Extortion Phishing Campaign

April 22, 2020
Image
Picture of Phishing Scam Sign

The Security Operations Center has received dozens of reports of an extortion campaign targeting our community.

It seems that, <password>, is your password.

I require your full attention for the up coming Twenty-four hours, or I will make sure that you live out of embarrassment for the rest of your life…

Extortion Campaign Explained

These campaigns use publicly posted compromised credentials typically from a third-party data breach. Because users will often reuse passwords over time or across various accounts, these campaigns can appear highly targeted and effective. However, the breaches tend to be older and the passwords or accounts long out of use.

Please do not respond to the emails. If you receive one, report it immediately to phish@email.arizona.edu.

What can I do to protect myself?

  1. Use unique passwords across your accounts.
  2. Use a Password Manager
  3. Use Multi-Factor Authentication on All accounts that support it.