Awareness: New Cybersecurity Threat
We want to bring to your attention a concerning new cybercrime trend that has been reported recently, including by several members of our community earlier today. Cybercriminals have launched an extortion attack that leverages personal images and likenesses to scare victims into compliance. This new type of attack can feel particularly invasive.
How the Attack Works:
• Victims receive an email claiming that their computer has been hacked and/or that compromising images or videos of them have been recorded, or they claim to know about questionable websites that you have visited.
• The email may include images of you or your likeness (sourced through public platforms or social media), which criminals use to make the threat more believable.
• The cyber-attacker threatens to release these fictitious materials unless a ransom is paid, typically in cryptocurrency.
What You Should Do:
• Do Not Engage: If you receive one of these emails, do not respond or engage with the sender. Engaging could lead to more targeted attacks or the attacker increasing their demands.
• Report Immediately: Forward any suspicious emails to [email protected]. We are actively monitoring these types of threats and can take steps to block such emails and investigate further.
• Do Not Pay the Ransom: Paying the ransom encourages further criminal activity and does not guarantee the attacker will not follow through on his or her promises.
• Be Cautious with Personal Information: Be mindful of what you post on public platforms, especially identifiable personal information.
How to Protect Yourself:
• Update Software and Install an Antivirus: Ensure your personal devices are running the latest software updates to prevent vulnerabilities and install an antivirus.
• Enable multi-factor authentication (MFA) on your personal accounts wherever possible.
• Check Email Links and Attachments: Always verify the legitimacy of links and attachments in emails before opening them, especially if the email is unexpected or from an unknown sender.
For more cyber-fraud awareness information, visit CUIT’s Security and Privacy website at cuit.columbia.edu/content/security-and-privacy and Columbia’s Public Safety site at publicsafety.columbia.edu/scams. If you are already a victim of such an attack, Columbia’s support resources are available to help:
• Use the SVR site at health.columbia.edu/svr for trauma-informed, support and prevention programs focused on ending gender and power-based violence for all Columbia University community members (confidentiality statement found here health.columbia.edu/content/confidentiality).
• Call SVR at 212-854-4357 (available 24/7/365) or request to meet an advocate by emailing [email protected].
• Leverage the support and services offered through Columbia Health (https://www.health.columbia.edu/) for Morningside/Manhattanville students or Student Health on Haven (studenthealth.cuimc.columbia.edu/) for CUIMC students.
We understand that this type of personal attack can feel particularly threatening and stressful. Thank you for taking extra care to protect against cyber-crime and keeping our community secure.
Columbia Public Safety and CUIT