Go to the U of M home page

Friday, July 20, 2018

Advisory: Scam Extortion Using Leaked Passwords

Attempt to extort bitcoin payment using passwords from data breaches.

Scam Details


  • Victim's email and a password are exposed in a data breach, i.e. Linked-in, etc.
  • Attacker crafts an email to that email address "revealing" they know the password, with the following details:
  • They have installed malicious software on the victim's computer 
  • They have used the victim's computer camera to secretly record the victim watching porn
  • They will send the recording to the user's contacts unless the victim sends bitcoin payment to buy their silence.

What's Going On

Data breaches are all too common - many yielding large "dumps" of email addresses and passwords. The attackers in this scenario are using this information to trick their victim into thinking they have been compromised - which is very, very unlikely. The most convincing piece of information is that they know a single password that the victim used somewhere at some time. Unless they use the same password everywhere (note: this is a very bad practice) it isn't going to unlock their computer.

How You Can Protect Yourself
  • Use unique, strong,  passwords for each account.
  • Use a password manager to track your passwords. (en.wikipedia.org/wiki/Password_manager)
  • Subscribe to haveibeenpwned.com to learn if your email has shown up in password dumps - change any password if an account turns up.
  • You can use haveibeenpwned.com to check to see if your email address has shown up in the past in any password breaches. [Note: haveibeenpwned will not tell you the password that was exposed, but it will tell you the date of the exposure. If your current password is newer than that date, you do not need to update your password.]
See Brian Krebs (notable security blogger) take on this scam at: https://krebsonsecurity.com/2018/07/sextortion-scam-uses-recipients-hacked-passwords/

Wednesday, July 18, 2018

Example 221: University J0b Recruiting / Artnet Job Offer

Scam offers for employment sent to students using an image file to present the offer.

Messages text:

From: 
Date: Wed, Jul 18, 2018 at 12:44 AM
Subject: Re: Artnet Job Offer
To: 

*find attached..*
The above had this customized IMAGE file delivering the message:



From:
Date: Tue, Jul 17, 2018 at 11:26 PM
Subject: University J0b Recruiting
To:
 
Dear selected Candidate,
Your university recruiting department has selected you for an on-campus
offer. Please find attached..
 
Regards,
This message, sent by a different email as the first, included this image with the gmail address used in the other "Artnet" offer:

Things to note:
  • Sender is unknown 
  • Email text sent as image file - presumably to avoid being detected as spam
  • Message follows standard "money mule" come-on


What is a money mule?

A money mule is someone recruited by criminals to transfer the profits of their illegal activities. The money may have been stolen directly from another bank account or may be the profits of fraud, drug trafficking, child labour or prostitution. Most of the criminals carrying out this type of crime are located abroad, so a money mule based in the UK is required to transfer the money overseas.
Although some money mules know that they are handling stolen money, criminals also target groups such as university students to unwittingly laundering the funds on their behalf.



Advisory: FTC Issues Alert on Tech Support Scams


FTC Issues Alert on Tech Support Scams


The Federal Trade Commission has released an alert on tech support scams. Scammers use pop-up messages, websites, emails, and phone calls to entice users to pay for fraudulent tech support services to repair problems that don’t exist. Users should not pay or give control of their devices to any stranger offering to fix problems. 
NCCIC encourages users and administrators to refer to the FTC Alert and the NCCIC Tip on Avoiding Social Engineering and Phishing Attacks for more information. If you believe you are a victim of a tech support scam, file a complaint at www.FTC.gov/complaint.

Monday, July 9, 2018

Advisory: Reports of scam caller 'spoofing' 911

Spoofed calls "from" 911 used to steal personal information.


MARQUETTE COUNTY, Mich. (WLUC) - Marquette County Central Dispatch/Emergency Management received a report of a caller ID spoofing incident using “911” as the callback number here in Michigan.
A bad actor using 911 as the caller ID called a citizen and said that someone in their family had been in an accident and started to ask for personal information. The citizen called her family member and found out they were fine. If this ever happens to you, please remember this:
• If you get a voice call from 911, it will NOT be on a 911 line. If the 911 center calls you, it will always be on a 10-digit line, not a 911 line.
• The only time that the digits 911 will show up as an incoming communication will be via a text.
• If you receive a call from someone who says that they are from 911 or other public safety department (police, fire, or EMS), ask them for the number they can be reached at and call them back.
• NEVER give your social security, credit card, or insurance information over the phone.