Beware of “Sextortion” Hoax

What happened?

There has been a reported increase in the number of government employees reporting “sextortion” hoax emails throughout the country and we’ve had at least one report at FIT this week. In this phishing scam the perpetrator threatens to release compromising webcam footage if the victim does not pay a ransom. This is another variation of the cyber extortion scams we’ve previously warned the FIT community about.

This latest extortion hoax has many similarities to past scams. The attacker:

  • Claims to have the victim’s password.
  • Claims to have infected the victim’s computer with a keylogger that allowed them to monitor keystrokes and obtain passwords.
  • Claims to have recorded the victim using the webcam and has compromising footage of the recipient watching pornography.
  • Claims to have the victim’s social media and email contact list and threatens to to distribute the footage to the victim’s contacts.
  • Demands payment requested via Bitcoin.

How does it impact the FIT community?

As stated, at least one individual at FIT has received this hoax email. If you receive this or any suspicious email, contact TechHelp by emailing [email protected] or calling (212) 217-HELP (4357).

What can you do to protect yourself?

Many of the victims receiving this hoax had their information compromised in a previous data breach, such as through LinkedIn or Equifax. It is likely that the attackers are using the information from a data breach, such as your username and passwords, to make their threats seem more credible. You may check to see if your information may have been compromised at https://haveibeenpwned.com.

If you get a cyber extortion email:

  • If the password in the hoax email is one that you still use, change it immediately.  
  • Do not contact the attacker or pay the ransom.
  • Do not click on any links in the email.
  • Report the email as a phish to Google.
  • Contact TechHelp.
  • Run a virus scan on your computer.


Cybersafe best practices to minimize your risk:

  • Do not reuse the same password for multiple accounts.
  • Change your password immediately if you are alerted that your information was compromised in a breach, such as the LinkedIn breach.
  • Enable two-factor authentication on all accounts that offer two-factor authentication.
  • Backup your devices occasionally on an external hard drive in the event your cloud backup is compromised or held for ransom.

About Cybersafe

The Division of Information Technology is dedicated to informing the community of the latest cybersecurity threats. Visit fitnyc.edu/cybersafe and stay tuned for emails from [email protected] for the latest from the Cybersafe campaign at FIT.

Be aware—and be cybersafe!

Questions? Comments? Email [email protected] or call (212) 217-HELP (4357).