Kaitlyn Hughes | features editor

On Sept. 18, Duquesne’s Computing and Technology Services (CTS) sent out an email to warn students, faculty and staff of a rise in sextortion attempts against the university.

 These sex extortion efforts took the form of “emails that use personal details, such as images of recipients’ homes, to intimidate victims into complying with the scammer’s demands,” according to the statement made by CTS.

 The messages the university saw consisted of scammers claiming to have compromised the recipient’s computer by installing software known as Pegasus. They alleged to have recorded receivers through their webcam, and threatened to release the alleged inappropriate videos and images unless a ransom was paid through Bitcoin.

 Ransom demands ranged from $2,000 to $2,200, and were requested through a QR code within the email. The scammer provided a time limit of 24 hours.

 Tom Dugas, the Associate Vice President, Deputy Chief Information Officer and Chief Information Security Officer for the university, said to his knowledge no students fell victim to the scam.

 “We got the reports right away, when students had seen this, and we were able to get the word out as quickly as possible,” Dugas said. “I always worry about the people we don’t hear from.”

 Tim Wolford, supervisory special agent of the crimes against children task force in Pittsburgh’s FBI office, said sextortion is when a subject obtains a compromising picture or video that is sexual in nature to extort something of value from the victim.

Scammers on the rise

 Dugas said that the university sees a new wave of phishing emails and scams every year.

 “Some of them have been around for a long time, and some of them are new,” he said.

 In order to prevent these scammers from getting to students, the university has installed protections at the border of their internet connectivity to help prevent attacks from coming into their environment.

 Duquesne blocks tens of thousands of messages daily that are deemed malicious or spam. They prevent millions of network-based spyware threats weekly.

 “Nothing is 100% these days,” Dugas said, “and the attackers are getting better and better at finding new ways to get past our defenses.”

 The University of Pittsburgh has also seen an increase in phishing and sextortion emails.

 “Based on the number of reported phish from our email users, it’s gone up about 90% from last year to this year,” said John Duska, Chief Info Security Officer at Pitt.

 Duska said that sextortion is a smaller portion of those emails, but he said the university’s police department reports that the amount of emails has increased.

 He believes there are two reasons for this growth: there are more emails being sent out, and more people are reporting the issue.

 “There’s a human element to most cyber attacks,” Duska said. “Phishing is the most convenient way and the most common way for the cyber threat actors to engage with other humans.”

 Wolford said there has been a rising increase in sextortion within the last five years.

 “The reason why is because they’re pretty effective,” Wolford said. “They’re just going to keep doing it.”
Universities are a target

 Scammers see universities as an opportunity.

 Institutions don’t have the same resources that a multinational finance organization would have making them seem weaker.

 Dugas said it is also because scammers realize that college freshmen are in a new environment.

 “They’ll find any way to try and harness and take advantage of that newness of having been away from home for the first time for many students and try and prey on their vulnerabilities” Dugas said.

Minimize the risk

 There are multiple ways to mitigate the risk of falling victim phishing emails and sex extortion.

 Do not click on a link or download any content from a suspicious or unknown email, Wolford said.

 Never provide information about bank accounts or passwords to people reaching out online.

 “Do that, you’re going to be much safer from falling victim to these kinds of scams,” Wolfard said.

 In relation to extortion, refrain from providing compromising videos or pictures to strangers online.

 He said to not send damaging images to anyone, even if the person is deemed trustworthy.

 “You don’t always know that they’re going to keep that information private,” Wolford said.

 Dugas said that people should search their own name to see what personal information is public. Certain sites with this information can be contacted for the removal of that data.

 He said that in honor of National Cybersecurity Awareness Month in October, the university will launch a cybersecurity awareness training. It helps students spot cyber scams and threats.

How to cope

 Any concerns about possible sextortion emails can be brought to Duquesne Public Safety or the Title IX Office.

 Alicia Simpson, the university’s Title IX coordinator and director of sexual misconduct prevention & response, said that the office is available to assist anyone that has experienced sextortion.

 “Students who have been impacted by sextortion are able to receive support and resources from the Title IX Office,” Simpson said. “These can include, but are not limited to: connecting with Public Safety and/or the FBI to report the incident, referrals to counseling and/or local community agencies for support, academic adjustments, and safety planning.”