Returning to campus: Information, updates and vaccination requirements. Learn more.

Forged Email Phishing

Threat Level: Medium
Threat Type: Phishing
Advisory Date: 07/04/2019

Description

Recently, a number of users have recieved messages appearing to come from their own accounts and the message content claims to have "hacked" your email and has control of it. These types of email usually come with threatening or extortionary requests to purchase bitcoin and send it to a specific bitcoin wallet address to prevent exposure of private data or remove the malware they supposedly installed on the system.

An example Forged email message reads as:

_______________________

Hello,

As you may have noticed, I sent this email from your email account (if you didn't see, check the from Sender email ID.)
In other words, I have full access to your email account.

I infected you with a malware and since then, I have been observing your actions.

The malware gave me full access and control over your system, meaning, I can see everything on your screen, turn on your camera or microphone and you won't even notice about it.
I have also access to all your contacts.

I can remove the malware if you transfer exactly 700$ with the current (BTC) BITCOIN price, to my bitcoin address.

If you do not know how to do this, Google - "How to buy Bitcoin". The wallet you can create here: <REMOVED> - to receive and send BTC.
My bitcoin adress is: <REMOVED>

After receiving the payment, I will remove malware, and we will forget everything!

I give you one week to get the bitcoins.
Since I already have access to your system, I know when you read this email.

Don't share this email with anyone, this is our little secret!

_______________________

Impact

These messages are only sent to the specific recipient(s) from unique senders, these messages are an attempt to trick and extort you of personal or university funds.

Resolution

Simply ignore the request and delete the email; this type of message is completely false.

The phishers are using a simple mail posting trick called Email Spoofing to sign the "from" address as your email address to lend credibility to their scheme, however these messages do not originate from uregina email servers.

If you are uncertain that a message originates from uregina email servers, forward the message as an attachment to the IT Support Centre for verification.

If you are using the GroupWise email client you can do this by:

  1. Clicking the dropdown arrow next to "Forward" and selecting "Forward as attachment"
  2. Right-clicking the message in your inbox and selecting "Forward as attachment" from the context menu

Additionally if you have recieved a message like this, you can:

  • Review phishing guidelines.
  • If you have been engaged by potential fraudsters and have complied with their demands, please report any instances of messages to have an investigation opened.

Resources

These types of fraud attempts succeed because they rely almost entirely on deceiving employees, it is recommended you learn their tactics by taking information security awareness training so you can spot these attempts with ease.

You can also review our Phishing Information page to learn about the common indicators of a phishing message.

Questions or concerns? Contact IT Support for assistance:

    Email: IT.Support@uregina.ca
    Phone: 306-585-4685
    Toll-free in Canada: 1-844-585-4685
    In person at ED 137 or Archer Library