Data Breach Notification: Adult Friend Finder Website

In October of 2016, the website Adult Friend Finder experienced a data breach. This was a part of the larger Friend Finder Networks breach. There were nearly 170 million records exposed from the site, which included email addresses, passwords, spoken languages, and usernames for the service. 

There were 22 berry.edu or vikings.berry.edu email addresses included in the breach.

To find out if your information is included, you can go to Have I Been Pwned and enter your email address in the search form. You can also sign up for breach notifications from Have I Been Pwned by clicking on “Notify Me” at the top of any page on the site.

If your information was included, be sure to change your password for this website.  Also, there is a chance that hackers may attempt to blackmail you with this information.

Be sure to NEVER reuse your Berry email password for any other website or service! Stay vigilant against phishing emails by learning what to look for. Check out the Phishing Quick Info page here on this site at a minimum.

As always, if you have questions about any of this, you can contact Information Security using the information on the right-hand side of any site page.

“Sextortion” Emails Still Plaguing the Campus

It’s been almost a year since I first posted about “sextortion” emails that attempt to convince you that someone has hacked your computer and recorded you watching pornography. The campus continues to get all kinds of variations on this scam, with changes in subject, wording, tone, threats, and payment amount. Some appear to come from your own account. Some are crudely worded and attempt to shame or frighten you, while others coyly dance around the description of the content of videos, but the one thing they have in common is that they are all fake! I wanted to write an updated post about these emails since we are still receiving them.

For those who haven’t received one of these emails, the scam suggests that the recipient has watched pornographic material online. The scammers sometimes up the validity level by including a password, usually an old one, that the target (you) has used in the past, gathered from online password dumps. They also claim to have installed malware on “the adult site” (which is never named) that grabs all of the user’s contacts and gives them control of the user’s webcam. Most of the emails attempt to convince the recipient that the scammer is not only skilled, but ultimately untouchable and untraceable, and has complete control of the system or account. Ultimately, the scammers threaten to send a video to the user’s contact list showing not only what the user watched on the site, but what they were doing while watching it, unless the user pays them some amount of money (anywhere from $200 to $2000 has been requested) in the form of Bitcoin or other digital currency. Some try to scare the user into not sharing the email with anyone, as they claim that they will release the video immediately if this happens, to discourage them from asking their IT department for help or clarification.

The likelihood of the scam working depends heavily on two things – first, whether or not the recipient has a web cam and two, whether or not the recipient watches pornography online. If the answer is “no” to either qualification, the email is easily dismissed. Unfortunately, with the number of laptops and even desktops that have web cams either built in or attached and the surprising number of people who indulge in viewing pornography online, this crazy-sounding blackmail scheme works, to the tune of millions of dollars. Most of these emails ask for less than $500 in digital currency. Some versions of this scam will include links to a “sample” of the (non-existent) video. Do not follow the links! The downloaded file will infect the computer with malware that will steal credentials and data.

Please continue to report these as phishing emails or simply delete them.

 

Photo by bruce mars on Unsplash

Fake blackmail email suggests you watched pornography – UPDATED!

A relatively new email scam is to send emails suggesting that the recipient has watched pornographic material online. The scammers sometimes up the validity level by including a password, usually an old one, that the potential victim has used in the past, gathered from online password dumps. They also claim to have installed malware on “the site” (which is never named) that grabs all of the user’s contacts and turns on the user’s webcam. Ultimately, the scammers threaten to send a video to the user’s contact list showing not only what the user watched on the site, but what they were doing while watching it, unless the user pays them an amount of money in the form of Bitcoin or other digital currency.

The likelihood of the scam working depends heavily on two things – first, whether or not the recipient has a web cam and two, whether or not the recipient watches pornography online. If the answer is “no” to either qualification, the email is easily dismissed. Unfortunately, with the number of laptops and even desktops that have web cams either built in or attached and the surprising number of people who indulge in viewing pornography online, this crazy-sounding blackmail scheme works, to the tune of over half a million dollars. Most of these emails ask for less than $500 in digital currency.

UPDATE: New versions of this scam will include links to a “sample” of the (non-existent) video. Do not follow the links! The file will infect the computer with malware that will steal credentials and data.