Cyber blackmail is a growing attack vector used to scare the recipient of the associated email.
Here is what you need to know about cyber blackmail:
- This email will tell you that your password is passwordexample.
- The password is actually a password you have used at one time or another.
- The password has most likely been sold on the Dark Web as a part of a large password
database acquired through a data breach. - The email will almost always say that the hacker knows what inappropriate sites you
have visited and will share this information with friends, family, supervisors, co-workers,
etc. - The hacker might even list a site or two in order to incite a bit of panic on your part.
- Proceed by doing the following.
a. DO NOT reply to the email.
b. Change your password if you are still using it for ANY account!
c. Remember that you need unique passwords for all accounts you use. Not only is this
the best way to keep your accounts secured, it also helps identify the account that
was associated with the password, especially if you are still using it.
d. Forward the email to OIT Abuse, include the Internet headers using the
Reporting Phishing instructions and cc: sandy@tennessee.edu.
e. Normally you should delete the email after forwarding it but this is one time you
should hold to it, just in case there is any kind of follow up by the hacker.
f. If you hear from the hacker more than once, please contact the Institute’s CISO
immediately.
Please remember that this is a scare tactic. If you have not been visiting the types of sites
mentioned, the hacker is just trying to create panic and embarrassment in hopes of making
some money from you or the thousands of others they have emailed.
