Skip to content

Tuesday October 16, 2018 Salt Lake City, UT

Alerts

Cyber Security

TOP STORY

Increase in Spear-Phishing Attempts in Utah

Monday July 30, 2018

SITUATIONAL REPORT: ATTEMPTS INVOLVING CORRECT USERNAMES AND PASSWORDS IN UTAH

The Statewide Information and Analysis Center (SIAC) has received an increase of complaints of phishing scams involving correct usernames and passwords listed in the email.

Summary
The Statewide Information and Analysis Center (SIAC) has received an increase of complaints of spear-phishing scams involving the victim’s correct username and password listed in the email and are sent from an outlook.com domain. The email subject line contains a username and password. The email then describes knowing the victim’s password, installed malware on their computer, and also claims to have recorded the individual. The email then demands payment in order to destroy the compromising recorded video. The email lists a required amount to be paid in Bitcoin, in addition to a Bitcoin wallet address.

It is highly unlikely that the sender of the email installed malware on the victim’s computer and recorded any video. The usernames and passwords listed in the subject line and email address were likely obtained from high profile data breaches. Emails involved were all victims in high profile breaches such as:

• Exploit.In: A large list of 593 million email addresses and passwords from various sources leaked in 2016.

• LinkedInUSBUS: In May 2016, 164 million email addresses and passwords were exposed.

• MySpaceUSBUS: In 2008, 260 million accounts were exposed and contained usernames, email addresses, and passwords.

Recommendations
The SIAC recommends to change passwords frequently and use strong passwords with letters, numbers, and at least 8 characters.

Contact Information 
If you have experienced a similar spear-phishing attempt, please submit a cybercrime tip form at https://siac.utah.gov/cyber-crime-tip-form/ 

SHARE THIS STORY

More from the News Room

Multi-Vehicle Crash on I-15 SB at MM 129

October 2018

Cybersecurity is a Shared Responsibility

October 2018

Semi Crashes into a Garden City Sporting Goods Store

October 2018