An odd email appeared in the inboxes of many members of the Pittsburgh Jewish community earlier this month. The strangely worded subject line read “Shalom Aleichem” and the email seemed to come from one of several local rabbis.
The text of the email was just three lines long with multiple punctuation and grammar mistakes: “Hi How Are You?/I Need An Assistance From You?/Please Let Me Know If You Get This.” It concluded with “Peace,” and the name of a local rabbi.
Everything about the email seemed peculiar: the broken English, the poor grammar, the vague request, the use of the word “peace” to conclude the email. It did not seem like a message that any local rabbi would send to a congregation, although the outgoing email address looked legitimate.
In fact, the email was just one of many phishing schemes found in communities across the country. It is an update on the old “Nigerian prince” email asking recipients for help.
According to FBI Special Agent Mike McKeown, the emails now circulating — with their credible outgoing email addresses — show that “the fraudsters have become very good at crafting their emails. They’re focusing on individuals within an organization that can help them move money.”
McKeown spoke as part of a cybersecurity webinar facilitated by the Jewish Federation of Greater Pittsburgh last week.
In the type of email phishing scheme targeting Jewish Pittsburghers earlier this month, there is no immediate request for money. The email instead attempts to build a relationship with the person who receives it. After trust has been created, the fraudster will then ask for money. In the meantime, if the recipient opens any links sent to them, malware can be added to their computer making them vulnerable to viruses or recording information such as passwords.
“Cybercriminals aren’t really trying to steal money initially,” explained Federation Director of Jewish Community Security Shawn Brokos. “They’re trying to get you to respond and engage in a relationship for malicious purposes.”
Brokos said that if an individual receives an email asking for a favor or seeking money, the most prudent advice to follow is “get out of that email.” Once you have closed the suspicious message, contact the purported sender by phone or at an email address you know and ask them if they contacted you.
With any email a person receives, Brokos explained, it is best to use a two-step verification process. “If you’re trying to get into your bank account, they’re going to send you a code. You need to take that additional step and make a phone call or use a valid email and ask the question.”
Brokos said that this phishing technique has been attempted a few times since she began her tenure at Federation in January. She does not know if there is a connection between the various attempts.
The Jewish community, both in Pittsburgh and nationally, also has been a victim of “Zoom bombing” since moving much of its programming online because of COVID-19.
Zoom bombing is the unwanted intrusion by a group or individual during a video conference call to cause disruption. White supremacists and anti-Semitic individuals and groups have used the technique to interrupt meetings by Jewish organizations and other minority groups.
The goal of the disruptions is to pair “hate speech and images,” according to Brokos.
Some of the language and pictures used have included swastikas, “Heil Hitler,” “Kill the Jews,” or the shouting of anti-Semitic phrases.
Brokos explained that these seemingly random acts were organized. “We can see that through chatrooms — there was a strategy to it.”
In some cases, these disruptions were used as a type of “gang initiation,” or proving ground for new recruits, Brokos said.
Most Jewish organizations have been able to stop Zoom bombing through the use of passwords and waiting rooms that did not exist when the software was initially employed in the early days of social distancing due to the COVID-19 pandemic.
That does not mean the threat has gone away.
“We saw that there was one recently directed at one of our synagogues on a particular day,” Brokos said. “The strategy was to mobilize. The white supremacists were looking to get on the call and scare the people. We were able to catch them in advance and warn the congregants.”
“The neo-Nazi movement is always looking to get their message out and thought Zoom would be a good platform for their message,” she added.
While the technology and techniques might be new, the organization and planning is similar to what was used before the coronavirus forced the community online.
The dark web and 8kun (formerly 8chan) are popular chatrooms used by anti-Semitic and white supremacist groups because they allow for anonymous posts and don’t police hate language.
Brokos thinks it is the Jewish community’s willingness to help others and their commitment to following their beliefs that make them attractive targets to cybercriminals.
“That’s our nature,” she said. “We are a service-oriented community. These are trying and difficult times. ‘I am available to help, and I will answer the call.’ There’s a strong desire to help in the community.”
Brokos and McKeown both offer the same advice for this new digital world: “Be cautious.” PJC
David Rullo can be reached at firstname.lastname@example.org.