Students receive ‘sextortion’ scam email
Hackers sent “sextortion” scam emails to 68 students in the past three weeks in which they threatened to release inappropriate videos, according to Marc Scarborough, Rice’s chief information security officer.
In these emails, the attacker threatened to release students’ personal information to all of their contacts unless they sent $720 to the sender within 36 hours of opening the email.
“I injected my code to this device and I started to monitor your activity,” the attacker wrote in the emails. “My first idea was to block and encrypt your files. And [then] I would ask for a small fee to release them back. But [then] one day, You visited some dirty websites. You know what I mean naughty thing. And I silently activated your front camera and recorded You. Yes! You were playing with yourself. What a funny video.”
The name “sextortion” refers to threats of releasing videos or personal information, usually related to pornography, according to Scarborough.
“These particular scam emails take it a step further by claiming they have recordings of unflattering webcam feeds and internet activity, usually involving pornography,” Scarborough said. “The goal of the scam is to extort a payment to prevent this embarrassing information from being released to friends, family, professional colleagues and other people in the recipient’s contact lists.”
Scarborough said that students receiving these emails should disregard these threats. According to Scarborough, these types of scam emails have become increasingly common.
“An attacker uses online databases of exposed usernames, email addresses and passwords in an attempt to trick people into believing their accounts and computers have been hacked,” Scarborough said.
Will Rice College senior Maya Pai was one of the students who received the scam email. Pai said that when she saw the subject line of the email, which suggested her email was hacked, she was worried because she had previously been targeted in a recent breach of the textbook rental and homework help company Chegg. The breach resulted in over 130 Rice email addresses and passwords being exposed.
Pai said that once she opened the email, the wording of the email made the threats seem false, but she was concerned that the email appeared to be sent from her own email address.
“It says … [that they] sent this email from your own email, which means [they] have access to your account,” Pai said.
However, Scarborough said the sent address doesn’t indicate that the student’s email address was hacked, and was likely modified as part of the scam.
“The ‘From’ address in an email is changeable in most email clients like Thunderbird, Apple Mail and Outlook,” Scarborough said. “The ‘From’ address is like the old ‘Return Address’ on a postal letter; the person sending the letter writes their own return address on the letter.”
According to Scarborough, the Office of Information Technology has received reports of this scam email since around Sept. 23, with the last report coming in on Nov. 6.
Nicole Koonce said she received the same email two days after Pai received hers.
“I wasn’t completely surprised by the content of it since I had already read [Pai’s],” Koonce, a Will Rice senior, said. “I was a little stressed at first about getting the email since I thought I would have to reset all my passwords.”
Scarborough recommends reporting any suspicious emails to the Information Security Office and the OIT.
Scam emails can be reported to the Information Security Office at https://oit.rice.edu/security-incident, or to the OIT help desk at firstname.lastname@example.org or 713-348-4357 (HELP).
More from The Rice Thresher
Of the 550 petitions submitted by students to the Office of Undergraduates, 528 were approved for early arrival prior to Feb. 15, according to Dean of Undergraduates Bridget Gorman. While most of these students will be moving back to campus by Jan. 25, Gorman said 33 will arrive later, between that date and Feb. 15.
Undergraduate students will not be able to return to campus until Feb 15, according to an email from President David Leebron sent out this morning. The email also states that all classes this semester will begin in an online format and that Rice will move to Research Stage 2 in which essential on-campus research will be able to continue but with added safety protocols.
On Dec. 10, Rice admitted 421 students through the Early Decision program, a 16 percent acceptance rate, according to Vice President of Enrollment Yvonne Romero da Silva. This year, Rice received its highest ever number of applications for this round of admission, narrowly beating the previous record set in 2018, with 2,635 applying to join the class of 2025.