ITS is aware of an influx of sextortion scam emails received by members of the Middlebury community. These are indeed scams, identified as such by online security sources (see below) and making the rounds on the Internet once again. Recent samples have been personalized with older passwords stolen from breaches of third-party websites, such as Linkedin, Adobe, etc..

Please forward any sextortion scam emails to phishing@middlebury.edu so that the sender addresses can be blocked!

For more information on these sorts of scams, see:

https://krebsonsecurity.com/2018/07/sextortion-scam-uses-recipients-hacked-passwords/comment-page-13/
Excerpt: “The message purports to have been sent from a hacker who’s compromised your computer and used your webcam to record a video of you while you were watching porn. The missive threatens to release the video to all your contacts unless you pay a Bitcoin ransom. The new twist? The email now references a real password previously tied to the recipient’s email address.”

These are indeed scams. Recent samples have been personalized with older passwords stolen from breaches of third-party websites, such as Linkedin, Adobe, etc..

Here is a resource to help you find out where an old password to a 3rd party site may have been exposed: https://haveibeenpwned.com is run by Troy Hunt, a globally recognized security expert.

Check your email address here: https://haveibeenpwned.com (use your_username@middlebury.edu and then scroll down to see services where your username may have been part of a breach)

Check your password here: https://haveibeenpwned.com/Passwords

Change that password anywhere you use it and this time, pick a different STRONG password for each service.

Again, please forward any sextortion scam emails to phishing@middlebury.edu so that the sender addresses can be blocked from bothering our community members!