According to the U.S. Federal Trade Commission, blackmail and other scams are on the rise – and a particular scheme might be more believable than most.
Old Passwords Targeted
Blackmail scams begin with a demand email. It claims your computer has been hacked, and that proof of activity on inappropriate websites or embarrassing images will be emailed to friends and family.
The demand: Pay a ransom in Bitcoin, or digital cash that can be transferred without a bank. The scam email will ask you to click on a link to pay a ransom; don't do it! Bitcoin is a type of cryptocurrency; others such as Ethereum, Ripple and Litecoin could be named, as well.
What makes this new scam seem legitimate is that the email subject line might contain a password you recognize. It could be one of your old, or even recently used codes obtained through an online breach.
Your Next Steps
U-M's Safe Computing Center recommends the following steps if you receive an extortion email:
- Do not reply. Do not pay the ransom.
- If you're still using the password mentioned in the email anywhere, change it immediately.
- Use a unique password for each of your accounts; don't recycle old passwords.
- If your umich account or password is involved, change your password and report the incident. ITS Information Assurance staff will follow up with you to ensure your U-M accounts are protected.
See specific examples of these emails so you can spot one, if necessary.
Phishing for Your Finances
The Federal Trade Commission reports that consumers also are experiencing an uptick in phishing attempts as people seek to ease financial burdens. Phishing can include unsolicited emails from financial companies or individuals claiming to be U-M partners.
TIAA and Fidelity Investments are the only companies authorized by U-M to administer the university's retirement accounts. By building a relationship with TIAA and Fidelity, you'll get a sound understanding of your investments. Continuing communication with advisers you've developed trusted relationships with is probably safe, as well. "Cold call" emails, however, are likely phishing attempts.
If you have a question about an email you've received, contact U-M's Shared Services Center (SSC) at (734) 615-2000.