Another tip in a series provided by the Offices of Information Systems & Computing and Audit, Compliance & Privacy
Don’t Succumb to “Peer” Pressure
There are several ways in which malicious parties may attempt to lure you into surrendering financial assets to them. Some of the methods previously discussed here, along with advice on how to guard against them, include:
- Ransomware, in which your device’s data is locked from you and payment demands are made (https://almanac.upenn.edu/articles/one-step-ahead-protect-yourself-against-ransomware)
- Tax scams, in which scammers impersonate IRS officials (https://almanac.upenn.edu/articles/one-step-ahead-tax-time-can-be-scam-time)
- Social engineering, in which attackers exploit people’s inclination to trust others (https://almanac.upenn.edu/articles/one-step-ahead-social-engineering)
Recent news reports have highlighted an insidious new variation on these tactics. Attackers send email to their victims claiming to be in possession of compromising material, such as video footage obtained through a hijacked webcam. (A victim’s password is often included in the message, implying that the attacker has tapped into the victim’s devices and accounts.) The attacker then threatens to share the compromising material with all the victim’s contacts on email and social media unless financial payment is made.
The passwords used in these blackmailing scams were pulled from circulating lists of passwords compromised in large-scale data breaches, often years ago. A blanket email is sent to countless recipients in hopes that some individuals will panic and make payment.
When faced with these types of extortionary schemes:
- Immediately change your password wherever it matches the one shown. Going forward, a password manager (like the University-supported product LastPass) can help you to create and keep track of strong passwords that can be easily changed as needed. Also make sure that other information associated with your password, like email addresses or physical addresses, have not been altered. Learn more at https://www.isc.upenn.edu/how-to/lastpass
- For peace of mind, consider covering your webcam when it is not in use. A bit of tape or a small Post-It note is enough to guard against unintended video- or image-sharing.
- Do not pay. Attackers try to trick you into believing they possess compromising material which does not in fact exist. There is also no guarantee they will behave as promised upon payment.
Got 10 minutes? Make smart use of your time with the Information Security Essentials Online Training videos at https://www.isc.upenn.edu/security/aware/infosec_online-training