Extortion scam emails use stolen passwords

July 31, 2018

University Relations

Members of the UA community have reported seeing a new variation on an old scam — an email claiming the recipient has viewed pornography and demanding payment to keep the information private. Read the full sample text here.

Each email includes a password previously associated with the recipient’s email address, likely a compromised password that was used many years ago. This is a scam. The sender does not have evidence that the recipient has viewed pornography, so if you receive this email, do not pay the money.

How to protect yourself from online scams:

• Do not use the same password for multiple sites.


• Do not recycle old passwords. Create a new password whenever you change the password for an account.


• If you suspect your university account has been compromised, change your password and security questions for the account and report it to the OIT service desk at 450-8300.


• Use two-factor authentication whenever possible.


• If you receive an email that contains your current University of Alaska password, report this to the OIT service desk. They will check for suspicious logins to your university account.

If you receive an email that seems suspicious and you are unsure of its legitimacy, Google one of the sentences. If it is a scam, there will likely be numerous reports and articles about the message online.

The website Have I Been Pwned? allows internet users to check if their personal data has been compromised. Enter your username or email address to find out if your data has been exposed. If one of your accounts has been compromised, change the password.

Learn more about online security at www.alaska.edu/oit/securityawareness/.