Email Extortion Scam

Tags welcome

In recent weeks, members of the Dartmouth community have been receive emails which attempts to extort money from the recipient. Do not reply to the scammer, do not pay them; just delete the message.  

Additional frequently asked questions about this are below:

The sender is indicating that they have infected my system and have collected embarrasing pictures or videos. They are also threatening to send them to my family. What should I do?

  • This is a known scam. We have not seen any evidence of any actual compromised systems.
  • There has been no evidence of attackers collecting contact information.
  • These scams are typically sent to a broad number of users similar to typical spam messages.
  • The language used changes constantly to aid in evading detection.
  • These emails are typically identified as a scam and flagged by our automated tools within a short period of time. Unfortunately, this delay results in a few users receiving these messages.
  • If you believe there is a credible threat, please report this directly to information.security@dartmouth.edu.
  • We will review any reported messages and use these reports to further tune our defenses.

Why am I seeing my password in this email? Was my account hacked?

  • This is a known scam that purports to have compromised your account and threatens to divulge private information or video to your contact list. We have not seen any evidence of actual compromised Dartmouth accounts in our investigations to date.
  • You are most likely seeing this email because your username and password were a part of a compromise of an external, non-Dartmouth site that you signed up for using your Dartmouth email address.
  • These messages are currently being automatically flagged as Spam and Phishing and being placed in users' Junk email folder.

What should I be concerned about? What do I need to do about seeing my password?

  • If the password is your current Dartmouth account password, please call the ITC Service Desk at 603-646-2999 as soon as possible to report the issue and get help changing your password.
  • If you recognize the password, your password should be changed at any site or sites where it was in use, especially if this is the password that is currently in use.
  • Do not reuse passwords. Create a unique password for every site you sign up for. This limits the ability of a single password compromise from impacting multiple sites.
  • Use a password manager to generate and store these passwords.
  • If the message is found in your Inbox, and not in the Junk folder, report the message as Junk or Phishing via Outlook on the Web or an Outlook client using the "Report Message" tool or send a copy of the original message including the headers to the Helpdesk. This action helps identify these messages and improve detection of similar messages in the future.

How is Dartmouth protecting my account?

  • Dartmouth is providing Email protection through Microsoft Office 365 and Advanced Threat Protection for current Student, Faculty and Staff mailboxes. This service provides Spam and Malware filtering that removes malicious attachments and places Spam in the junk mail folder.
  • We regularly review our usage of Microsoft's constantly evolving tools to identify more effective detection and controls to combat this type of email.

What if I am forwarding my email?

  • If you are forwarding your email out of our supported email environment to another email provider, Dartmouth cannot guarantee the behavior of the email system receiving these messages. You will need to configure your Spam and Malware with your chosen email provider.