NOTICE: Extortion emails with old passwords in the subject line

Thursday, April 30, 2020

This information was sent to U-M IT groups via email April 30, 2020.

Would you please help us let members of the university community know about a continued increase we are seeing in extortion emails? The use of a previous password in the subject line of these emails is particularly alarming to people.

About the emails

A number of people at U-M have reported receiving email with one of their old passwords as the subject line. The emails:

  • Claim that the sender has embarrassing or compromising video or photos obtained through spyware.
  • Threaten to forward this to others unless payment is made using Bitcoin or other cryptocurrency.
  • Are often laced with profanity.
  • May have formatting, spelling, and grammar irregularities.

See samples of the emails on Safe Computing: Phishing Alert: Subjects vary — Likely will be an old password.

This is a variation on a scam we reported last week: IA Notice: Online extortion scams increasing during COVID-19 pandemic.

The password in the subject line of the scam messages is typically one used outside the university that was exposed in a large data breach. Exposed passwords are widely available to attackers on the Dark Web. For example, millions of passwords exposed in data breaches years ago at LinkedIn, Yahoo, Sony, eBay, and others are still used by cyber criminals and other attackers. This is why it is so important that you not reuse old passwords and that you use a unique password for each account or service.

Email scams on the rise

This is one of many email scams that are circulating and recirculating right now. Scammers are taking advantage of the fear and uncertainty surrounding the COVID-19 coronavirus, along with the fact that people are spending more time online while they work and learn from home.

While coronavirus scams continue to proliferate, many other scams are also on the rise. The Federal Trade Commission (FTC), just reported a big jump in scam emails demanding Bitcoin payments in the last few weeks (Scam emails demand Bitcoin, threaten blackmail, FTC, 4/29/20).

Do not reply

  • Do not reply to extortion emails. Do not pay the ransom.
  • If you are still using the password included in the email anywhere, change it immediately.
  • Use a unique password for each of your accounts.
  • Do not recycle old passwords.
  • If your UMICH account or password is involved, change your password and report the incident. ITS Information Assurance staff will follow up to see if there are logins to your U-M account from suspicious Internet Protocol (IP) addresses and advise you if any action is needed.