5:00 pm