CIO'S MESSAGE - July 30, 2018

"Sextortion" Phishing Scam

Dear Colleagues, 

We are receiving information from our higher education information security intelligence sources that there is a blackmail/phishing scam hitting multiple higher ed institutions around the country including California State University campuses.

This particular attempt is a form of what is known as "Sextortion." The scam, in most cases, displays a password that may appear to be or actually be a user’s password that the sender claims to have been obtained from an adult content website. The passwords were actually harvested from breaches of companies in the past, some as long as a decade ago and hackers have posted the credentials on the DarkWeb or sites like PasteBin. These are sites used by hackers to trade, sell and display credentials they have compromised.

The current scam purports to have obtained the user’s password from an adult (porn) site and threatens to reveal the user’s online behavior to others unless a ransom is paid in Bitcoin (internet currency).

The FBI advises:

• Never send compromising images of yourself to anyone, no matter who they are – or who they say they are.
• Don’t open attachments from people you don’t know, and in general be wary of opening attachments even from those you do know unless they are expected.
• Turn off (and/or cover) any web cameras when you are not using them.

 

Please report the receipt of any of these messages or similar phishing attempts to Alert@csulb.edu. You can also report any such attempts privately by contacting the Campus Information Security Officer, Aysu Spruill, directly at Aysu.Spruill@csulb.edu.

Aysu Spruill 
Information Security Officer 

Min Yao, Ph.D. 
Vice President and Chief Information Officer