Recently, a number of phishing emails have been sent to the WCM community with malicious content.
The first set of emails claim to be from hackers purporting to have uploaded software on your device to track your passcodes and activities. The senders then request payment with Bitcoin to uninstall the software.
The other email claims you’ve exceeded your email storage limit and your account needs to be upgraded. It then requests that you click on a link to upgrade your account; this link leads to a non-WCM site seeking your personal info.
The full versions of these emails are listed at the bottom of this message for reference.
What do you need to do?
- Please disregard these emails and delete them from your inbox if you receive them. They are phishing attempts designed to extract money or confidential data from you.
- If you have responded in any way to these messages, contact ITS immediately at 212-746-4878. We will work with you to ensure your account and computer were not compromised and take any necessary action to protect your information. You should also change your password at mypassword.med.cornell.edu (NOTE: ITS will not ask for your password to validate your account).
- As always, if you suspect you have received spam, please report it to ITS by sending the message to spam@med.cornell.edu as an attachment (view our instructions). You can view phish.weill.cornell.edu to help you determine if a message you received is an official WCM one.
Phishing messages
These are examples of the messages that have been going out to WCM users. If you see these, please delete them!
Message 1
Subject: account CWID@med.cornell.edu is compromised
Hello!
I'm a hacker who cracked your email and device a few months ago.
You entered a password on one of the sites you visited, and I intercepted it.
Of course you can will change it, or already changed it.
But it doesn't matter, my malware updated it every time.
Do not try to contact me or find me, it is impossible, since I sent you an email from your account.
Through your email, I uploaded malicious code to your Operation System.
I saved all of your contacts with friends, colleagues, relatives and a complete history of visits to the Internet resources.
Also I installed a Trojan on your device and long tome spying for you.
You are not my only victim, I usually lock computers and ask for a ransom.
But I was struck by the sites of intimate content that you often visit.
I am in shock of your fantasies! I've never seen anything like this!
So, when you had fun on piquant sites (you know what I mean!)
I made screenshot with using my program from your camera of yours device.
After that, I combined them to the content of the currently viewed site.
There will be laughter when I send these photos to your contacts!
BUT I'm sure you don't want it.
Therefore, I expect payment from you for my silence.
I think $817 is an acceptable price for it!
Pay with Bitcoin.
My BTC wallet: [code redacted]
If you do not know how to do this - enter into Google "how to transfer money to a bitcoin wallet". It is not difficult.
After receiving the specified amount, all your data will be immediately destroyed automatically. My virus will also remove itself from your operating system.
My Trojan have auto alert, after this email is read, I will be know it!
I give you 2 days (48 hours) to make a payment.
If this does not happen - all your contacts will get crazy shots from your dark secret life!
And so that you do not obstruct, your device will be blocked (also after 48 hours)
Do not be silly!
Police or friends won't help you for sure ...
p.s. I can give you advice for the future. Do not enter your passwords on unsafe sites.
I hope for your prudence.
Farewell.
Message 2
From: Garner Altham <ajdburtaiww@outlook.com>
To: WCM user
Subject: [EXTERNAL] CWID - Qr5aKceL
I do know Qr5aKceL one of your passphrases. Lets get directly to point. Not a single person has compensated me to investigate about you. You do not know me and you are probably thinking why you are getting this email?
actually, i placed a malware on the xxx streaming (sexually graphic) web-site and you know what, you visited this website to have fun (you know what i mean). While you were viewing videos, your web browser initiated working as a Remote control Desktop having a keylogger which provided me access to your display screen and webcam. immediately after that, my software program collected all your contacts from your Messenger, social networks, and email . after that i created a double-screen video. 1st part displays the video you were viewing (you've got a nice taste omg), and 2nd part displays the view of your web cam, and its u.
You have only 2 solutions. Let us take a look at each one of these choices in aspects:
1st alternative is to dismiss this email message. as a consequence, i most certainly will send out your video recording to almost all of your personal contacts and also imagine about the shame you feel. or if you are in a loving relationship, precisely how it would affect?
Number two option should be to compensate me $3000. We are going to regard it as a donation. in this instance, i will straight away discard your video footage. You can keep on going your life like this never took place and you surely will never hear back again from me.
You will make the payment by Bitcoin (if you do not know this, search for 'how to buy bitcoin' in Google).
BTC address: [code redacted]
[case sensitive so copy & paste it]
if you have been curious about going to the law enforcement officials, good, this message cannot be traced back to me. I have taken care of my moves. i am also not trying to charge a fee a lot, i prefer to be compensated. You have two days in order to pay. i've a specific pixel within this e-mail, and right now i know that you have read this mail. if i don't receive the BitCoins, i definitely will send your video recording to all of your contacts including close relatives, colleagues, etc. Nevertheless, if i do get paid, i will erase the video immediately. if you need proof, reply with Yea & i definitely will send out your video recording to your 6 contacts. This is a non:negotiable offer so don't waste mine time & yours by replying to this message.
Message 3
From: med.cornell.edu <support@med.cornell.edu>
Subject: Your email storage needs to be upgraded!
[WCM email address] Storage Limit Exceeded!
You have exceeded the storage limit on your email [WCM email address]. You will not be able to receive emails with attachments and pictures.
Upgrade [WCM email address] storage quota now to avoid loss of data and files.
Upgrade Here [malicious link redacted]
2 Things That Will Happen If You Do Not Upgrade Your Email Storage Quota:
- Emails with attachments will not be received.
- Emails you send with attachments will not deliver.
med.cornell.edu Technical Support Team.