Yesterday, Brian Krebs published a blog post detailing the lengths criminals are going to in a new type of phishing/ransom attack.  You can read his post here.

What you need to know:

This scam is still a scam.  Criminals are doing some research by finding repositories of compromised passwords linked to email, then they send an email with the password as proof that they've compromised the computer & webcam, and then they demand ransom threating to release a recording of their victim.

It is easier for a criminal to "hack" your technology simply by tricking you into making a mistake.  This is called Social Engineering.

What you can do:

First things first! If the password you receive in the scam email is a password you're still using, you better change it NOW. Changing your password once it's been compromised is the first and most crucial step in stopping criminal activity.

Next, you can report it to phishing@longwood.edu so that the Information Security Office can track our affected users.

Lastly, as listed in Brian Krebs' post:

"According to the FBI, here are some things you can do to avoid becoming a victim:

-Never send compromising images of yourself to anyone, no matter who they are — or who they say they are.
-Don’t open attachments from people you don’t know, and in general be wary of opening attachments even from those you do know.
-Turn off [and/or cover] any web cameras when you are not using them.

The FBI says in many sextortion cases, the perpetrator is an adult pretending to be a teenager, and you are just one of the many victims being targeted by the same person. If you believe you’re a victim of sextortion, or know someone else who is, the FBI wants to hear from you: Contact your local FBI office (or toll-free at 1-800-CALL-FBI)."

 

If you have any other questions, comments or concerns, please don't hesitate to reach out to the Information Security Office.