Kansas State University


IT News

An old scam with a new twist, bitcoin demands coming around again

Imagine my surprise toΒ  open an email and learn that I was about to send pornography and video footage to ten randomly selected individuals from my contact list, should I not comply with the demands of $2,000 in bitcoins within 24 hours. Where my heart skipped a beat was in the subject line that included an old password and the first sentence of the email that included the same password.

Here’s how the email started:

“π™Έπš πšœπšŽπšŽπš–πšœ πšπš‘πšŠπš, ——–, πš’πšœ πš’πš˜πšžπš› πš™πšŠπšœπšœπš πš˜πš›πš.”

According to our security experts, this password could have been harvested years ago, stored on the dark web and then sold to scammers –some nefarious individual(s) with too much time on their hands.

After more deep breathing and internet searches, I found this to be an old scam but with a new scarier twist, the revealing of a password. It also listed how many days the scammer had been capturing information about me – 182 days.

What did I do? After a few more deep breaths, I did the following:

  • Sent the email with headers to abuse@ksu.edu.
  • Discussed the email with our technical support staff
  • Checked the scams blog to determine if this had been reported
  • Changed my password on every system where I had used the old password.
  • Ran malware software on my computer
  • Deleted the email
  • Remain vigilant about scams

A couple of red flags I noted from the email were the urgency and intimidation of the request (πš›πšŽπššπšžπš’πš›πšŽ πš’πš˜πšžπš› πšπšžπš•πš• πšŠπšπšπšŽπš—πšπš’πš˜πš— πšπš˜πš› πšπš‘πšŽ πšžπš™ πšŒπš˜πš–πš’πš—πš πšƒπš πšŽπš—πšπš’-πšπš˜πšžπš› πš‘πš˜πšžπš›πšœ), the demand for money (π™Ώπšžπš›πšŒπš‘πšŠπšœπšŽ $ 𝟸𝟢𝟢𝟢 πš’πš— πš‹πš’πšπšŒπš˜πš’πš— πšŠπš—πš πšœπšŽπš—πš πšπš‘πšŽπš– πš˜πš— πšπš‘πšŽ πš‹πšŽπš•πš˜πš  πšŠπšπšπš›πšŽπšœπšœ), the email from an individual I didn’t know (mpnaneteps@hotmail.com), poorly worded email and incorrect use of capitalization.

The university has been busy processing these scams over the last week. If you are unsure about an email send to abuse and then delete. My mantra continues, when in doubt don’t give it out (your credentials).