Scam Alert! An Embarrassing Video Sent to My Contacts

What does the extortion email say?
I received the extortion email. Is it a real threat?
The email includes a passphrase that I used in the past or that I'm still using. Does this mean that my computer or account has been hacked?
Is there anyway I can check if my account has been hacked?
The message was sent to my university email account. Does that mean my account is compromised?
How did the scammers know a passphrase that I used in the past or that I'm still using?

Have you or a coworker received an email threatening to send an embarrassing video to your contacts unless you pay the sender money? Take a breath. This is a popular scam right now, and the Division of IT is here to help you deal with it.

Over the past couple weeks, we've seen an uptick in the number of these phishing emails sent to us. In response, we've put this FAQ together so that you will know what to do if it happens to you.

What does the extortion email say?

The emails may differ, but they tend to use the same elements. The scammers claim to know your passphrase and have evidence of you engaging in activity on adult websites. Often this evidence is a video of you, allegedly captured using your webcam. The scammers threaten to release this video to your contacts unless you pay them in Bitcoin. The sender is usually from a random @outlook.com address.

I received the extortion email. Is it a real threat?

This is a scam. The scammer does not have video of you, and you should not send them any money.

However, we encourage you to use Have I Been Pwned to check whether any accounts you use have been compromised. Change these passphrases as soon as possible!

The email includes a passphrase that I used in the past or that I'm still using. Does this mean that my computer or account has been hacked?

To be clear, the scammers in this scheme have not compromised your physical computer. They did not install any malicious software, and they do not have video of you.

However, it's possible that one of your accounts has been compromised. Did the email contain a passphrase you're using right now? Change it at any and all sites immediately!

We recommend visiting Have I Been Pwned and entering your email address to see if any of your accounts has been exposed. Change those passphrases right away.

Is there anyway I can check if my account has been hacked?

Yes! Visit Have I Been Pwned and enter your email address to see if any of your accounts have been affected by a known data breach. Change those passphrases.

The message was sent to my university email account. Does that mean my account is compromised?

Probably not. In most cases, the passphrases included in the email don't meet university passphrase requirements--meaning there's no way it could be real!

The most likely scenario is that the passphrase in the email was obtained from a site that originally asked for an email address and you provided your university email address. In many cases, you created a new passphrase for this site, and that may be the passphrase presented in the email.

How did the scammers know a passphrase that I used in the past or that I'm still using?

Here's how these things may happen.

Hackers break into a company's security system and steal account information. This may include email addresses, usernames, passphrases, credit card information, and more. Essentially, any information users provided to the company is at risk. Hackers may then sell that information to customers on the dark web.

In 2012, someone hacked LinkedIn and collected the email addresses and passphrases of 164 million people. For reasons unknown, the hacker waited four years before sharing that information with the dark web.

So, the account information was several years old by the time scammers got it. This is why they may have an old passphrase of yours.