Phish of the Month: April

May 17, 2024

Recent reports indicate the "sextortion" type emails are making the rounds at University of Alaska:

image of email trying to extort bitcoin

This is a rather tame version of the email, which often starts out with something similar to:
“I have to share bad news with you. Approximately few months ago I have gained access to your devices, which you use for internet browsing. After that, I have started tracking your internet activities"

Sometimes the email will include an old password you may have used as "proof" they have compromising information on you.

These emails are meant to embarrass, shame, and frighten you. The good news? 99% of them have no truth to them whatsoever.

Why this Scam Scares Recipients

If a scam email contains any amount of correct information, this may be due to a data breach, social engineering or purchased data. If you're worried because the email includes a lot of correct information about you, read on!

  • Old or Current Password
    If an old password is included in the email, this demonstrates that the attacker hasn't been stolen directly from you and is no longer valid. If the password is current, change it right away, and be on the lookout for fraudulent Duo activity. Most of these passwords are gathered from data breaches. You can learn more about creating safe and secure passwords on our Guides & Information page!

  • Phone Number
    Like passwords, phone numbers can also be harvested from data breaches, even ones that occurred many years ago.

  • It came from my email!
    Often, these emails will appear to come from you, apparently validating the attacker's claim that you are under their control. This looks scary, but it doesn't mean anything - it's fairly easy to manipulate the "From" field so do not panic!

  • Can someone really turn on my webcam?
    This type of remote access is only possible if malware has been downloaded to your device, likely from a malicious website. Many people employ camera shields/covers for the purpose of manually blocking such activity. Don't have a camera shield? A sticky note works just as well!
Tactics Used in the Email

These emails are often riddled with misspelling and obvious grammatical errors, but not always! Generative AI is making it easier for attackers to craft compelling lures.

This email uses the following tactics to compel you to act:

  • negative consequences if you don't do what they tell you
  • attempts to shame and embarrass you
  • attempts to isolate you from those who could help you

Don't take the bait! Take a few seconds to scrutinize these emails and look for these tactics before acting.


If You Know the Attacker

In rare cases, there may be personal circumstances where sextortion attempts are more serious.

Suppose you have previously interacted with an individual on a personal level. They could have sensitive information involving you – it’s essential to consider whether the criminal is someone you have a history with.

In these cases, it is essential to preserve evidence and notify law enforcement.


What should you do?

Do NOT respond, send bitcoin, or panic! Remember, most of the time these are completely false.

If you use Google Mail in the web client, please report these emails as phishing (instructions here: https://support.google.com/mail/answer/8253?hl=en). Alerting Google in this manner helps keep emails like these out of inboxes, as well as sending a notice to the OIT Security Operations team for further investigation.

Outlook user? Submit a Junk > Phishing report to mark these emails as dangerous.

 

As always, contact your local Service Desk if you need assistance!

UAA 

Report Security Issue
or call 907-786-4646

UAF & SW (OIT) 

Report Security Issue
or call 907-450-8300

UAS 

Report Security Issue
or call 907-796-6400