Friday, October 26, 2018

Extortion Emails Did Not Stop

Did you forget our July 2018 extortion email blog post? We didn't. Extortion emails including an old breached password from a non Manhattan College affiliated computer service (e.g., LinkedIn, Tumblr, Adobe, etc.) have been continuing to arrive to Manhattan College community email inboxes demanding money or else the extortionists will release risqué videos.

From September 17th until October 16th, we received 32,474 emails with a subject that began with Your password is. They were aimed at 576 different accounts and used 977 throwaway email accounts to send the messages.

  • Several password best practices to consider: Use a password manager to store a distinct, random password per company you do business with.
  • Never use your JasperNet password elsewhere.
  • If you know that one of your accounts has been breached, whatever password was used is now compromised and can never be used again.
  • Do not use passwords such as Homework2 or password123 and instead use passwords that are longer & are not mostly dictionary words.
  • Always reach out to ITS when a dialogue is desired.
             Email:  or  TEL: 718-862-7973

Also consider signing up for password breach alerts. You can use a website such as Have I Been Pwned or a browser-based solution such as Firefox Monitor.

A few popular password managers are on the market. Remember that you can use distinct, random passwords using the following sites: LastPass (free), DashLane (free), or 1Password (30 day free trial). You must make sure that your master password to your password manager is never lost and that you must do regular backups of your password vaults. If you lose your master password, you will not be able to access your password vault.

How to Protect Yourself From Scams Like This:

Step up to Stronger Passwords

I Clicked on a Phishing Scam Email... What now?

Partially reposted from:  10/25/18 Harvested Passwords Used in Email Extortion | AT&T ThreatTraq