CIT: extortion emails are totally fake
An unknown number of students and staff have received an email like this over the past few weeks. CIT has made it clear that these emails are fake.
The sender claims to have broken into your laptop and copied your files, but they haven’t. ‘So far, we’ve managed to prevent real ransomware attacks, which use software that give criminals access to your files, encrypting them so you can’t access them anymore’, says CIT director Ronald Stolk.
The most recent scam email, sent to various RUG accounts on November 16, was a so-called phishing email, in which a scammer sends an email to as many addresses as possible in the hopes that at least a few people get so scared that they wire 870 euros into the scammer’s anonymous bitcoin account.
It looks as though the email came from the account itself, but it did not. ‘The phishers are using what’s known as a spoofing technique’, says Andre Pathuis, CIT security manager. ‘But you haven’t actually sent the email to yourself. The phisher also doesn’t have your account information. That’s why you won’t find the email in your sent items list.’
If a student or staff member accidentally clicks a link in a phishing mail, the scammer who sent it gains access to that account’s address book, says Stolk. That means a scammer can have your email address even if you’ve never fallen for a phishing email before.
The RUG’s spam filter will block most of the unwanted emails, but the CIT still says it’s important to stay wary. ‘Make sure you know what kind of links you click on’, says Pathuis.
The CIT advised not to click on any links you don’t trust and immediately delete the emails they’re in.
Click here to learn how you can recognise a phishing email.