How to Handle Threats Sent Electronically

Case Study

On Thursday, December 13, 2018, a wave of bomb threats were sent to various English-speaking countries around the world, including the U.S., via email. One facility included a hospital, Hillsboro Community Hospital, in Kansas. These threats were meant to cause disruption and/or obtain money.

These bomb threats sent via email were not found to be credible.

The emails shared the following similarities:

Claimed that a person had carried an explosive device into your office building.
Demanded 5 to 6 bitcoins (~$18,000 to ~$22,000 as of December 2018).
Claimed that the explosive device would be detonated if there was any police activity or unusual behavior.
Listed a specific explosive like tetryl, trinitrotoluene, or hexigen.

This wave of emails is unfortunately not new and similar to a widespread ransom scam earlier in 2018 where scammers sent an email claiming that they had recorded webcam footage of targets watching adult content online. It has been reported that scammers in this instance were able to fool at least 30 victims and received at least 7 bitcoins (~$50,000 as of July 2018) in ransom payment.

How to Respond

In this scenario, if you had received a similar email, it is recommend that you contact local police immediately.

Do not respond or try to contact the sender.
Do not pay the ransom or take any further action until you have spoken to police.
Keep the email as evidence.

At Pointe Coupee General Hospital, Emergency Preparedness’ has specific policies related to bomb threats. This information can be found in the Emergency Preparedness Policies and Procedures, located in the Hospital Policies folder on every PCGH desktop. There is even a bomb threat form that asks specific, pertinent questions that can aide law enforcement.

When faced with these scenarios, it is always best to remain calm, treat every threat as credible until more information is made available, and promptly report suspicious activities to law enforcement or a superior.

View all IT Education

Related IT Education

Social Engineering Red Flags

Social engineering is the process of gaining access to a system through the people who use it instead of attacking the system directly. For example, one form of social engineering may be an attacker researching information about a highly-privileged person — their favorite football team, their pet’s names, their date of birth, etc. — and trying those bits of info as a password.

How to Electronically Sign PDF Documents without Printing and Scanning

PDFs are great for when you need to share official documents, but they can be more difficult to work with than other file formats when you need to edit or fill them out.

Best Practices for Work and Personal Online Security

Most computer infections are caused by people downloading and running the virus themselves; i.e., being tricked. These infections come in all shapes and sizes.

Recognizing and Avoiding Phone Scams

Scammers can pressure office workers into “ordering” substandard, overpriced office supplies. Learn how to recognize these scams and how to protect yourself from them.

How to Stop Hackers from Accessing Your Accounts

You have a strong password, but you still want more protection online. What else can you do? Experts agree, the next best thing is two factor authentication. But what exactly is two factor authentication (2FA)?

How to Handle Threats Sent Electronically

On Thursday, December 13, 2018, a wave of bomb threats were sent to various English-speaking countries around the world, including the U.S., via email. These threats were meant to cause disruption and/or obtain money.

PCGHDecember 18, 2018