Date Released: 5/20/2019

Hello All:

In recent days we have received an increasing amount of reports concerning a phishing campaign that is targeting not only Stony Brook University and Stony Brook Medicine, but individuals across the globe.

The subject line of the email is usually in the form of “firstname.lastname”, or is left blank. The message consists of an image containing text, which purports the author has hacked your email, and all of your other devices. The message goes on to claim that your browser history has been taken and compromising video and photo has been captured from your webcam. The attacker then provides a bitcoin address and asks for approximately $1000 USD to not release these materials.

It is important to note that this is a scare tactic being used by the attacker, and no such access has been gained on your devices. These messages are sent in bulk, to many thousands of addresses at once. They generally contain copious spelling and grammar mistakes. Some may even contain an old password that you may have previously used.

What should I do if I receive one of these emails?

1. Do not respond or continue a conversation in progress.

2. Forward the email to phishbowl@stonybrook.edu.

3. Flag the message as phishing. The method for doing so varies slightly depending upon what email system you are on. If using Google, it’s as easy as pressing the three dots next to the reply button and choosing “Report Phishing.” If using Outlook, follow the steps below:

If you fall victim to one of these scams, do not panic. Instead, immediately call the financial institution you used to issue payment and report it as fraud. Be sure to also contact the University Police Department. If sensitive data was shared with the attacker, be sure to report it to our team as well by opening a ticket.

Thank you for your diligence and attention to this matter.