Written by Craig Drake, Information Security Engineer (ITS)

IT Security has detected a new email scam that began affecting the University of Chicago community yesterday, December 13. The scam has been widely reported at other higher education institutions. The email purports to be a bomb threat or threatens other physical harm and demands a large bitcoin ransom. Subject lines similar to “No need to be heroic”, “I advise you not to call the police”, “Bomb is in your building”, and others are being reported.

Sample email text:

Good day. I write you to inform you that my man carried the explosive device (lead azide) into the building where your company is located. It was built according to my instructions. It is small and it is hidden very well, it is not able to damage the supporting building structure, but in the case of its detonation you will get many victims.
My man is watching the situation around the building. If any unusual behavior, panic or emergency is noticed he will power the bomb.
I can withdraw my mercenary if you make a transfer. You transfer me 20’000 usd in Bitcoin and the bomb will not detonate, but do not try to deceive me -I warrant you that I have to withdraw my recruited person only after 3 confirmations in blockchain.

Here is my Bitcoin address – [redacted]

You must send money by the end of the working day, if the working day is over and people start leaving the building the device will explode.
Nothing personal this is just a business, if I do not see the money and the bomb detonates, other commercial enterprises will send me a lot more, because this isnt a one-time action.
For security and anonymity , I will no longer visit this email. I check my wallet every 40 min and after seeing the bitcoins I will order my recruited person to leave your area.

If the explosive device blows up and the authorities read this letter-
We arent terrorists and dont take liability for explosions in other buildings.

IT Security does not consider this a credible threat.

Based on known samples, the University’s email protection service is discarding, quarantining, or tagging these emails as Spam, so you should not receive them in your inbox. However, if you do receive such a message, please report it to security@uchicago.edu. IT Security will take action to stop the abuse, as appropriate.

Stay safe, stay informed, and visit Get Secure for more tips to keep you protected.

References:

https://www.chicagotribune.com/news/local/breaking/ct-met-bomb-threats-20181213-story.html

https://krebsonsecurity.com/2018/12/spammed-bomb-threat-hoax-demands-bitcoin/

https://www.cnn.com/2018/12/13/us/email-bomb-threats/index.html