Extortion phishing with credentials

Threat Level: Medium
Threat Type: Phishing
Advisory Date: 07/13/2023

Description

Emails coming from an outlook.com email address have been hitting University inboxes with a very attention grabbing subject: your username and credentials.

These extortion emails read in various different structures, but they all start with a claim to have some personal information on you, and direct you to send money to a bitcoin address.

Example:

I'm aware, <CREDENTIALS>, is your pass word. You may not know me and you are most likely thinking why you are getting this mail, right?

Let me tell you, I actually installed a malware on your internet browser started out working as a RDP (Remote control Desktop) with a key logger which provided me accessibility to your display and also web camera. Immediately after that, my software program obtained your entire contacts from your Messenger, FB, and email.

exactly what should you do?

Well, I believe, $2900 is a reasonable price for our little secret. You'll make the payment through Bitcoin (if you do not know this, search "how to buy bitcoin" in Google).

BTC Address: <BITCOIN ADDRESS>
(It is cAsE sensitive, so copy and paste it)

Note:
You have one day in order to make the payment. (I have a unique pixel in this mail, and now I know that you have read this e mail). If I don't receive the BitCoins, I will post your credentials to others. It's a non-negotiable offer, so please do not waste my time and yours by responding to this message.

Impact

There is no impact to univeristy systems, however directly affected students, faculties and department distribution groups have been alerted to the phishing scam.

Resolution

If you received this message, please be aware that the claims to have information on you are false. While the messages contain credential data, it has been confirmed that this data has been found in previous breaches (from other external sites such as LinkedIn, TicketFly etc.) and have since been changed on University systems.

If you have used the password on any other service, it is recommended that you change it immediately.

Resources

More phishing related information such as "How can I tell if the message is real?"  and "What should I do if I suspect email phisihing?" can be found at the Phishing Information resources page.

If your receive a message that you are unable to determine the legitimatacy of, please contact the IT Support Centre:

In person at ED 137 or Archer Library Main Floor Commons

In person at ED 137 or Archer Library Main Floor Commons