[Heads-up] Nationwide Bomb Threat Extortion Phishing Attack Campaign With A Twist



GettyImages-503032224

IN OFFICES AND universities all across the country Thursday, the same threat appeared in email inboxes: Pay $20,000 worth of bitcoin, or a bomb will detonate in your building. Police departments sent out alerts.

Workers from Los Angeles to Raleigh, North Carolina, evacuated their cubicles in the middle of the day. All over Twitter, people posted screenshots of the emails, many different versions of which appear to have been blasted out. As of Thursday afternoon, no bombs had been found, and cybersecurity experts largely dismissed the threats as an elaborate hoax.

Note that the last time we had a wave of these things was December of last year. Here is an example screenshot:

shabab-group-bomb-threat-emails-crop
 

The Twist? It comes from someone in your own organization...

What’s noteworthy about this campaign is that it is being sent from a compromised account within the targeted organization. (ReplyTo: points to an outside email address, though). So, to many recipients, this unwelcome email could appear to be coming from a fellow employee inside the organization. Your users need to be made aware of this possibility. Wired has the story: https://www.wired.com/story/bomb-threats-bitcoin-scam/


Find out how affordable new-school security awareness training is for your organization. Get a quote now.

 
Get A Quote
Request A Demo
 



Subscribe to Our Blog


Comprehensive Anti-Phishing Guide




Get the latest about social engineering

Subscribe to CyberheistNews