Security Notice: New Email Scam Targeting the U

The University has seen an increase in spam emails that attempt to use previously-stolen passwords to extort email recipients. An email message claims that the attacker has compromising information about the victim, and includes the person’s username and password as “proof” that they have infiltrated their computer. They then ask for payment in return for not revealing the compromising information about the user. However, the password used as “proof” is one that was potentially stolen previously from an entity outside of the University - such as from LinkedIn, Yahoo, or other organizations that have had recent data breaches.

What you should do:

If you receive a phishing message, you should:

1. Mark the message as spam in Gmail, and delete it. This will help block this type of message from being delivered to other people at the University.

2. If the referenced password is still in use, it should be changed immediately. This applies especially to non-University accounts. In each related case seen at the University so far, the passwords referenced have not been active for University accounts.

More security resources:

• Review the U of M phishing blog at z.umn.edu/phishing for more details on this scam and others that may target the University.

• Visit z.umn.edu/strongpassword for advice on securing your passwords.

• Contact [email protected] with any questions.