Now, don’t worry but there are a few of us in Higher Ed, including the Claremont Consortium, who are receiving a “bomb threat” and demanding bitcoin to avert it. I am including the text below. It actually sounds a lot like the extortion email many of you have been sending me. While credible threats need to be respected, this has been confirmed as absolute spam.
My man carried a bomb (Hexogen) into the building where your company is located. It is constructed under my direction. It can be hidden anywhere because of its small size, it is not able to damage the supporting building structure, but in the case of its detonation you will get many victims.
My mercenary keeps the building under the control. If he notices any unusual behavior or emergency he will blow up the bomb.
I can withdraw my mercenary if you pay. You pay me 20.000 $ in Bitcoin and the bomb will not explode, but don’t try to cheat -I warrant you that I will withdraw my mercenary only after 3 confirmations in blockchain network.
Here is my Bitcoin address : 1GHKDgQX7hqTM7mMmiiUvgihGMHtvNJqTv
You have to solve problems with the transfer by the end of the workday. If you are late with the money explosive will explode.
This is just a business, if you don’t send me the money and the explosive device detonates, other commercial enterprises will transfer me more money, because this isnt a one-time action.
I wont visit this email. I check my Bitcoin wallet every 35 min and after seeing the money I will order my recruited person to get away.
If the explosive device explodes and the authorities notice this letter:
We are not terrorists and dont assume any responsibility for explosions in other buildings.
And remember, should there be explosions in other buildings, it’s not their fault.
Another email is being received which looks a lot like this:
From: Aimee Rust
Date: Wednesday, December 12, 2018 at 11:12 AM
Subject: STAFFS AND EMPLOYEES STRATEGIC PLAN UPDATE
And purportedly is signed by President Starr yet it comes from “Aimee Rust”. Please do not click. Just delete it please.
Some of you have reported receiving an email telling you there is a Sharepoint file for you to download. Please delete this.
An email is circulating around campus and you need to know this is a phishing scam. It purportedly comes from a Greg Broomfield and he is supposedly seeking you as a tutor.
Please delete the email.
It has also circulated over at UCLA.
The text is:
From: Gregory Broomfield
How are you doing today? My name is Gregory Broomfield. I came across your e-mail at the University of California Los Angeles, Department of Physics and Astronomy under People’s portal. I seek for a private tutor for my Daughter. I would like to know if you would be available for the job and I would provide you with more details my daughter.
I would also like the lessons to be at your location. Kindly let me know your policy with regard to the fees, cancellations, location and make-up lessons. Also, get back to me with your area of specialization and any necessary information you think that might help.
Once you confirm your availability, I would provide you with more helping details. The lessons can start by 31st of August.
Looking forward reading from you.
We have seen what are called “whaling attacks” coming through. These are somewhat akin to spearphishing but they are particularly active when a position high in an organization’s hierarchy is newly filled. In this case, it is the position of the Pomona College President.
An excerpt that explains in more detail from https://searchsecurity.techtarget.com/definition/whaling:
“A whaling attack, also known as whaling phishing or a whaling phishing attack, is a specific type of phishing attack that targets high-profile employees, such as the CEO or CFO, in order to steal sensitive information from a company, as those that hold higher positions within the company typically have complete access to sensitive data. In many whaling phishing attacks, the attacker’s goal is to manipulate the victim into authorizing high-value wire transfers to the attacker.
The term whaling stems from the size of the attacks, and the whales are thought to be picked based on their authority within the company.
Due to their highly targeted nature, whaling attacks are often more difficult to detect than standard phishing attacks. In the enterprise, security administrators can help reduce the effectiveness of whaling attacks by encouraging the corporate management staff to undergo information security awareness training.
How whaling attacks work
The goal of a whaling attack is to trick an individual into disclosing personal or corporate information through social engineering, email spoofing and content spoofing efforts. For example, the attackers may send the victim an email that appears to be from a trusted source; some whaling campaigns include a customized malicious website that has been created especially for the attack.”
The specific example we saw today is this:
From: G. Gabrielle Starr
Sent: Thursday, September 13, 2018 12:57 PM
Are you in the Office?
Sent from a Mobile Device
Note that is supposed to come from President Starr but that the sending email address is not hers. Note that it is brief and engineered to engage you into responding quickly, because who wouldn’t do so if President Starr needed you?
So. Before you respond to emails like this, be very careful of it. Let ITS help you out if you are unsure.
Many of you may have received something like the following in your email:
It’s certainly impressive but it is not real. Please delete it.
There has been a rash of Personal Assistant scams, some of which are hitting our campus. Here’s a rough draft of how these things work. This basically begins with a job search but it could simply come in the form of an email. Indeed.com, a job website, is replete with examples of many people who have been hit. People post fake jobs on jobsites with the general idea of hooking someone.
- You receive a job offer from a stranger for some outrageously great amount of money. It is that of a Personal Assistant. (If you were applying for a job, you may receive an email saying that the job you applied for is filled but So-and-So is looking for a Personal Assistant.)
- During the course of your communication, there will be a heavy emphasis placed on you staying on top of emails or texts.
- You will be sent checks for tasks you perform for this person. The tasks vary but you might be asked to buy Apple gift cards and send the person the PINs of them to him/her.
- The checks you deposit are all from empty bank accounts so your bank will likely lock you out of your account.
What does the scammer get? In some cases, such as that described above, they get Apple gift cards, sometimes of significant value. In some cases, you are helping them launder their money and in extreme cases, you may be helping them send illegal goods.
Before taking a job or applying for a job, thoroughly research an employer. If the job doesn’t include a specific name of an employer, forget about it. Google search the supposed employer to see if they are legitimate.
If you are hired sight unseen or with the most minimal interview questions, forget about it.
Note, the from is your email address “@quarantine.com”. The links go to something called “gastatoo.com”
Please just delete these.
In addition to those scams and phishing things I’ve been notifying you by flooding your email inboxes, here’s another one:
Well, this has scam written all over it, doesn’t it? First of all, that font color. Who chooses “mustard” from the crayola box and thinks it’s a good idea?
Plus, here’s great news: you are already all migrated to Office 365. YAY!
Please, confiscate my keyboard if I ever use the word “staffs” in a sentence that is not talking about multiple shepherds.
Random non-sentence: “On behalf of IT Support.” I’m on the edge of my chair about what the end of that would be. “On behalf of IT Support, here’s a peach.” “On behalf of IT Support, use sunblock.”
“Very compulsory.” As opposed to “Quasi-compulsory?” “Reasonably compulsory?’
This was a fun one.