Office of Information Security
The mission of the Office of Information Security is to facilitate the following items in a secure manner: the education of students, deliver quality education, conduct research, and to ensure staff can serve the University mission and their departmental functions.
Our goals are to defend the institutions data, systems, and networks from misuse, damage and loss.
UNC's Office of Information Security team is reporting emails targeting @unco and @bears accounts with blackmail/extortion messages trying to shame the victims into sending money to a special account. Similar messages targeting other higher education institutions have been targeted as well. The emails are being caught by our Exchange Online Protection services and Outlook has been identifying many as junk mail and placing them in the junk folder. The messages tell us the user had visited a website and the site installed malware on the computer, which in turn took pictures or videos of the person in their home or office. The message says they will contact the victim’s friends, family and coworkers unless $200 to $400 in bitcoin is sent to a specific account.
One of the extortion emails is using UNC emails addresses with passwords pulled from non-UNC data breaches where a person used their UNC email address along with a non-UNC system password. The message includes a username and password that was used on the website. The bad guys harvested the leaked account lists and use them to make their threat more plausible.
No evidence has been found of either malware or applications being installed on computers and in turn taking pictures or videos and we these messages are an attempt to shame the receiver into thinking there are images being taken by the computers camera.
The Office of Information Security recommends the following:
When reviewing your Exchange Online Protection notification or junk mail and you
see a subject such as “Subject: You are a Victim” , “Subject: Unpleasant news ID 5CRPjCdFgN...”
or “Subject: Your Email Address ID and a random set of characters”from a sender you
do not recognize, please do not un-junk the message. Please ignore or delete the message.
If a Blackmail/Extortion messages is delivered to your inbox, please forward the message to Help@unco.edu to open a support request through the Technical Support Center. We will then review the message.
Report the junk/phishing email in Outlook or Office365. To do this follow these instructions
from our Technical Support Center Knowledge base:
Reporting junk/phishing in Office 365
1. Go to https://outlook.office.com/.
2. Log in with your UNC email address and password.
3. Click the checkbox next to an unsolicited email message to select it.
4. Click the arrow next to Junk at the top of the page.
5. Choose the appropriate option (Junk or Phishing). This will delete the email and report it to the Microsoft Exchange Online Protection Group.
For more information on phishing and other social engineering tips please visit the UNC Office of Information Security CyberSecurity page at: http://www.unco.edu/cybersecurity/faculty-and-staff-resources/phishing-social-engineering.aspx