Security advisory: scam email that knows your password, Wed 24 October

Mon, 23 July 18


What is happening:

Please be aware that a sexortation scam email which includes a familiar password is being sent to some UCD staff and students. The password in the email was more than likely stolen from an external data breache such as the LinkedIn or Adobe breach.

The emails claim to have compromising images of the recipient and goes on to ask for payment in order to stop the images being released publicly. The passwords are being used to try and convince the recipient that the claims in the emails are genuine.

If you receive such an email, please mark it as spam and do not reply to it. If the password in the email is a current password on any website or application, you must change that password immediately.

If the password is your current UCD Connect account password please change it immediately. If you believe your UCD Connect account has been compromised, you must contact the IThelpdesk@ucd.ie with details of the incident and please include screen shots, such as recent login activity, malicious forwarding, unauthorised sent emails, unauthorised accounts, filters, etc.

Further details regarding this scam can be viewed at the Sophos Security site.
https://nakedsecurity.sophos.com/2018/07/13/sextortion-scam-knows-your-password-but-dont-fall-for-it/