IN OFFICES AND universities all across the country Thursday, the same threat appeared in email inboxes: Pay $20,000 worth of bitcoin, or a bomb will detonate in your building. Police departments sent out alerts.
Workers from Los Angeles to Raleigh, North Carolina, evacuated their cubicles in the middle of the day. All over Twitter, people posted screenshots of the emails, many different versions of which appear to have been blasted out. As of Thursday afternoon, no bombs had been found, and cybersecurity experts largely dismissed the threats as an elaborate hoax.
Note that the last time we had a wave of these things was December of last year. Here is an example screenshot:
The Twist? It comes from someone in your own organization...
What’s noteworthy about this campaign is that it is being sent from a compromised account within the targeted organization. (ReplyTo: points to an outside email address, though). So, to many recipients, this unwelcome email could appear to be coming from a fellow employee inside the organization. Your users need to be made aware of this possibility. Wired has the story: https://www.wired.com/story/bomb-threats-bitcoin-scam/