Story image

Bin 'em: Those bomb threat emails are complete hoaxes

17 Dec 18

A worldwide spate of spam emails claiming there is a bomb in the recipient’s building is almost certainly a hoax, but some national cybersecurity agencies are still asking those recipients to call their local authorities.

The Australian Government’s Stay Smart Online website and New Zealand’s Computer Emergency Response Team (CERT) posted bulletins about the emails last week.

CERT NZ says the emails claim an explosive device is hidden in the recipient’s office. Unless the recipients pay the ransom in bitcoin, the device will be detonated.

Newer variations of the emails claim that acid will be thrown at the recipient if they do not pay the ransom.

In a blog, Cisco Talos’ Jaeson Schultz says the sender’s claims are ‘completely false’, but they have caused a lot of damage as organisations have been forced to evacuate and call upon law enforcement. 

“Talos has discovered 17 distinct Bitcoin addresses that were used in the bomb extortion attack. Only two of the addresses have a positive balance, both from transactions received Dec. 13, the day the attacks were distributed. However, the amounts of each transaction were under $1, so it is evident the victims in this case declined to pay the $20,000 extortion payment price demanded by the attackers,” writes Schultz.

Here’s a sample of one that landed in Techday’s editorial inbox:


Schultz says that multiple IPs identified in the bomb threat scam are the same ones that were behind  a flood of sextortion emails earlier this year.

“What makes these particular extortion messages unique from other extortion scams we've monitored is that, previously, the attackers threatened only the individual — the attackers would threaten to expose sensitive data, or even attack the recipient physically, but there was never any threat of harm to a larger group of people, and certainly not the threat of a bomb.”

“While this is likely to be an opportunistic scam, New Zealand Police are working to confirm the validity of the threats until confirmed otherwise. If you receive the email, we encourage you to contact police,” says CERT NZ.

Schultz claims that the criminals behind the emails are willing to come up with any threat in order to fool people.

“At this point, we have seen several different variations of these emails, and we expect these sorts of attacks to continue as long as there are victims who will believe these threats to be credible, and be scared enough to send money to the attackers. Talos encourages users not to fall for these schemes and — above all — DO NOT pay extortion payments. Doing so will only confirm for the attackers that their social engineering approach is working, and victims' money goes directly toward facilitating additional attacks,” Schultz says.

CERT NZ also warns anyone who received the email:
•    Do not respond or try to contact the sender.
•    Do not pay the ransom or take any further action until you have spoken to police.
•    Keep the email as evidence to pass to police. 

IoT breaches: Nearly half of businesses still can’t detect them
The Internet of Thing’s (IoT’s) rapid rise to prominence may have compromised its security, if a new report from Gemalto is anything to go by.
Carbon Black: What does cybersecurity have in store for 2019?
Tom Kellerman has shared five insights for the year ahead, including a particularly bold one.
Hands-on review: The Ekster Wallet protects your cards against RFID attacks
For some time now, I’ve been protecting my credit cards with tinfoil. The tinfoil hat does attract a lot of comments, but thanks to Ekster, those days are now happily behind me.
Report on SingHealth breach condemns poor security practices
The 2018 Singapore SingHealth data breach was poorly managed and riddled with vulnerabilities from the start.
Tesla wants people to hack its Model 3
Tesla is offering white hat hackers what could be the chance of a lifetime – the opportunity to hack one of its Model 3 vehicles.
How to tackle cyber threats in your home
How should you start securing your devices? The company has provided tips for actions you can take across social media, home routers, TVs, and many more.
Endace joins IBM Security app exchange community
EndaceProbe Network Analytics Platform captures, indexes, and stores network traffic while hosting a variety of network security and performance monitoring applications.
Datto names new CEO as founder steps back
Austin McChord continues as a board member as the former president and COO takes over as CEO.