July 25, 2018
On July 19th, a malicious email was sent out to U of T employees. This attack was an example of a phishing attempt that employed deception, blackmail and malicious threats. You can read more about this phishing attempt here.
In this phishing attempt, the attacker blackmails the user, demanding a large sum of bitcoin be transferred to their account, after claiming to have installed malware on the recipient’s devices which has recorded the victim viewing adult content. The attacker then insists they receive payment within 24 hours or else they will send the sensitive webcam footage to the recipient’s social media and email contacts list.
This attack is currently under investigation by the information security response team. These days, phishing attempts are becoming more and more sophisticated. Be wary of exploitation attempts and unusual messages, even from known contacts. If you are uncertain, confirm the truth of suspicious messages with colleagues over the phone or, better yet, in person. If you think you have received a phishing email contact firstname.lastname@example.org. To learn more about social engineering and phishing attacks, visit securitymatters.utoronto.ca.