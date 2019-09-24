The number of extortion messages sent to students, staff and faculty members has continuously increased at the University of Kansas and other universities nationwide, said Julie Fugett, the chief information security officer for KU Information Technology.
Extortion messages are designed to scare receivers into making a payment — typically with cryptocurrency, such as Bitcoin — and attempt to trick the recipient into giving up something of value, Fugett said.
“Fear is a powerful motivator, and criminals exploit this because they know fear can cause people to act in rash ways,” Fugett said in an email to the Kansan. “When people are afraid, they often don’t think rationally or properly assess reality and/or the plausibility of a threat.”
Fugett said that in addition to creating a sense of urgency or fear, extortion messages typically ask the receiver to open a link or attachment, call a phone number or send money.
KU IT sent a mass email to students on Sept. 11 advising them to forward any suspected extortion messages to abuse@ku.edu and change any passwords that appear in the emails.
Extortion messages won’t stop coming, Fugett added. In the first five months of 2019 alone, Symantec, a California-based cybersecurity software company, blocked 300 million extortion scam emails, according to a blog on its official website.
“[Because they will always be coming], it’s so important that students protect themselves through education and safe online practices,” Fugett said. “And, it’s important to know that email isn’t the only channel for these types of attacks. Criminals can attempt similar extortion attacks through social media and other methods.”
James Anguiano, deputy chief of the KU Public Safety Office, said it is especially important to be wary of emails from any governments or corporations.
“One recently that’s in our international population has been an email scandal through ICE. They say you could be deported if you don’t send this amount of money, and they’re building on that emotion,” Anguiano said. “If you haven’t requested information, don’t open it. The IRS or any government entity will never send you an email. Your bank will never send you an email to say your account has been compromised, so just utilizing those tips should help you.”
Anguiano also said changing passwords on any accounts every three to four months will help prevent spam or extortion.
Fugett said anyone worried about their KU online ID or password being compromised should call KU IT at (785)-864-9003 or itsec@ku.edu, while anyone concerned with their privacy or personal safety should contact the KU Public Safety Office at (785)-864-5900 or kupso@ku.edu.