Skip to main content

Submitted for: UCF Information Security Office
Submitted by: Information Technologies & Resources
Subject: Email scam warning

The Information Security Office would like to bring to your attention two email scams we’ve seen recently. Known as “sextortion” and gift card scams, both attempt to steal your money, either through extortion or deception.

“Sextortion” scam

This scam claims to have recorded webcam video of the recipient viewing adult content. The attacker threatens to send the video to the recipient’s social media and email contacts unless a payment is made. Recently, a new version of this scam has included a password that was previously used by the recipient in an attempt to increase the legitimacy of the threat. It is believed that these passwords were collected from older publicly-available data breaches. If any passwords included in the email are still in use by your accounts, you should change them immediately.

Gift card scam

This scam impersonates a fellow employee, or supervisor, and asks the recipient to purchase gift cards, usually iTunes, for an important business transaction. The recipient is asked to provide photos of the gift cards or their codes. In many cases, the sender claims to be busy and unavailable for phone calls, preventing the recipient from verifying the request.

If you should receive either of these emails, report it by using the Phish Alert Button or by sending it as an attachment to We recommend not replying to such emails. If you are concerned about the security of your system, do not hesitate to contact your IT support.

Thank you,

Information Security Office

UCF will never send messages asking you to respond and provide personal information, login credentials, or passwords via email. You are not required, nor does UCF encourage or recommend providing your passwords and/or other secret login credentials to anyone claiming to represent UCF. Never respond to unsolicited email messages requesting your password, credentials, or other confidential information and never share your password with anyone. Regard all unsolicited messages with extreme caution and alert the Security Incident Response Team at if a message appears suspicious.