When it comes to phishing, there are no rules or boundaries. Cyber attackers will try anything to convince, trick, and even scare you into giving them access to your private information or money.

Our information security team is continuously intercepting email phishing attempts on a daily basis. Some are more aggressive than others. One such email was intercepted this morning where the bad guy(s) were using scare tactics as a means to extort cryptocurrency from their victims. Here is their scam broken down into four simple steps.

1. The Hook – Getting your attention

The attackers claim they were able to hack into your computer on a specific date. They also claim that they have taken over your account settings and all attempts to reset your password are being “intercepted” by the hacker’s malware.

I have bad news for you.
19/07/2018 – on this day I hacked your operating system and got full access to your account
It is useless to change the password, my malware intercepts it every time.

In some cases, the attackers will even try to pull old password information they acquired from previously compromised accounts or purchased illegally from hacking websites, such as old/expired password information. They then present that information as way to fool into believing your current account has been compromised, banking on the fact that you are reusing passwords, which hopefully is false.

2. The Scare – What they found and what they will do

Once they have your attention, that’s when things begin to escalate. The attackers begin to employ scare tactics by claiming they have files and photos of a nefarious nature that were pulled directly from your hard drive. They claim they have also pulled all of your contacts and will send these files and photos to all of them.

A month ago, I wanted to lock your device and ask for a small amount of money to unlock.
But I looked at the sites that you regularly visit, and came to the big delight of your favorite resources.
I’m talking about sites for adults.

I want to say – you are a big, big pervert. You have unbridled fantasy!!!

After that, an idea came to my mind.
I made a screenshot of the intimate website where you have fun (you know what it is about, right?).

…I am strongly believe that you would not like to show these pictures to your relatives, friends or colleagues.

3. The Price – What are you being charged to make everything go away

Now that the attackers have your attention and have made their intentions known, next they will present their price. Typical form of online currency is cryptocurrency, one example is Bitcoin. Why bitcoin? Unlike a typical bank account, bitcoin accounts, or “wallets”, are untraceable and unregulated. With bitcoin you basically have two account “wallet” numbers, public and private. The public wallet number will allow money to flow in and out of the account. The private wallet number is your only access to the actual funds. If your private wallet number is compromised, then anyone with that code can easily steal the funds from your account.

As for the attackers, they have a price that they claim will make all the bad files and photos go away. They are even nice enough to provide detailed instructions on how to buy and transfer bitcoin.

I think $711 is a very small amount for my silence.
Besides, I spent a lot of time on you!

I accept money only in Bitcoins.
My BTC wallet: 1H9bS7#################EtMEeLFvC

4. The Final Warning – “Do as I say or else…”

…if I do not receive the specified amount from you, then your device will be blocked, and all your contacts will receive a photos with your “joys”.
I want you to be prudent.
– Do not try to find and destroy my virus! (All your data is already uploaded to a remote server)
– Do not try to contact me (this is not feasible, I sent you an email from your account)
– Various security services will not help you; formatting a disk or destroying a device will not help either, since your data is already on a remote server.

The final step is making you feel helpless and trapped. The attackers make you feel that there is no way out of your situation. Keep in mind, this is very likely a big bluff. The attacker’s goal is to send this email out to tens of thousands of people in the hopes that maybe a handful actually fall for the scam.

What can we do?

Our Information Security team is always on the lookout for phishing attempts. As end users we also need to exercise caution when opening emails from unknown senders, especially if they are of a threatening nature. Resetting your password regularly (every 6 months) can help prevent unauthorized users from access your account.  Visit password.chapman.edu if you have not reset your password recently.

If feel that your account has been compromised, please report it immediately to infosec@chapman.edu.

For more information about phishing and what to look for, please visit Chapman.edu/security.