Over the last week, at least six University of Oregon students received emails through their Uoregon accounts attempting to scam them.
The emails asked for about $400 in Bitcoin and threatened to share embarrassing videos on social media if the amount was not paid within 24 hours. All of the emails featured improper grammar and came from people who said they were not native English speakers.
According to UOPD spokesman Kelly McIver, these scams are clearly extortion, but it is not likely that the perpetrators can be identified.
At least two of the students who got these emails received them from accounts that appear to be from another country.
This can be determined by looking after the .com of the email address. Something like .br means the account is from Brazil, according to Leo Howell, the chief information security officer at UO.
Howell says that if anyone receives an email like this, they should not pay the scammers and that the best thing to do is seek help from university resources such as UOPD and Information Services.
There are multiple ways scammers can find an email address. The least effective way is by guessing it, according to Howell.
“If you look at email addresses, they are patterns. It’s either first name, last name or some combination. It’s not very difficult for hackers to actually get a student’s email address,” said Howell.
These kinds of scams are extremely common and can be sent to anybody. Scammers often send them to a large amount of people in the hopes that a few will pay, according to Howell.
Howell also said the groups that run these scams are organized like corporations, where different people have different roles in crafting the emails.
McIver says that in his experience, he has frequently seen international students be the victims of email scams.
In order to protect themselves from receiving scam emails like these, students should be careful about which websites they visit and be more vigilant about what they do in front of a screen, according to Howell.
Many email services have spam filters which let the user block emails from international accounts, which can reduce the risk of receiving spam. The Uoregon email system has a filter that looks for obvious forms of spam, but some scammers are clever enough to get past that.
“The most effective control that is out there today is to set up two-factor authentication. … those kinds of things reduce your chance for a breach by like 98 percent,“ said Howell.
“We like to know if it is happening and to be able to keep some track of that because then we can work with them. … If we see a lot of those reports coming in, we can be checking with Information Services and saying ‘are you getting a lot of reports on this on phishing?’ We can collaborate on a message out to the community,” said McIver.
This post has been edited for accuracy.