Students receive ‘sextortion’ scam email
Hackers sent “sextortion” scam emails to 68 students in the past three weeks in which they threatened to release inappropriate videos, according to Marc Scarborough, Rice’s chief information security officer.
In these emails, the attacker threatened to release students’ personal information to all of their contacts unless they sent $720 to the sender within 36 hours of opening the email.
“I injected my code to this device and I started to monitor your activity,” the attacker wrote in the emails. “My first idea was to block and encrypt your files. And [then] I would ask for a small fee to release them back. But [then] one day, You visited some dirty websites. You know what I mean naughty thing. And I silently activated your front camera and recorded You. Yes! You were playing with yourself. What a funny video.”
The name “sextortion” refers to threats of releasing videos or personal information, usually related to pornography, according to Scarborough.
“These particular scam emails take it a step further by claiming they have recordings of unflattering webcam feeds and internet activity, usually involving pornography,” Scarborough said. “The goal of the scam is to extort a payment to prevent this embarrassing information from being released to friends, family, professional colleagues and other people in the recipient’s contact lists.”
Scarborough said that students receiving these emails should disregard these threats. According to Scarborough, these types of scam emails have become increasingly common.
“An attacker uses online databases of exposed usernames, email addresses and passwords in an attempt to trick people into believing their accounts and computers have been hacked,” Scarborough said.
Will Rice College senior Maya Pai was one of the students who received the scam email. Pai said that when she saw the subject line of the email, which suggested her email was hacked, she was worried because she had previously been targeted in a recent breach of the textbook rental and homework help company Chegg. The breach resulted in over 130 Rice email addresses and passwords being exposed.
Pai said that once she opened the email, the wording of the email made the threats seem false, but she was concerned that the email appeared to be sent from her own email address.
“It says … [that they] sent this email from your own email, which means [they] have access to your account,” Pai said.
However, Scarborough said the sent address doesn’t indicate that the student’s email address was hacked, and was likely modified as part of the scam.
“The ‘From’ address in an email is changeable in most email clients like Thunderbird, Apple Mail and Outlook,” Scarborough said. “The ‘From’ address is like the old ‘Return Address’ on a postal letter; the person sending the letter writes their own return address on the letter.”
According to Scarborough, the Office of Information Technology has received reports of this scam email since around Sept. 23, with the last report coming in on Nov. 6.
Nicole Koonce said she received the same email two days after Pai received hers.
“I wasn’t completely surprised by the content of it since I had already read [Pai’s],” Koonce, a Will Rice senior, said. “I was a little stressed at first about getting the email since I thought I would have to reset all my passwords.”
Scarborough recommends reporting any suspicious emails to the Information Security Office and the OIT.
Scam emails can be reported to the Information Security Office at https://oit.rice.edu/security-incident, or to the OIT help desk at email@example.com or 713-348-4357 (HELP).
More from The Rice Thresher
The Fiesta Mart in Midtown at 4200 San Jacinto St., which was leased from Rice University and is across the street from the currently under construction Ion building, closed on July 10. The store serviced both Midtown and Third Ward residents and the closure has drawn attention to the issue of food access in the Third Ward, which is classified as a food desert.
Rice plans to support Harvard and MIT in lawsuit against new ICE regulations for international students
U.S. Immigration and Customs Enforcement (ICE) updated regulations for students on nonimmigrant F-1 and M-1 visas on July 5. According to President David Leebron, Rice plans to participate in legal action to overturn these new regulations by participating in the action filed by Harvard and MIT through an amicus brief.
Historians share perspectives on monuments and racism, following recent discussions about William Marsh Rice
"The model [for discussions] has long been [that] it's a small group, usually of men, but a small group has met behind closed doors and made these decisions. And I think what all of us in all of our different work have said over and over and over again is that this has to be a public conversation. All stakeholders need to be involved in these decision-making processes,“ Anne Twitty, panelist at Monday’s webinar, said.