The FBI today warns computer users to exercise caution when they receive e-mails that purport to show photos or videos of Usama bin Laden’s recent death. This content could be a virus that could damage your computer. This malicious software, or “malware,” can embed itself in computers and spread to users’ contact lists, thereby infecting the systems of associates, friends, and family members. These viruses are often programmed to steal your personally identifiable information.
The Internet Crime Complaint Center (IC3) urges computer users to not open unsolicited (spam) e-mails, including clicking links contained within those messages. Even if the sender is familiar, the public should exercise due diligence. Computer owners must ensure they have up-to-date firewall and anti-virus software running on their machines to detect and deflect malicious software.
The IC3 recommends the public do the following:
* Adjust the privacy settings on social networking sites you frequent to make it more difficult for people you know and do not know to post content to your page. Even a “friend” can unknowingly pass on multimedia that’s actually malicious software.
* Do not agree to download software to view videos. These applications can infect your computer.
* Read e-mails you receive carefully. Fraudulent messages often feature misspellings, poor grammar, and nonstandard English.
* Report e-mails you receive that purport to be from the FBI. Criminals often use the FBI’s name and seal to add legitimacy to their fraudulent schemes. In fact, the FBI does not send unsolicited e-mails to the public. Should you receive unsolicited messages that feature the FBI’s name, seal, or that reference a division or unit within the FBI or an individual employee, report it to the Internet Crime Complaint Center at www.ic3.gov.
-----
Community News You Can Use
Click to read MORE news:
www.GeorgiaFrontPage.com
Twitter: @gafrontpage & @TheGATable @HookedonHistory
www.ArtsAcrossGeorgia.com
Twitter: @artsacrossga, @softnblue, @RimbomboAAG @FayetteFP
Showing posts with label fbi. Show all posts
Showing posts with label fbi. Show all posts
Tuesday, May 3, 2011
Monday, February 14, 2011
Internet Crime Complaint Center's (IC3) Scam Alerts
This report, which is based upon information from law enforcement and complaints
submitted to the IC3, details recent cyber crime trends and new twists to previously-existing
cyber scams.
Social Network Misspelling Scam
During December 2010, the IC3 discovered misspellings of a social network site being
used as a social engineering ploy. Misspelling the domain name of this site would
redirect users to websites coded to look similar to the actual website. The website
users were redirected to answer three or four simple survey questions. Upon answering
those questions, users were offered a choice of three free gifts. Multiple brands
were observed as being offered as gifts, including gift cards to retail stores and
various brands of laptops.
After clicking on one of the gifts, users were further redirected to other websites
claiming to give free gifts for completing surveys. The surveys typically asked
for name, address, phone number, and e-mail address. A user could spend hours filling
out multiple surveys and never receive any of the gifts advertised.
Fake Online Receipt Generator Targets Unsuspecting Online Marketplace Merchant
A new scam aims to swindle online marketplace sellers by generating fake receipts.
This Receipt Generator is an executable file that has been circulating on hacking
forums recently. This is a particularly interesting scam - because it does not target
regular PC users, it targets the sellers on online marketplace websites. This is
what the would-be social engineer sees when running the program:
The social engineer can fill in a variety of information, including item name, price,
and the date the order was taken. Additionally, it allows them to choose between
the .com, .co.uk, .fr, and .ca marketplace portals. When they hit "Generate," an
HTML file is created in the program folder which looks like this:
The program produces what appears to be a genuine marketplace receipt and a copy
of the "Printable Order Summary," similar to the documents resulting from legitimate
marketplace purchases. Note the small details, such as "Total before tax," "Sales
tax," and other particulars that make the receipt convincing.
Many sellers on these markets will ask the buyer to send them a copy of the receipt
should the buyer run into trouble, have orders go missing, lose the license key
for a piece of software, and so on. The scammer relies on the seller to accept the
printout at face value without checking the details. After all, how many sellers
would be aware someone went to the trouble of creating a fake receipt generator?
Sellers must remain ever vigilant about this scam, which has been a popular topic
in recent hacker forums. The VirusTotal detection rate is currently 1/43 – detected as Hacktool.Win32.Amagen.A.
Malicious Code In .gov E-mail
A recent malware campaign, disguised as a holiday greeting from the White House,
targeted government employees. The recipient received the below e-mail with links
to what masqueraded as a greeting card, but when they clicked on the link, it attempted
to download a file named "card.exe." The executable program proved to be an information-stealing
Trojan, which would disable the recipient’s computer security notifications, software
updates, and firewall settings. The malware also installed itself into the computer’s
registry, enabling the code to be executed every time the computer was rebooted.
At the time of review, this particular malicious code sample had a low antivirus
detection rate of 20%, with only 9 out of 43 antivirus companies reporting detection.
From: sender@whitehouse.gov [mailto: sender@whitehouse.gov]
Sent: Wednesday, December 22, 2010 10:33 PM
To: recipient's name
Subject: Merry Christmas, recipient's name
Recipient’s name here,
As you and your families gather to celebrate the holidays, we wanted to take a moment
to send you our greetings. Be sure that we're profoundly grateful for your dedication
to duty and wish you inspiration and success in fulfillment of our core mission.
Greeting card:
hxxp://xtremedefenceforce.com/card/
hxxp://elvis.com.au/card/
Merry Christmas!
___________________________________________
Executive Office of the President of the United States
The White House
1600 Pennsylvania Avenue NW
Washington, DC 20500
Source: FBI, February 2011
-----
Community News You Can Use
Click to read MORE news:
www.GeorgiaFrontPage.com
Twitter: @gafrontpage & @TheGATable @HookedonHistory
www.ArtsAcrossGeorgia.com
Twitter: @artsacrossga, @softnblue, @RimbomboAAG @FayetteFP
submitted to the IC3, details recent cyber crime trends and new twists to previously-existing
cyber scams.
Social Network Misspelling Scam
During December 2010, the IC3 discovered misspellings of a social network site being
used as a social engineering ploy. Misspelling the domain name of this site would
redirect users to websites coded to look similar to the actual website. The website
users were redirected to answer three or four simple survey questions. Upon answering
those questions, users were offered a choice of three free gifts. Multiple brands
were observed as being offered as gifts, including gift cards to retail stores and
various brands of laptops.
After clicking on one of the gifts, users were further redirected to other websites
claiming to give free gifts for completing surveys. The surveys typically asked
for name, address, phone number, and e-mail address. A user could spend hours filling
out multiple surveys and never receive any of the gifts advertised.
Fake Online Receipt Generator Targets Unsuspecting Online Marketplace Merchant
A new scam aims to swindle online marketplace sellers by generating fake receipts.
This Receipt Generator is an executable file that has been circulating on hacking
forums recently. This is a particularly interesting scam - because it does not target
regular PC users, it targets the sellers on online marketplace websites. This is
what the would-be social engineer sees when running the program:
The social engineer can fill in a variety of information, including item name, price,
and the date the order was taken. Additionally, it allows them to choose between
the .com, .co.uk, .fr, and .ca marketplace portals. When they hit "Generate," an
HTML file is created in the program folder which looks like this:
The program produces what appears to be a genuine marketplace receipt and a copy
of the "Printable Order Summary," similar to the documents resulting from legitimate
marketplace purchases. Note the small details, such as "Total before tax," "Sales
tax," and other particulars that make the receipt convincing.
Many sellers on these markets will ask the buyer to send them a copy of the receipt
should the buyer run into trouble, have orders go missing, lose the license key
for a piece of software, and so on. The scammer relies on the seller to accept the
printout at face value without checking the details. After all, how many sellers
would be aware someone went to the trouble of creating a fake receipt generator?
Sellers must remain ever vigilant about this scam, which has been a popular topic
in recent hacker forums. The VirusTotal detection rate is currently 1/43 – detected as Hacktool.Win32.Amagen.A.
Malicious Code In .gov E-mail
A recent malware campaign, disguised as a holiday greeting from the White House,
targeted government employees. The recipient received the below e-mail with links
to what masqueraded as a greeting card, but when they clicked on the link, it attempted
to download a file named "card.exe." The executable program proved to be an information-stealing
Trojan, which would disable the recipient’s computer security notifications, software
updates, and firewall settings. The malware also installed itself into the computer’s
registry, enabling the code to be executed every time the computer was rebooted.
At the time of review, this particular malicious code sample had a low antivirus
detection rate of 20%, with only 9 out of 43 antivirus companies reporting detection.
From: sender@whitehouse.gov [mailto: sender@whitehouse.gov]
Sent: Wednesday, December 22, 2010 10:33 PM
To: recipient's name
Subject: Merry Christmas, recipient's name
Recipient’s name here,
As you and your families gather to celebrate the holidays, we wanted to take a moment
to send you our greetings. Be sure that we're profoundly grateful for your dedication
to duty and wish you inspiration and success in fulfillment of our core mission.
Greeting card:
hxxp://xtremedefenceforce.com/card/
hxxp://elvis.com.au/card/
Merry Christmas!
___________________________________________
Executive Office of the President of the United States
The White House
1600 Pennsylvania Avenue NW
Washington, DC 20500
Source: FBI, February 2011
-----
Community News You Can Use
Click to read MORE news:
www.GeorgiaFrontPage.com
Twitter: @gafrontpage & @TheGATable @HookedonHistory
www.ArtsAcrossGeorgia.com
Twitter: @artsacrossga, @softnblue, @RimbomboAAG @FayetteFP
Thursday, January 20, 2011
E-mails Containing Malware Sent To Businesses Concerning Their Online Job Postings
Recent FBI analysis reveals that cyber criminals engaging in ACH/wire transfer fraud have targeted businesses by responding via e-mail to employment opportunities posted online.
Recently, more than $150,000 was stolen from a US business via unauthorized wire transfer as a result of an e-mail the business received that contained malware. The malware was embedded in an e-mail response to a job posting the business placed on an employment website and allowed the attacker to obtain the online banking credentials of the person who was authorized to conduct financial transactions within the company. The malicious actor changed the account settings to allow the sending of wire transfers, one to the Ukraine and two to domestic accounts. The malware was identified as a Bredolab variant, svrwsc.exe. This malware was connected to the ZeuS/Zbot Trojan,
which is commonly used by cyber criminals to defraud US businesses.
The FBI recommends that potential employers remain vigilant in opening the e-mails of perspective employees. Running a virus scan prior to opening any e-mail attachments may provide an added layer of security against this type of attack. The FBI also recommends that businesses use separate computer systems to conduct financial transactions.
For more information on this type of fraud and prevention tips, please refer to previous Public Service Announcements by clicking the links below:
* http://www.ic3.gov/media/2010/CorporateAccountTakeOver.pdf
* http://www.ic3.gov/media/2010/WorkAtHome.pdf
* http://www.ic3.gov/media/2009/091103.aspx
Anyone who believes they have been a target this type of attack should immediately contact their financial institutions and local FBI office, and promptly report it to the IC3's website at www.IC3.gov. The IC3's complaint database links complaints together to refer them to the appropriate law
enforcement agency for case consideration. The IC3 also uses complaint information to identify emerging trends and patterns.
Source: IC3
-----
Community News You Can Use
Click to read MORE news:
www.GeorgiaFrontPage.com
Twitter: @gafrontpage & @TheGATable @HookedonHistory
www.ArtsAcrossGeorgia.com
Twitter: @artsacrossga, @softnblue, @RimbomboAAG @FayetteFP
Recently, more than $150,000 was stolen from a US business via unauthorized wire transfer as a result of an e-mail the business received that contained malware. The malware was embedded in an e-mail response to a job posting the business placed on an employment website and allowed the attacker to obtain the online banking credentials of the person who was authorized to conduct financial transactions within the company. The malicious actor changed the account settings to allow the sending of wire transfers, one to the Ukraine and two to domestic accounts. The malware was identified as a Bredolab variant, svrwsc.exe. This malware was connected to the ZeuS/Zbot Trojan,
which is commonly used by cyber criminals to defraud US businesses.
The FBI recommends that potential employers remain vigilant in opening the e-mails of perspective employees. Running a virus scan prior to opening any e-mail attachments may provide an added layer of security against this type of attack. The FBI also recommends that businesses use separate computer systems to conduct financial transactions.
For more information on this type of fraud and prevention tips, please refer to previous Public Service Announcements by clicking the links below:
* http://www.ic3.gov/media/2010/CorporateAccountTakeOver.pdf
* http://www.ic3.gov/media/2010/WorkAtHome.pdf
* http://www.ic3.gov/media/2009/091103.aspx
Anyone who believes they have been a target this type of attack should immediately contact their financial institutions and local FBI office, and promptly report it to the IC3's website at www.IC3.gov. The IC3's complaint database links complaints together to refer them to the appropriate law
enforcement agency for case consideration. The IC3 also uses complaint information to identify emerging trends and patterns.
Source: IC3
-----
Community News You Can Use
Click to read MORE news:
www.GeorgiaFrontPage.com
Twitter: @gafrontpage & @TheGATable @HookedonHistory
www.ArtsAcrossGeorgia.com
Twitter: @artsacrossga, @softnblue, @RimbomboAAG @FayetteFP
Wednesday, July 28, 2010
FBI, Slovenian and Spanish Police Arrests Mariposa Botnet Creator, Operators
The FBI, in partnership with the Slovenian Criminal Police and the Spanish Guardia Civil, announced today significant developments in a two-year investigation of the creator and operators of the Mariposa Botnet. A botnet is a network of remote-controlled compromised computers.
The Mariposa Botnet was built with a computer virus known as “Butterfly Bot” and was used to steal passwords for websites and financial institutions. It stole computer users’ credit card and bank account information, launched denial of service attacks, and spread viruses. Industry experts estimated the Mariposa Botnet may have infected as many as 8 million to 12 million computers.
“In the last two years, the software used to create the Mariposa botnet was sold to hundreds of other criminals, making it one of the most notorious in the world,” said FBI Director Robert S. Mueller, III. “These cyber intrusions, thefts, and frauds undermine the integrity of the Internet and the businesses that rely on it; they also threaten the privacy and pocketbooks of all who use the Internet.”
In February, the Spanish Guardia Civil arrested three suspected Mariposa Botnet operators: “Netkairo,” “Jonyloleante,” and “Ostiator,” aka Florencio Carro Ruiz, Jonathan Pazos Rivera, and Juan Jose Bellido Rios. These individuals are being prosecuted in Spain for computer crimes.
Last week, the Slovenian Criminal Police identified and arrested the Mariposa Botnet’s suspected creator, a 23-year-old Slovenian citizen known as “Iserdo.” The work of the Slovenian and Spanish authorities was integral to this investigation.
FBI Cyber Division Assistant Director Gordon M. Snow said: “This case shows the value of strong partnerships among law enforcement agencies worldwide in the fight against cyber criminals. Cyber crime knows no boundaries, and without international collaboration, our efforts to dismantle these operations would be impossible. The FBI praises the work of our Slovenian and Spanish partners who worked closely with our agents in this case.”
In a statement, Slovenian Minister of the Interior Katarina Kresal and Director General Janko Gorsek, Slovenian Criminal Police, said: “We are glad to cooperate with the United States; the FBI’s assistance is invaluable and represents professional affirmation of our force. This case shows that cyber crime issues call for international police cooperation that shouldn’t be hindered by geographical borders. The FBI has demonstrated a high level of collaboration in which our countries were equal partners, which was crucial for the success of the investigation and reducing the threat on a global level. This partnership serves as a solid basis for future cooperation.”
Maj. Juan Salom, commander of the Guardia Civil’s Cyber Crime Division, noted: “The Mariposa case showed how the coordinated and joint actions of different international police forces, along with the efforts of the Internet security industry, have been able to face the global threat of cyber crime,” he said. “The cyber kingpins know that they are not invincible anymore because the global efforts of the FBI, Slovenian Criminal Police, and Spanish Guardia Civil have shown that it doesn’t matter where or how they try to hide, they will be located and prosecuted.”
From 2008 to 2010, the Slovenian citizen created “Butterfly Bot” and sold it to other criminals worldwide. In turn, these criminals developed networks of infected computers—botnets—and the Mariposa variety from Spain was the most notorious and largest. In addition to selling the Butterfly Bot program, the Slovenian citizen developed customized versions for certain customers and created and sold plug-ins (add-ons) to augment the botnet’s features and functionality.
This case is significant because it targeted not only the operators of the botnet but also the creator of the malicious software that was used to build and operate it. The success of this investigation was made possible because of the skill, professionalism, and commitment of the Slovenian Criminal Police’s Cyber Crime Division and the Spanish Guardia Civil’s Computer Crimes Group.
The FBI conducted this investigation with the assistance of the United States Attorney’s Office, District of Hawaii, and the Department of Justice’s Computer Crime and Intellectual Property Section, Office of International Affairs, and the Botnet Threat Focus Cell. The FBI also received invaluable assistance from the Mariposa Working Group.
------
Community News You Can Use
www.fayettefrontpage.com
Fayette Front Page
www.georgiafrontpage.com
Georgia Front Page
Follow us on Twitter: @GAFrontPage
The Mariposa Botnet was built with a computer virus known as “Butterfly Bot” and was used to steal passwords for websites and financial institutions. It stole computer users’ credit card and bank account information, launched denial of service attacks, and spread viruses. Industry experts estimated the Mariposa Botnet may have infected as many as 8 million to 12 million computers.
“In the last two years, the software used to create the Mariposa botnet was sold to hundreds of other criminals, making it one of the most notorious in the world,” said FBI Director Robert S. Mueller, III. “These cyber intrusions, thefts, and frauds undermine the integrity of the Internet and the businesses that rely on it; they also threaten the privacy and pocketbooks of all who use the Internet.”
In February, the Spanish Guardia Civil arrested three suspected Mariposa Botnet operators: “Netkairo,” “Jonyloleante,” and “Ostiator,” aka Florencio Carro Ruiz, Jonathan Pazos Rivera, and Juan Jose Bellido Rios. These individuals are being prosecuted in Spain for computer crimes.
Last week, the Slovenian Criminal Police identified and arrested the Mariposa Botnet’s suspected creator, a 23-year-old Slovenian citizen known as “Iserdo.” The work of the Slovenian and Spanish authorities was integral to this investigation.
FBI Cyber Division Assistant Director Gordon M. Snow said: “This case shows the value of strong partnerships among law enforcement agencies worldwide in the fight against cyber criminals. Cyber crime knows no boundaries, and without international collaboration, our efforts to dismantle these operations would be impossible. The FBI praises the work of our Slovenian and Spanish partners who worked closely with our agents in this case.”
In a statement, Slovenian Minister of the Interior Katarina Kresal and Director General Janko Gorsek, Slovenian Criminal Police, said: “We are glad to cooperate with the United States; the FBI’s assistance is invaluable and represents professional affirmation of our force. This case shows that cyber crime issues call for international police cooperation that shouldn’t be hindered by geographical borders. The FBI has demonstrated a high level of collaboration in which our countries were equal partners, which was crucial for the success of the investigation and reducing the threat on a global level. This partnership serves as a solid basis for future cooperation.”
Maj. Juan Salom, commander of the Guardia Civil’s Cyber Crime Division, noted: “The Mariposa case showed how the coordinated and joint actions of different international police forces, along with the efforts of the Internet security industry, have been able to face the global threat of cyber crime,” he said. “The cyber kingpins know that they are not invincible anymore because the global efforts of the FBI, Slovenian Criminal Police, and Spanish Guardia Civil have shown that it doesn’t matter where or how they try to hide, they will be located and prosecuted.”
From 2008 to 2010, the Slovenian citizen created “Butterfly Bot” and sold it to other criminals worldwide. In turn, these criminals developed networks of infected computers—botnets—and the Mariposa variety from Spain was the most notorious and largest. In addition to selling the Butterfly Bot program, the Slovenian citizen developed customized versions for certain customers and created and sold plug-ins (add-ons) to augment the botnet’s features and functionality.
This case is significant because it targeted not only the operators of the botnet but also the creator of the malicious software that was used to build and operate it. The success of this investigation was made possible because of the skill, professionalism, and commitment of the Slovenian Criminal Police’s Cyber Crime Division and the Spanish Guardia Civil’s Computer Crimes Group.
The FBI conducted this investigation with the assistance of the United States Attorney’s Office, District of Hawaii, and the Department of Justice’s Computer Crime and Intellectual Property Section, Office of International Affairs, and the Botnet Threat Focus Cell. The FBI also received invaluable assistance from the Mariposa Working Group.
------
Community News You Can Use
www.fayettefrontpage.com
Fayette Front Page
www.georgiafrontpage.com
Georgia Front Page
Follow us on Twitter: @GAFrontPage
Sunday, July 4, 2010
Evaluate Appeals for Help from Friends Traveling Abroad with Caution
The Internet Crime Complaint Center continues to receive reports of individuals’ e-mail or social networking accounts being compromised and used in a social engineering scam to swindle consumers out of thousands of dollars.
Here’s how it works: Hackers infiltrate your social networking page, claim to be you, and write your contacts/friends. They portray themselves as “victims” who were robbed while traveling abroad and state they need money immediately because they don’t have a passport, money, credit cards, or cell phone and are stranded.
Some claim they only have a few days to pay their hotel bill and promise to reimburse costs upon their return home. Recipients may be tempted to respond to these appeals because they appear to be from a friend and there’s a sense of urgency to help.
If you receive a similar notice and aren’t sure if it is a scam, you should always verify the information before sending any money. If you have been a victim of this type of scam or any other cyber crime, report it to the IC3 website at www.IC3.gov.
The IC3’s database links complaints for potential referral to the appropriate law enforcement agency for case consideration. Complaint information is also used to identity emerging trends and patterns.
-----
www.fayettefrontpage.com
Fayette Front Page
www.georgiafrontpage.com
Georgia Front Page
Follow us on Twitter: @GAFrontPage
Here’s how it works: Hackers infiltrate your social networking page, claim to be you, and write your contacts/friends. They portray themselves as “victims” who were robbed while traveling abroad and state they need money immediately because they don’t have a passport, money, credit cards, or cell phone and are stranded.
Some claim they only have a few days to pay their hotel bill and promise to reimburse costs upon their return home. Recipients may be tempted to respond to these appeals because they appear to be from a friend and there’s a sense of urgency to help.
If you receive a similar notice and aren’t sure if it is a scam, you should always verify the information before sending any money. If you have been a victim of this type of scam or any other cyber crime, report it to the IC3 website at www.IC3.gov.
The IC3’s database links complaints for potential referral to the appropriate law enforcement agency for case consideration. Complaint information is also used to identity emerging trends and patterns.
-----
www.fayettefrontpage.com
Fayette Front Page
www.georgiafrontpage.com
Georgia Front Page
Follow us on Twitter: @GAFrontPage
Monday, June 21, 2010
Fraudulent Telephone Calls Allowing Fraudsters Access to Consumer Financial and Brokerage Accounts
The FBI Newark Divisionreleased a warning to consumers concerning a new scheme using telecommunicationsdenial-of-service (TDoS)attacks.
The FBI determined fraudsters compromised victim accounts and contacted financial
institutions to change the victim profile information (i.e. email addresses, telephone
numbers and bank account numbers).
The TDoS attacks used automated dialing programs and multiple accounts to overwhelm
victims' cell phones and land lines with thousands of calls. When victims answered
the calls they heard dead air (nothing on the other end), an innocuous recorded
message, advertisement, or a telephone sex menu. Calls were typically short in duration
but so numerous that victims changed their phone numbers to terminate the attack.
These TDoS attacks were used as a diversion to prevent financial and brokerage institutions
from verifying victim account changes and transactions. Fraudsters were afforded
adequate time to transfer funds from victim brokerage and financial online accounts.
Protection from TDoS attacks and other types of fraud requires consumers to be vigilant
and proactive. In Newark’s Public Service Announcement (PSA),
they recommend consumers protect themselves by:
* Implement security measures for all financial accounts by placing fraud alerts with
the major credit bureaus if you believe they were targeted by a TDoS attack or other
forms of fraud.
* Use strong passwords for all financial accounts and change them regularly.
* Obtain and review your annual credit report for fraudulent activity.
If you were a target of a TDoS attack, immediately contact your financial institutions,
notify your telephone provider, and promptly report it to the IC3 website at: www.IC3.gov. The IC3 complaint database links complaints to assist in referrals to the appropriate law enforcement agency for
case consideration. The complaint information is also used to identity emerging
trends and patterns.
-----
www.fayettefrontpage.com
Fayette Front Page
www.georgiafrontpage.com
Georgia Front Page
Follow us on Twitter: @GAFrontPage
The FBI determined fraudsters compromised victim accounts and contacted financial
institutions to change the victim profile information (i.e. email addresses, telephone
numbers and bank account numbers).
The TDoS attacks used automated dialing programs and multiple accounts to overwhelm
victims' cell phones and land lines with thousands of calls. When victims answered
the calls they heard dead air (nothing on the other end), an innocuous recorded
message, advertisement, or a telephone sex menu. Calls were typically short in duration
but so numerous that victims changed their phone numbers to terminate the attack.
These TDoS attacks were used as a diversion to prevent financial and brokerage institutions
from verifying victim account changes and transactions. Fraudsters were afforded
adequate time to transfer funds from victim brokerage and financial online accounts.
Protection from TDoS attacks and other types of fraud requires consumers to be vigilant
and proactive. In Newark’s Public Service Announcement (PSA),
they recommend consumers protect themselves by:
* Implement security measures for all financial accounts by placing fraud alerts with
the major credit bureaus if you believe they were targeted by a TDoS attack or other
forms of fraud.
* Use strong passwords for all financial accounts and change them regularly.
* Obtain and review your annual credit report for fraudulent activity.
If you were a target of a TDoS attack, immediately contact your financial institutions,
notify your telephone provider, and promptly report it to the IC3 website at: www.IC3.gov. The IC3 complaint database links complaints to assist in referrals to the appropriate law enforcement agency for
case consideration. The complaint information is also used to identity emerging
trends and patterns.
-----
www.fayettefrontpage.com
Fayette Front Page
www.georgiafrontpage.com
Georgia Front Page
Follow us on Twitter: @GAFrontPage
Wednesday, May 12, 2010
Remington Financial Group Chairman Issues 'Email Fraud Warning,' Alerts FBI
/PRNewswire/ -- Chairman and founder of Remington Financial Group, Andy Bogdanoff, has alerted the FBI and other law enforcement agencies that an email scam is falsely using Remington's name to gain private information that may be used in identity theft.
In making the announcement, Bogdanoff emphasized that none of Remington's customer data had been breached by what appears to be a 'copycat email' scam similar to those that attempted to victimize bank and credit card customers in the past.
Remington is a national financial services company, specializing in providing commercial real estate owners and developers with access to needed capital. Since 1993, Remington has arranged more than $5 billion in financing for all types of commercial property.
Remington uncovered the "phishing" scheme through routine monitoring of the Internet for potential fraud activity. "In keeping with Remington's fraud policy," Bogdanoff said, "we referred the data we collected to the appropriate law enforcement agencies, including the Federal Bureau of Investigation and appropriate state and local authorities."
Earlier in the year, Remington implemented what is believed to be the most comprehensive and stringent fraud policy in the financial services industry. At the time, Bogdanoff called on others in the industry to "shore up" their fraud policies and to rectify any deficiencies. "By doing so," Bogdanoff said, "the financial services industry can help regain public confidence and trust, which has been sorely tested by recent scandals."
The Remington Financial Group Fraud Policy includes strict monitoring controls and rigorous due diligence procedures designed to protect the integrity of the company and the interests of every person and entity involved in Remington activities.
"My hope is that Remington's Fraud Policy will become the 'gold standard' throughout the industry," Bogdanoff said. "At Remington, our goal is clear: To be super-vigilant against even the hint of fraudulent or other inappropriate activity by any employee, customer or lender associated with Remington. Any such behavior will not be tolerated. And any violation of this policy will be met with swift and appropriate disciplinary or legal action," Bogdanoff said.
-----
www.fayettefrontpage.com
Fayette Front Page
www.georgiafrontpage.com
Georgia Front Page
Follow us on Twitter: @GAFrontPage
In making the announcement, Bogdanoff emphasized that none of Remington's customer data had been breached by what appears to be a 'copycat email' scam similar to those that attempted to victimize bank and credit card customers in the past.
Remington is a national financial services company, specializing in providing commercial real estate owners and developers with access to needed capital. Since 1993, Remington has arranged more than $5 billion in financing for all types of commercial property.
Remington uncovered the "phishing" scheme through routine monitoring of the Internet for potential fraud activity. "In keeping with Remington's fraud policy," Bogdanoff said, "we referred the data we collected to the appropriate law enforcement agencies, including the Federal Bureau of Investigation and appropriate state and local authorities."
Earlier in the year, Remington implemented what is believed to be the most comprehensive and stringent fraud policy in the financial services industry. At the time, Bogdanoff called on others in the industry to "shore up" their fraud policies and to rectify any deficiencies. "By doing so," Bogdanoff said, "the financial services industry can help regain public confidence and trust, which has been sorely tested by recent scandals."
The Remington Financial Group Fraud Policy includes strict monitoring controls and rigorous due diligence procedures designed to protect the integrity of the company and the interests of every person and entity involved in Remington activities.
"My hope is that Remington's Fraud Policy will become the 'gold standard' throughout the industry," Bogdanoff said. "At Remington, our goal is clear: To be super-vigilant against even the hint of fraudulent or other inappropriate activity by any employee, customer or lender associated with Remington. Any such behavior will not be tolerated. And any violation of this policy will be met with swift and appropriate disciplinary or legal action," Bogdanoff said.
-----
www.fayettefrontpage.com
Fayette Front Page
www.georgiafrontpage.com
Georgia Front Page
Follow us on Twitter: @GAFrontPage
Friday, March 12, 2010
National Center for Disaster Fraud to Coordinate Haitian and Chilean Fraud Complaints
Shortly after the earthquake in Haiti last January, the FBI and the National Center for Disaster Fraud (NCDF) established a telephone hotline to report suspected fraud associated with relief efforts. That number, (866) 720-5721, was initially staffed for the purpose of reporting suspected scams being perpetrated by criminals in the aftermath of the Haitian earthquake.
Since then with the recent earthquake in Chile our efforts have expanded to identify similar fraud activity coming out of that disaster. Therefore the public is encouraged to call this same number (866) 720-5721 to report suspected fraud from either disaster. The telephone line is staffed by a live operator 24 hours a day, seven days a week. Additionally, e-mail information can be directly sent to disaster@leo.gov.
The National Center for Disaster Fraud was originally established by the Department of Justice to investigate, prosecute, and deter fraud in the wake of Hurricane Katrina, when billions of dollars in federal disaster relief poured into the Gulf Coast Region. Now, its mission has expanded to include suspected fraud from any natural or manmade disaster. More than 20 federal agencies, including the
FBI, participate in the NCDF, allowing the center to act as a centralized clearinghouse of information related to Haitian or Chilean Relief Fraud.
The FBI continues to remind the public to apply a critical eye and do their due diligence before giving contributions to anyone soliciting donations on behalf of Haitian or Chilean victims. Solicitations can originate from e-mails, websites, door-to-door collections, mailings and telephone calls, and similar methods.
Therefore, before making a donation of any kind, consumers should adhere to certain guidelines, including the following:
* Do not respond to unsolicited (spam) incoming e-mails, including clicking links
contained within those messages because they may contain computer viruses.
* Be skeptical of individuals representing themselves as surviving victims or officials
asking for donations via e-mail or social networking sites.
* Beware of organizations with copy-cat names similar to but not exactly the same
as those of reputable charities.
* Rather than following a purported link to a website, verify the legitimacy of non-profit
organizations by utilizing various Internet-based resources that may assist in confirming
the group's existence and its non-profit status.
* Be cautious of e-mails that claim to show pictures of the disaster areas in attached
files because the files may contain viruses. Only open attachments from known senders.
* To ensure contributions are received and used for intended purposes, make contributions
directly to known organizations rather than relying on others to make the donation
on your behalf.
* Do not be pressured into making contributions, as reputable charities do not use
such tactics.
* Do not give your personal or financial information to anyone who solicits contributions.
Providing such information may compromise your identity and make you vulnerable
to identity theft.
* Avoid cash donations if possible. Pay by debit or credit card, or write a check
directly to the charity. Do not make checks payable to individuals.
* Legitimate charities do not normally solicit donations via money transfer services.
* Most legitimate charities websites end in .org rather than .com.
* There are scams targeting Haitian immigrants and their families offering assistance
in getting family members and friends out of Haiti. These individuals charge a fee
and then claim they will provide the necessary immigration paperwork or an airline
ticket for disaster victims to leave Haiti. For official information pertaining
to immigration from Haiti to the U.S., visit the U.S. Citizenship and Immigration
Services (USCIS) website at www.USCIS.gov.
If you believe you have been a victim of fraud from someone or an organization soliciting
relief on behalf of Haitian or Chilean earthquake victims, contact the National Center for Disaster Fraud at (866) 720-5721. You can also fax information to fax (225) 334-4707 or e-mail it to disaster@leo.gov.
You can also report suspicious e-mail solicitations or fraudulent websites to the FBI's Internet Crime Complaint Center at www.ic3.gov.
------
www.fayettefrontpage.com
Fayette Front Page
www.georgiafrontpage.com
Georgia Front Page
Follow us on Twitter: @GAFrontPage
Since then with the recent earthquake in Chile our efforts have expanded to identify similar fraud activity coming out of that disaster. Therefore the public is encouraged to call this same number (866) 720-5721 to report suspected fraud from either disaster. The telephone line is staffed by a live operator 24 hours a day, seven days a week. Additionally, e-mail information can be directly sent to disaster@leo.gov.
The National Center for Disaster Fraud was originally established by the Department of Justice to investigate, prosecute, and deter fraud in the wake of Hurricane Katrina, when billions of dollars in federal disaster relief poured into the Gulf Coast Region. Now, its mission has expanded to include suspected fraud from any natural or manmade disaster. More than 20 federal agencies, including the
FBI, participate in the NCDF, allowing the center to act as a centralized clearinghouse of information related to Haitian or Chilean Relief Fraud.
The FBI continues to remind the public to apply a critical eye and do their due diligence before giving contributions to anyone soliciting donations on behalf of Haitian or Chilean victims. Solicitations can originate from e-mails, websites, door-to-door collections, mailings and telephone calls, and similar methods.
Therefore, before making a donation of any kind, consumers should adhere to certain guidelines, including the following:
* Do not respond to unsolicited (spam) incoming e-mails, including clicking links
contained within those messages because they may contain computer viruses.
* Be skeptical of individuals representing themselves as surviving victims or officials
asking for donations via e-mail or social networking sites.
* Beware of organizations with copy-cat names similar to but not exactly the same
as those of reputable charities.
* Rather than following a purported link to a website, verify the legitimacy of non-profit
organizations by utilizing various Internet-based resources that may assist in confirming
the group's existence and its non-profit status.
* Be cautious of e-mails that claim to show pictures of the disaster areas in attached
files because the files may contain viruses. Only open attachments from known senders.
* To ensure contributions are received and used for intended purposes, make contributions
directly to known organizations rather than relying on others to make the donation
on your behalf.
* Do not be pressured into making contributions, as reputable charities do not use
such tactics.
* Do not give your personal or financial information to anyone who solicits contributions.
Providing such information may compromise your identity and make you vulnerable
to identity theft.
* Avoid cash donations if possible. Pay by debit or credit card, or write a check
directly to the charity. Do not make checks payable to individuals.
* Legitimate charities do not normally solicit donations via money transfer services.
* Most legitimate charities websites end in .org rather than .com.
* There are scams targeting Haitian immigrants and their families offering assistance
in getting family members and friends out of Haiti. These individuals charge a fee
and then claim they will provide the necessary immigration paperwork or an airline
ticket for disaster victims to leave Haiti. For official information pertaining
to immigration from Haiti to the U.S., visit the U.S. Citizenship and Immigration
Services (USCIS) website at www.USCIS.gov.
If you believe you have been a victim of fraud from someone or an organization soliciting
relief on behalf of Haitian or Chilean earthquake victims, contact the National Center for Disaster Fraud at (866) 720-5721. You can also fax information to fax (225) 334-4707 or e-mail it to disaster@leo.gov.
You can also report suspicious e-mail solicitations or fraudulent websites to the FBI's Internet Crime Complaint Center at www.ic3.gov.
------
www.fayettefrontpage.com
Fayette Front Page
www.georgiafrontpage.com
Georgia Front Page
Follow us on Twitter: @GAFrontPage
Wednesday, March 10, 2010
Rental and Real Estate Scams
Individuals need to be cautious when posting rental properties and real estate on-line.
The IC3 continues to receive numerous complaints from individuals who have fallen
victim to scams involving rentals of apartments and houses, as well as postings
of real estate on-line.
Rental scams occur when the victim has rental property advertised and is contacted
by an interested party. Once the rental price is agreed-upon, the scammer forwards
a check for the deposit on the rental property to the victim. The check is to cover
housing expenses and is, either written in excess of the amount required, with the
scammer asking for the remainder to be remitted back, or the check is written for
the correct amount, but the scammer backs out of the rental agreement and asks for
a refund. Since the banks do not usually place a hold on the funds, the victim has
immediate access to them and believes the check has cleared. In the end, the check
is found to be counterfeit and the victim is held responsible by the bank for all
losses.
Another type of scam involves real estate that is posted via classified advertisement
websites. The scammer duplicates postings from legitimate real estate websites and
reposts these ads, after altering them. Often, the scammers use the broker's real
name to create a fake email, which gives the fraud more legitimacy. When the victim
sends an email through the classified advertisement website inquiring about the
home, they receive a response from someone claiming to be the owner. The "owner"
claims he and his wife are currently on missionary work in a foreign country. Therefore,
he needs someone to rent their home while they are away. If the victim is interested
in renting the home, they are asked to send money to the owner in the foreign country.
If you have been a victim of Internet crime, please file a complaint at
http://www.IC3.gov/.
-----
www.fayettefrontpage.com
Fayette Front Page
www.georgiafrontpage.com
Georgia Front Page
Follow us on Twitter: @GAFrontPage
The IC3 continues to receive numerous complaints from individuals who have fallen
victim to scams involving rentals of apartments and houses, as well as postings
of real estate on-line.
Rental scams occur when the victim has rental property advertised and is contacted
by an interested party. Once the rental price is agreed-upon, the scammer forwards
a check for the deposit on the rental property to the victim. The check is to cover
housing expenses and is, either written in excess of the amount required, with the
scammer asking for the remainder to be remitted back, or the check is written for
the correct amount, but the scammer backs out of the rental agreement and asks for
a refund. Since the banks do not usually place a hold on the funds, the victim has
immediate access to them and believes the check has cleared. In the end, the check
is found to be counterfeit and the victim is held responsible by the bank for all
losses.
Another type of scam involves real estate that is posted via classified advertisement
websites. The scammer duplicates postings from legitimate real estate websites and
reposts these ads, after altering them. Often, the scammers use the broker's real
name to create a fake email, which gives the fraud more legitimacy. When the victim
sends an email through the classified advertisement website inquiring about the
home, they receive a response from someone claiming to be the owner. The "owner"
claims he and his wife are currently on missionary work in a foreign country. Therefore,
he needs someone to rent their home while they are away. If the victim is interested
in renting the home, they are asked to send money to the owner in the foreign country.
If you have been a victim of Internet crime, please file a complaint at
http://www.IC3.gov/.
-----
www.fayettefrontpage.com
Fayette Front Page
www.georgiafrontpage.com
Georgia Front Page
Follow us on Twitter: @GAFrontPage
Friday, December 11, 2009
Pop-up Advertisements Offering Anti-virus Software Pose Threat to Internet Users
An ongoing threat exists for computer users who, while browsing the Internet, began receiving pop-up security warnings that state their computers are infected with numerous viruses.
These pop-ups known as scareware, fake, or rogue anti-virus software look authentic and may even display what appears to be real-time anti-virus scanning of the user's hard drive. The scareware will show a list of reputable software icons; however, the user cannot click a link to go
to the actual site to review or see recommendations.
The scareware is intimidating to most users and extremely aggressive in its attempt to lure the user into purchasing the rogue software that will allegedly remove the viruses from their computer. It is possible that these threats are received as a result of clicking on advertisements contained on a website. Cyber criminals use botnets to push the software and use advertisements on websites to deliver it. This is known as malicious advertising or malvertising.
Once the pop-up appears it cannot be easily closed by clicking "close" or the "X" button. If the user clicks on the pop-up to purchase the software, a form is provided that collects payment information and the user is charged for the bogus product. In some instances, whether the user clicks on the pop-up or not, the scareware can install malicious code onto the computer. By running your computer with an account that has rights to install software, this issue is more likely to occur.
Downloading the software could result in viruses, Trojans and/or keyloggers being installed on the user's computer. The repercussions of downloading the malicious software could prove further financial loss to the victim due to computer repair, as well as, cost to the user and/or financial institutions due to identity theft.
The assertive tactics of the scareware has caused significant losses to users. The FBI is aware of an estimated loss to victims in excess of $150 million.
Be cautious — cyber criminals use easy to remember names and associate them with known applications. Beware of pop-ups that are offering a variation of recognized security software. It is recommended that the user research the exact name of the software being offered.
Take precautions to ensure operating systems are updated and security software is current.
If a user receives these anti-virus pop-ups, it is recommended to close the browser or shut the system down. It is suggested that the user run a full, anti-virus scan whenever the computer is turned back on.
If you have experienced the anti-virus pop-ups or a similar scam, please notify the IC3 by filing a complaint at www.IC3.gov.
----
www.fayettefrontpage.com
Fayette Front Page
www.georgiafrontpage.com
Georgia Front Page
These pop-ups known as scareware, fake, or rogue anti-virus software look authentic and may even display what appears to be real-time anti-virus scanning of the user's hard drive. The scareware will show a list of reputable software icons; however, the user cannot click a link to go
to the actual site to review or see recommendations.
The scareware is intimidating to most users and extremely aggressive in its attempt to lure the user into purchasing the rogue software that will allegedly remove the viruses from their computer. It is possible that these threats are received as a result of clicking on advertisements contained on a website. Cyber criminals use botnets to push the software and use advertisements on websites to deliver it. This is known as malicious advertising or malvertising.
Once the pop-up appears it cannot be easily closed by clicking "close" or the "X" button. If the user clicks on the pop-up to purchase the software, a form is provided that collects payment information and the user is charged for the bogus product. In some instances, whether the user clicks on the pop-up or not, the scareware can install malicious code onto the computer. By running your computer with an account that has rights to install software, this issue is more likely to occur.
Downloading the software could result in viruses, Trojans and/or keyloggers being installed on the user's computer. The repercussions of downloading the malicious software could prove further financial loss to the victim due to computer repair, as well as, cost to the user and/or financial institutions due to identity theft.
The assertive tactics of the scareware has caused significant losses to users. The FBI is aware of an estimated loss to victims in excess of $150 million.
Be cautious — cyber criminals use easy to remember names and associate them with known applications. Beware of pop-ups that are offering a variation of recognized security software. It is recommended that the user research the exact name of the software being offered.
Take precautions to ensure operating systems are updated and security software is current.
If a user receives these anti-virus pop-ups, it is recommended to close the browser or shut the system down. It is suggested that the user run a full, anti-virus scan whenever the computer is turned back on.
If you have experienced the anti-virus pop-ups or a similar scam, please notify the IC3 by filing a complaint at www.IC3.gov.
----
www.fayettefrontpage.com
Fayette Front Page
www.georgiafrontpage.com
Georgia Front Page
Wednesday, November 18, 2009
Spear Phishing E-mails Target U.S. Law Firms and Public Relations Firms
The FBI assesses with high confidence that hackers are using spear phishing e-mails with malicious payloads to exploit U.S. law firms and public relations firms. During the course of ongoing investigations, the FBI identified noticeable increases in computer exploitation attempts against these entities.
The specific intrusion vector used against the firms is a spear phishing or targeted socially engineered e-mail designed to compromise a network by bypassing technological network defenses and exploiting the person at the keyboard. Hackers exploit the ability of end users to launch the malicious payloads from within the network by attaching a file to the message or including a link to the domain housing the file and enticing users to click the attachment or link.
Network defense against these attacks is difficult as the subject lines are spoofed, or crafted, in such a way to uniquely engage recipients with content appropriate to their specific business interests. In addition to appearing to originate from a trusted source based on the relevance of the subject line, the attachment name and message body are also crafted to associate with the same specific business interests. Opening a message will not directly compromise the system or network because the malicious payload lies in the attachment or linked domain. Infection occurs once someone opens the attachment or clicks the link, which launches a self-executing file and, through a variety of malicious processes, attempts to download another file.
Indicators are unreliable to flag in-bound messages; however, indicators are available to determine an existing compromise. Once executed, the malicious payload will attempt to download and execute the file ‘srhost.exe’ from the domain ‘http://d.ueopen.com’; e.g. http://d.ueopen.com/srhost.exe. Any traffic associated with ‘ueopen.com’ should be considered as an indication of an existing network compromise and addressed appropriately.
The malicious file does not necessarily appear as an ‘exe’ file in each incident. On occasion, the self-executing file has appeared as other file types, e.g., ‘.zip’, ‘.jpeg’, etc.
Please contact your local field office if you experience this network activity and direct incident response notifications to DHS and U.S. CERT.
-----
www.fayettefrontpage.com
Fayette Front Page
www.georgiafrontpage.com
Georgia Front Page
The specific intrusion vector used against the firms is a spear phishing or targeted socially engineered e-mail designed to compromise a network by bypassing technological network defenses and exploiting the person at the keyboard. Hackers exploit the ability of end users to launch the malicious payloads from within the network by attaching a file to the message or including a link to the domain housing the file and enticing users to click the attachment or link.
Network defense against these attacks is difficult as the subject lines are spoofed, or crafted, in such a way to uniquely engage recipients with content appropriate to their specific business interests. In addition to appearing to originate from a trusted source based on the relevance of the subject line, the attachment name and message body are also crafted to associate with the same specific business interests. Opening a message will not directly compromise the system or network because the malicious payload lies in the attachment or linked domain. Infection occurs once someone opens the attachment or clicks the link, which launches a self-executing file and, through a variety of malicious processes, attempts to download another file.
Indicators are unreliable to flag in-bound messages; however, indicators are available to determine an existing compromise. Once executed, the malicious payload will attempt to download and execute the file ‘srhost.exe’ from the domain ‘http://d.ueopen.com’; e.g. http://d.ueopen.com/srhost.exe. Any traffic associated with ‘ueopen.com’ should be considered as an indication of an existing network compromise and addressed appropriately.
The malicious file does not necessarily appear as an ‘exe’ file in each incident. On occasion, the self-executing file has appeared as other file types, e.g., ‘.zip’, ‘.jpeg’, etc.
Please contact your local field office if you experience this network activity and direct incident response notifications to DHS and U.S. CERT.
-----
www.fayettefrontpage.com
Fayette Front Page
www.georgiafrontpage.com
Georgia Front Page
Tuesday, November 3, 2009
Fraudulent Automated Clearing House (ACH) Transfers Connected To Malware And Work-At-Home Scams
Within the last several months, the FBI has seen a significant increase in fraud involving the exploitation of valid online banking credentials belonging to small and medium businesses, municipal governments, and school districts. In a typical scenario, the targeted
entity receives a "spear phishing" email which either contains an infected attachment, or directs the recipient to an infected web site. Once the recipient opens the attachment or visits the web site, malware is installed on their computer. The malware contains a key logger which will harvest the recipients business or corporate bank account log-in information. Shortly thereafter, the perpetrator either creates another user account with the stolen log-in information, or directly initiates funds transfers by masquerading as the legitimate user. These transfers have occurred as both traditional wire transfers and as ACH transfers.
Further reporting has shown that the transfers are directed to the bank accounts of willing or unwitting individuals within the United States. Most of these individuals have been recruited via work-at-home advertisements, or have been contacted after placing resumes on well-known job search web sites. These persons are often hired to "process payments", or "transfer funds". They are told they will receive wire transfers into their bank accounts. Shortly after funds are received, they are directed to immediately forward most of the money overseas via wire transfer services such as Western Union and Moneygram.
Customers who use online banking services are advised to contact their financial institution to ensure they are employing all the appropriate security and fraud prevention services their institution offers.
The United States Computer Emergency Readiness Team (US-CERT) has made information on banking securely online available at
http://www.us-cert.gov/reading_room/Banking_Securely_Online07102006.pdf.
Protecting your computer against malicious software is an ongoing activity and, at minimum, all computer systems need to be regularly patched, have up to date anti-virus software, and a personal firewall installed. Further information is available at
http://www.us-cert.gov/nav/nt01/.
If you have experienced unauthorized funds transfers from your bank accounts, or if you have been recruited via a work-at-home opportunity to receive transfers and forward money overseas, please notify the IC3 by filing a complaint at www.IC3.gov.
-----
www.fayettefrontpage.com
Fayette Front Page
www.georgiafrontpage.com
Georgia Front Page
www.artsacrossgeorgia.com
Arts Across Georgia
entity receives a "spear phishing" email which either contains an infected attachment, or directs the recipient to an infected web site. Once the recipient opens the attachment or visits the web site, malware is installed on their computer. The malware contains a key logger which will harvest the recipients business or corporate bank account log-in information. Shortly thereafter, the perpetrator either creates another user account with the stolen log-in information, or directly initiates funds transfers by masquerading as the legitimate user. These transfers have occurred as both traditional wire transfers and as ACH transfers.
Further reporting has shown that the transfers are directed to the bank accounts of willing or unwitting individuals within the United States. Most of these individuals have been recruited via work-at-home advertisements, or have been contacted after placing resumes on well-known job search web sites. These persons are often hired to "process payments", or "transfer funds". They are told they will receive wire transfers into their bank accounts. Shortly after funds are received, they are directed to immediately forward most of the money overseas via wire transfer services such as Western Union and Moneygram.
Customers who use online banking services are advised to contact their financial institution to ensure they are employing all the appropriate security and fraud prevention services their institution offers.
The United States Computer Emergency Readiness Team (US-CERT) has made information on banking securely online available at
http://www.us-cert.gov/reading_room/Banking_Securely_Online07102006.pdf.
Protecting your computer against malicious software is an ongoing activity and, at minimum, all computer systems need to be regularly patched, have up to date anti-virus software, and a personal firewall installed. Further information is available at
http://www.us-cert.gov/nav/nt01/.
If you have experienced unauthorized funds transfers from your bank accounts, or if you have been recruited via a work-at-home opportunity to receive transfers and forward money overseas, please notify the IC3 by filing a complaint at www.IC3.gov.
-----
www.fayettefrontpage.com
Fayette Front Page
www.georgiafrontpage.com
Georgia Front Page
www.artsacrossgeorgia.com
Arts Across Georgia
Monday, October 5, 2009
Fraudulent e-mail claiming to contain an FBI Intelligence Bulletin from the Weapons of Mass Destruction Directorate
A fraudulent e-mail, initially appearing around June 16, 2009, claims to contain a confidential FBI report from the FBI "Weapons of Mass Destruction Directorate." The subject line of the email is "RE: Weapons of Mass Destruction Directorate," and contains an attachment "reports.exe". This message and similar messages may contain a file related to the "W32.Waledac" trojan software, which is designed to steal user authentication credentials or send spam messages.
Do not click on any links associated with this e-mail or similar e-mails, it is a hoax.
The FBI does not send unsolicited e-mails or e-mail official reports. Consumers should not respond to any unsolicited e-mails or click on any embedded links, as they may contain viruses or malicious software.
Below is an example of the fraudulent e-mail message:
CLASSIFIED
FEDERAL BUREAU OF INVESTIGATION
INTELLIGENCE BULLETIN
Weapons of Mass Destruction Directorate
HANDLING NOTICE: Recipients are reminded that FBI Intelligence Bulletins contain sensitive terrorism and counterterrorism information meant for use primarily within the law enforcement and homeland security communities. Such bulletins shall not be released, either in written or oral form, to the media, the general public, or other personnel who do not have a valid need-to-know without prior approval from an authorized FBI official, as such release could jeopardize national security.
Link to malicious software (report.exe)
If you have been a victim of Internet crime, please file a complaint at www.IC3.gov.
-----
www.fayettefrontpage.com
Fayette Front Page
www.georgiafrontpage.com
Georgia Front Page
Do not click on any links associated with this e-mail or similar e-mails, it is a hoax.
The FBI does not send unsolicited e-mails or e-mail official reports. Consumers should not respond to any unsolicited e-mails or click on any embedded links, as they may contain viruses or malicious software.
Below is an example of the fraudulent e-mail message:
CLASSIFIED
FEDERAL BUREAU OF INVESTIGATION
INTELLIGENCE BULLETIN
Weapons of Mass Destruction Directorate
HANDLING NOTICE: Recipients are reminded that FBI Intelligence Bulletins contain sensitive terrorism and counterterrorism information meant for use primarily within the law enforcement and homeland security communities. Such bulletins shall not be released, either in written or oral form, to the media, the general public, or other personnel who do not have a valid need-to-know without prior approval from an authorized FBI official, as such release could jeopardize national security.
Link to malicious software (report.exe)
If you have been a victim of Internet crime, please file a complaint at www.IC3.gov.
-----
www.fayettefrontpage.com
Fayette Front Page
www.georgiafrontpage.com
Georgia Front Page
Monday, August 17, 2009
Businesses Beware Of Mass Marketing Scams
Almost everyone has heard horror stories about individuals who have been taken in by mass marketing fraud schemes—from phony sweepstakes to lottery scams. But here’s something you may not know: the very same fraudsters who target individual consumers also target businesses.
Illicit mass marketers know that the keepers of corporate funds may be just as susceptible to fake ploys as anyone else. And while business-oriented fraud usually results in losses of a few hundreds dollars the first time a company is hit, employees may continue to fall victim to these scams if the company has insufficient internal controls.
So what sort of mass marketing frauds are perpetrated against businesses? Here are just a few examples of what might happen to your companies:
* Masquerading as your usual office supplies provider, a fraudulent mass marketer contacts your employees, offering products at reduced or current prices in anticipation of impending rate increases. After paying the invoice, your company never receives the supplies it purchased.
* Your organization is asked to buy ad space in a business directory. The directory never sees the light of day, or only scammed companies like yours receive a copy.
* Criminals send invoices for unordered or undelivered products showing higher-than-agreed-upon prices, trying to exploit poor communication channels that may exist in your company and hoping that phony invoices will be paid without a second look.
* Your business receives an information packet offering to create and host your website. The packet includes a card that must be returned in order to “opt out” of the service, but the card is simply ignored or thrown out. Your company is then billed for web services it never ordered.
* In a variation of the advance-fee scheme that often targets individual consumers, perpetrators—usually targeting small businesses—offer low interest loans in exchange for an advance fee. You pay the fee, but your business never receives the loan.
While the FBI and other law enforcement agencies vigorously investigate frauds of all kinds, there are steps your businesses can take to protect themselves. For example:
* Educate yourself and your employees—especially frontline and accounts payable and receivable personnel—about common fraud schemes;
* Always ask for offers in writing, and require a written contract or purchase order for ANY transaction;
* Carefully review all invoices and compare them to expense records to make sure they are legitimate (and keep all records!);
* Use a credit card for purchasing supplies and services (if the vendor fails to deliver, you can dispute the charges);
* Don’t give out full names of employees, as fraudsters can obtain an employee’s name and then later claim this individual authorized the purchase of a product or service; and
* Be wary of accepting checks, because in some cases perpetrators have conducted a series of smaller, legitimate transactions to enhance their credibility and then used a counterfeit check to pay for a large order.
If you suspect you’ve been scammed, file a complaint with the Federal Trade Commission’s Consumer Sentinel, a database accessed by law enforcement agencies around the country. You can also contact your local FBI office.
-----
www.fayettefrontpage.com
Fayette Front Page
www.georgiafrontpage.com
Georgia Front Page
www.artsacrossgeorgia.com
Arts Across Georgia
Illicit mass marketers know that the keepers of corporate funds may be just as susceptible to fake ploys as anyone else. And while business-oriented fraud usually results in losses of a few hundreds dollars the first time a company is hit, employees may continue to fall victim to these scams if the company has insufficient internal controls.
So what sort of mass marketing frauds are perpetrated against businesses? Here are just a few examples of what might happen to your companies:
* Masquerading as your usual office supplies provider, a fraudulent mass marketer contacts your employees, offering products at reduced or current prices in anticipation of impending rate increases. After paying the invoice, your company never receives the supplies it purchased.
* Your organization is asked to buy ad space in a business directory. The directory never sees the light of day, or only scammed companies like yours receive a copy.
* Criminals send invoices for unordered or undelivered products showing higher-than-agreed-upon prices, trying to exploit poor communication channels that may exist in your company and hoping that phony invoices will be paid without a second look.
* Your business receives an information packet offering to create and host your website. The packet includes a card that must be returned in order to “opt out” of the service, but the card is simply ignored or thrown out. Your company is then billed for web services it never ordered.
* In a variation of the advance-fee scheme that often targets individual consumers, perpetrators—usually targeting small businesses—offer low interest loans in exchange for an advance fee. You pay the fee, but your business never receives the loan.
While the FBI and other law enforcement agencies vigorously investigate frauds of all kinds, there are steps your businesses can take to protect themselves. For example:
* Educate yourself and your employees—especially frontline and accounts payable and receivable personnel—about common fraud schemes;
* Always ask for offers in writing, and require a written contract or purchase order for ANY transaction;
* Carefully review all invoices and compare them to expense records to make sure they are legitimate (and keep all records!);
* Use a credit card for purchasing supplies and services (if the vendor fails to deliver, you can dispute the charges);
* Don’t give out full names of employees, as fraudsters can obtain an employee’s name and then later claim this individual authorized the purchase of a product or service; and
* Be wary of accepting checks, because in some cases perpetrators have conducted a series of smaller, legitimate transactions to enhance their credibility and then used a counterfeit check to pay for a large order.
If you suspect you’ve been scammed, file a complaint with the Federal Trade Commission’s Consumer Sentinel, a database accessed by law enforcement agencies around the country. You can also contact your local FBI office.
-----
www.fayettefrontpage.com
Fayette Front Page
www.georgiafrontpage.com
Georgia Front Page
www.artsacrossgeorgia.com
Arts Across Georgia
Thursday, July 30, 2009
Online Rental Ads Could be Phony
You can’t believe your good fortune—you find a rental home in a nice area through a Craigslist classified ad at an unbelievably low rate. The landlord—who had to leave the country and travel to Nigeria—asks that you wire him two months’ worth of rent. You arrive at the home on the agreed-upon date, but there’s just one small problem—the house is not actually for rent and its owners know nothing about your agreement.
This latest scam being perpetrated by Nigerian criminals located halfway around the world has been seen in a number of U.S. states, perhaps in response to the current housing market—with fewer people buying, more people are renting.
share.gif
But it’s not really a new scam, just a variation of an old one. The so-called 419 scheme—named after the Nigerian penal code section under which this particular kind of fraud is prosecuted—has been around since the early 1980s. The common thread running through these kinds of scams? The victims are solicited by Nigerian criminals to transfer money out of the U.S. and into the criminals’ pockets…usually by being promised something in return. And these schemes are profitable, costing victims millions of dollars annually.
In South Carolina, the rental scam problem has become so prevalent that Columbia FBI Special Agent in Charge David Thomas recently issued a warning about it to homeowners and prospective renters, particularly in the Charleston, Columbia, and Hilton Head areas. The scam has also ensnared victims in Rhode Island, Illinois, Colorado, and California, among other states.
How exactly does the rental housing scam work? The criminals search websites that list homes for sale. They take the information in those ads—lock, stock, and barrel—and post it, with their own e-mail address, in an ad on Craigslist (without Craigslist’s consent or knowledge) under the housing rentals category. To sweeten the pot, the houses are almost always listed with below-market rental rates.
An interested party will contact the “homeowner” via e-mail, who usually explains that he or she had to leave the U.S. quickly because of some missionary or contract work in Africa. Victims are usually instructed to send money overseas—enough to cover the first and last month’s rent—via a wire transfer service (because the crooks know it can’t be traced once it gets picked up on the other end).
Renters might sometimes be asked to fill out credit applications asking for personal information like credit history, social security numbers, and work history. The Nigerian crooks can then use this info to commit identity fraud and steal even more money from their victims.
How to avoid being victimized:
* Only deal with landlords or renters who are local;
* Be suspicious if you’re asked to only use a wire transfer service;
* Beware of e-mail correspondence from the “landlord” that’s written in poor or broken English;
* Research the average rental rates in that area and be suspicious if the rate is significantly lower;
* Don’t give out personal information, like social security, bank account, or credit card numbers.
If you suspect a scam, have already been victimized, or know someone who has fallen victim to a scam, please report it to our Internet Crime Complaint Center to help us determine the extent of the problem.
-----
www.fayettefrontpage.com
Fayette Front Page
www.georgiafrontpage.com
Georgia Front Page
This latest scam being perpetrated by Nigerian criminals located halfway around the world has been seen in a number of U.S. states, perhaps in response to the current housing market—with fewer people buying, more people are renting.
share.gif
But it’s not really a new scam, just a variation of an old one. The so-called 419 scheme—named after the Nigerian penal code section under which this particular kind of fraud is prosecuted—has been around since the early 1980s. The common thread running through these kinds of scams? The victims are solicited by Nigerian criminals to transfer money out of the U.S. and into the criminals’ pockets…usually by being promised something in return. And these schemes are profitable, costing victims millions of dollars annually.
In South Carolina, the rental scam problem has become so prevalent that Columbia FBI Special Agent in Charge David Thomas recently issued a warning about it to homeowners and prospective renters, particularly in the Charleston, Columbia, and Hilton Head areas. The scam has also ensnared victims in Rhode Island, Illinois, Colorado, and California, among other states.
How exactly does the rental housing scam work? The criminals search websites that list homes for sale. They take the information in those ads—lock, stock, and barrel—and post it, with their own e-mail address, in an ad on Craigslist (without Craigslist’s consent or knowledge) under the housing rentals category. To sweeten the pot, the houses are almost always listed with below-market rental rates.
An interested party will contact the “homeowner” via e-mail, who usually explains that he or she had to leave the U.S. quickly because of some missionary or contract work in Africa. Victims are usually instructed to send money overseas—enough to cover the first and last month’s rent—via a wire transfer service (because the crooks know it can’t be traced once it gets picked up on the other end).
Renters might sometimes be asked to fill out credit applications asking for personal information like credit history, social security numbers, and work history. The Nigerian crooks can then use this info to commit identity fraud and steal even more money from their victims.
How to avoid being victimized:
* Only deal with landlords or renters who are local;
* Be suspicious if you’re asked to only use a wire transfer service;
* Beware of e-mail correspondence from the “landlord” that’s written in poor or broken English;
* Research the average rental rates in that area and be suspicious if the rate is significantly lower;
* Don’t give out personal information, like social security, bank account, or credit card numbers.
If you suspect a scam, have already been victimized, or know someone who has fallen victim to a scam, please report it to our Internet Crime Complaint Center to help us determine the extent of the problem.
-----
www.fayettefrontpage.com
Fayette Front Page
www.georgiafrontpage.com
Georgia Front Page
Wednesday, July 8, 2009
Fraudsters Continue to Exploit Telecommunications Relay Services
Over the last few years, the Internet Crime Complaint Center (IC3) has received thousands of complaints pertaining to scam artists using Telecommunications Relay Services (TRS) to defraud U.S. businesses and consumers. Under Title IV of the Americans with Disabilities Act, all telephone companies must provide TRS for individuals with hearing or speech impairments.
A new twist involves several recent reports of perpetrators of these schemes exploiting auto repair shops by using TRS to request services for a vehicle. The fraudster claims the vehicle has to be shipped to the shop and requests the repairs and shipping fees be charged to a credit card. The charges initially go through without any complications, but unbeknownst to the business, the credit card is fraudulent or stolen. The business is then directed to wire the money to the shipper to cover the shipping costs. After the money is wired, the business is notified of the fraudulent credit card and forced to bear the loss.
-----
www.fayettefrontpage.com
Fayette Front Page
www.georgiafrontpage.com
Georgia Front Page
A new twist involves several recent reports of perpetrators of these schemes exploiting auto repair shops by using TRS to request services for a vehicle. The fraudster claims the vehicle has to be shipped to the shop and requests the repairs and shipping fees be charged to a credit card. The charges initially go through without any complications, but unbeknownst to the business, the credit card is fraudulent or stolen. The business is then directed to wire the money to the shipper to cover the shipping costs. After the money is wired, the business is notified of the fraudulent credit card and forced to bear the loss.
-----
www.fayettefrontpage.com
Fayette Front Page
www.georgiafrontpage.com
Georgia Front Page
Wednesday, June 10, 2009
Asian Extortion Scheme
The FBI is currently aware of a nationwide attempt to extort ethnic business owners, mostly
of Asian decent, through telephonic threats of violence. The telephone calls appear to be originating from foreign countries. The caller acquires an adequate amount of open source information about the victim through Internet searches. This misleads the victim into believing the subject has personal knowledge about the victim. There have been no reported incidents of violence actually perpetrated to date.
Individuals who receive phone calls or e-mails containing threats of violence and their personally identifiable information (PII) are encouraged to contact law enforcement as well as file a complaint at www.IC3.gov.
-----
www.fayettefrontpage.com
Fayette Front Page
www.georgiafrontpage.com
Georgia Front Page
of Asian decent, through telephonic threats of violence. The telephone calls appear to be originating from foreign countries. The caller acquires an adequate amount of open source information about the victim through Internet searches. This misleads the victim into believing the subject has personal knowledge about the victim. There have been no reported incidents of violence actually perpetrated to date.
Individuals who receive phone calls or e-mails containing threats of violence and their personally identifiable information (PII) are encouraged to contact law enforcement as well as file a complaint at www.IC3.gov.
-----
www.fayettefrontpage.com
Fayette Front Page
www.georgiafrontpage.com
Georgia Front Page
Wednesday, December 31, 2008
Microsoft Commends Chinese Court in Sentencing Ringleaders of World's Largest Software Counterfeiting Syndicate
/PRNewswire-FirstCall/ -- The Futian People's Court in Shenzhen, China, handed down sentences to 11 ringleaders of the world's largest software counterfeiting syndicate today. The sentences, ranging from 1.5 to 6.5 years, include the longest sentences handed down for this type of crime in China's history. Based in the southern China province of Guangdong, members of the syndicate were arrested by Chinese authorities in July 2007, following an international investigation led by China's Public Security Bureau (PSB) and the FBI. Microsoft and hundreds of Microsoft customers and partners also provided information which assisted in the investigation.
The 11 accused were part of a criminal syndicate responsible for manufacturing and distributing more than an estimated $2 billion (U.S.) worth of high-quality counterfeit Microsoft software. The counterfeit software, found in 36 countries and on five continents, contained fake versions of 19 of Microsoft's most popular products and was produced in at least 11 languages.
"Microsoft greatly appreciates the work of China's PSB and the FBI in taking strong enforcement action against this global software counterfeiting syndicate," said David Finn, associate general counsel for Worldwide Anti-Piracy and Anti-Counterfeiting at Microsoft. "Unfortunately, software counterfeiting is a global, illegal business without borders. Criminals may be on the other side of the globe and may not even speak the same language, but they prey upon customers and partners all over the world. This case is a testament to the importance of Microsoft's commitment to close collaboration with government bodies and local law enforcement agencies around the world to bring these criminals to justice, wherever they may be."
"Software piracy negatively impacts local economic growth, stifling innovation, taking business opportunity away from legitimate resale channels and putting consumers and partners at risk. Enforcement of intellectual property rights is critical to fostering an environment of innovation and fair competition," said Fengming Liu, vice president of Microsoft Greater China Region. "Over the years, Microsoft has been working closely with the Chinese government to promote intellectual property rights. Thanks to the actions of the Chinese government, we have seen a significant improvement in the environment for intellectual property rights in China. Moving forward, we will continue to work with the relevant authorities in China to ensure that counterfeit software does not undermine the development of China's knowledge economy."
"This case is also a strong demonstration of the improvement in criminal law legislation and enforcement of intellectual property rights in China," said Zhao Bingzhi, president of the Criminal Law Research Committee of the China Law Society and vice president of the China Group of the International Association of Penal Law.
Evidence provided by Microsoft customers through the Microsoft piracy reporting tool proved to be essential in tracking down this criminal syndicate. Tens of thousands of customers used Microsoft's anti-piracy technology in Windows Genuine Advantage to identify the software they were using as fake. In addition, more than 100 Microsoft resellers played a key part in helping to trace the counterfeit software and provided physical evidence critical to building the case, such as e-mail messages, invoices and payment slips.
"Customs administrations around the world have seized thousands of counterfeit Microsoft software produced by criminal syndicates," said Christophe Zimmermann, the coordinator of the fight against counterfeiting and piracy at the World Customs Organization. "The action today by the court in China sends a very clear message to counterfeiters that governments around the world are serious about stopping this form of criminality and are willing to step forward to protect their citizens from the harm caused by counterfeit goods."
-----
www.fayettefrontpage.com
Fayette Front Page
www.georgiafrontpage.com
Georgia Front Page
The 11 accused were part of a criminal syndicate responsible for manufacturing and distributing more than an estimated $2 billion (U.S.) worth of high-quality counterfeit Microsoft software. The counterfeit software, found in 36 countries and on five continents, contained fake versions of 19 of Microsoft's most popular products and was produced in at least 11 languages.
"Microsoft greatly appreciates the work of China's PSB and the FBI in taking strong enforcement action against this global software counterfeiting syndicate," said David Finn, associate general counsel for Worldwide Anti-Piracy and Anti-Counterfeiting at Microsoft. "Unfortunately, software counterfeiting is a global, illegal business without borders. Criminals may be on the other side of the globe and may not even speak the same language, but they prey upon customers and partners all over the world. This case is a testament to the importance of Microsoft's commitment to close collaboration with government bodies and local law enforcement agencies around the world to bring these criminals to justice, wherever they may be."
"Software piracy negatively impacts local economic growth, stifling innovation, taking business opportunity away from legitimate resale channels and putting consumers and partners at risk. Enforcement of intellectual property rights is critical to fostering an environment of innovation and fair competition," said Fengming Liu, vice president of Microsoft Greater China Region. "Over the years, Microsoft has been working closely with the Chinese government to promote intellectual property rights. Thanks to the actions of the Chinese government, we have seen a significant improvement in the environment for intellectual property rights in China. Moving forward, we will continue to work with the relevant authorities in China to ensure that counterfeit software does not undermine the development of China's knowledge economy."
"This case is also a strong demonstration of the improvement in criminal law legislation and enforcement of intellectual property rights in China," said Zhao Bingzhi, president of the Criminal Law Research Committee of the China Law Society and vice president of the China Group of the International Association of Penal Law.
Evidence provided by Microsoft customers through the Microsoft piracy reporting tool proved to be essential in tracking down this criminal syndicate. Tens of thousands of customers used Microsoft's anti-piracy technology in Windows Genuine Advantage to identify the software they were using as fake. In addition, more than 100 Microsoft resellers played a key part in helping to trace the counterfeit software and provided physical evidence critical to building the case, such as e-mail messages, invoices and payment slips.
"Customs administrations around the world have seized thousands of counterfeit Microsoft software produced by criminal syndicates," said Christophe Zimmermann, the coordinator of the fight against counterfeiting and piracy at the World Customs Organization. "The action today by the court in China sends a very clear message to counterfeiters that governments around the world are serious about stopping this form of criminality and are willing to step forward to protect their citizens from the harm caused by counterfeit goods."
-----
www.fayettefrontpage.com
Fayette Front Page
www.georgiafrontpage.com
Georgia Front Page
Tuesday, December 9, 2008
FBI Warns of New Vishing Attacks Targeting Private Branch Exchange (PBX) Systems
The FBI has identified a new technique used to conduct vishing attacks where hackers exploit a known security vulnerability in Asterisk software. Asterisk is free and widely used software developed to integrate Private Branch Exchange (PBX) systems with Voice over Internet Protocol (VoIP) digital Internet voice calling services; however, early versions of the Asterisk software are known to have a vulnerability. The vulnerability can be exploited by cyber criminals to use the system as an auto dialer, generating thousands of vishing telephone calls to consumers within one hour.
Digium, the original creator and primary developer of Asterisk, released a Security Advisory, AST-2008-003, in March 2008, which contains the information necessary for users to configure a system, patch the software, or upgrade the software to protect against this vulnerability.
If a consumer falls victim to this exploit, their personally identifiable information (PII) will be compromised. To prevent further loss of consumers’ PII and to reduce the spread of this new technique, it is imperative that businesses using Asterisk upgrade their software to a version that has had the vulnerability fixed.
Further, consumers should not release personal information in response to unsolicited telephone calls. Providing your PII will compromise your identity.
“As with all types of scams, whether by computer, phone, or mail, using common sense can protect you,” said Special Agent Richard Kolko, Chief, National Press Office, Washington, D.C.
-----
www.fayettefrontpage.com
Fayette Front Page
www.georgiafrontpage.com
Georgia Front Page
Digium, the original creator and primary developer of Asterisk, released a Security Advisory, AST-2008-003, in March 2008, which contains the information necessary for users to configure a system, patch the software, or upgrade the software to protect against this vulnerability.
If a consumer falls victim to this exploit, their personally identifiable information (PII) will be compromised. To prevent further loss of consumers’ PII and to reduce the spread of this new technique, it is imperative that businesses using Asterisk upgrade their software to a version that has had the vulnerability fixed.
Further, consumers should not release personal information in response to unsolicited telephone calls. Providing your PII will compromise your identity.
“As with all types of scams, whether by computer, phone, or mail, using common sense can protect you,” said Special Agent Richard Kolko, Chief, National Press Office, Washington, D.C.
-----
www.fayettefrontpage.com
Fayette Front Page
www.georgiafrontpage.com
Georgia Front Page
Monday, December 1, 2008
Holiday Season Cyber Scammers Target Victims
The FBI is reminding people this holiday season that cyber criminals continue to aggressively seek ways to steal money and personal information. Scammers are using several techniques to fool potential victims including sending unsolicited e-mails that contain attachments such as electronic greeting cards containing malware (malicious software), setting up spoofing websites that look like legitimate commercial sites, and unleashing phishing and vishing attacks where
individuals receive e-mails asking for personal data.
“"These cyber scammers will do whatever they can to steal your money and personal
information this holiday season and are trying many different ways to commit these
crimes. The best way to protect yourself is to report these scams to law enforcement
or the Internet Crime Complaint Center, IC3,"” said Shawn Henry, Assistant Director, FBI Cyber Division, Washington, D.C.
In the greeting card scam, the cards, which are also referred to as e-cards or postcards,
are being sent via spam. Like many other Internet fraud schemes, the criminals use
social engineering tactics to entice the victim, claiming the card is from a family
member or friend. Although there have been variations in the spam message and attached
malware, generally the spam directs the recipient to click the link provided in
the e-mail to view the e-card. Upon clicking the link, the recipient is unknowingly
taken to a malicious webpage.
Spoofing scams are when criminals create a false or shadow copy of a real website
or e-mail in a way that misleads the recipient. All network traffic between the
victim's browser and the shadow page are sent through the spoofer's machine. This
allows the spoofer to acquire personal information, such as passwords, credit card
numbers, and account numbers.
Even though the e-mail looks like the real thing, complete with authentic logos
and working web links, it's a fake. The website where you're told to enter your
account information is also fake. In some instances, really slick spoofers direct
you to the genuine website, then pop up a window over the site that captures your
personal information. The information entered does not go to the legitimate site,
but rather to the spoofer's account. The information you entered will most likely
be sold to criminals, who'll use it to ruin your credit and drain your account.
In phishing and vishing attacks, individuals report receiving e-mails or text messages
indicating a problem with their account. They are directed to follow the link provided
in the message to update their account or correct the problem. The link actually
directs the individuals to a fraudulent website that looks legitimate where their
personal information, such as account number and PIN, is compromised.
Other reported scams have included victims receiving an e-mail message asking them
to complete an online survey. At the end of the survey, they are asked for their
personal account information to allow funds to be credited to the account in appreciation
for completing the survey. Providing this information will allow criminals to compromise
the account.
Here are some tips you can use to avoid becoming a victim of cyber fraud:
* Do not respond to unsolicited (spam) e-mail.
* Do not click on links contained within an unsolicited e-mail.
* Be cautious of e-mail claiming to contain pictures in attached files, as the files
may contain viruses. Only open attachments from known senders.
* Avoid filling out forms in e-mail messages that ask for personal information.
* Always compare the link in the e-mail to the link that you are actually directed
to.
* Log on to the official website, instead of "linking" to it from an unsolicited e-mail.
* Contact the actual business that supposedly sent the e-mail to verify if the e-mail
is genuine.
To receive the latest information about cyber scams please go to the FBI website and sign up for e-mail alerts by clicking on one of the red envelopes. If you have received a scam e-mail, please notify the IC3 by filing a complaint at www.ic3.gov. For more information on e-scams, please visit the FBI's New E-Scams and Warnings webpage.
-----
www.fayettefrontpage.com
Fayette Front Page
www.georgiafrontpage.com
Georgia Front Page
individuals receive e-mails asking for personal data.
“"These cyber scammers will do whatever they can to steal your money and personal
information this holiday season and are trying many different ways to commit these
crimes. The best way to protect yourself is to report these scams to law enforcement
or the Internet Crime Complaint Center, IC3,"” said Shawn Henry, Assistant Director, FBI Cyber Division, Washington, D.C.
In the greeting card scam, the cards, which are also referred to as e-cards or postcards,
are being sent via spam. Like many other Internet fraud schemes, the criminals use
social engineering tactics to entice the victim, claiming the card is from a family
member or friend. Although there have been variations in the spam message and attached
malware, generally the spam directs the recipient to click the link provided in
the e-mail to view the e-card. Upon clicking the link, the recipient is unknowingly
taken to a malicious webpage.
Spoofing scams are when criminals create a false or shadow copy of a real website
or e-mail in a way that misleads the recipient. All network traffic between the
victim's browser and the shadow page are sent through the spoofer's machine. This
allows the spoofer to acquire personal information, such as passwords, credit card
numbers, and account numbers.
Even though the e-mail looks like the real thing, complete with authentic logos
and working web links, it's a fake. The website where you're told to enter your
account information is also fake. In some instances, really slick spoofers direct
you to the genuine website, then pop up a window over the site that captures your
personal information. The information entered does not go to the legitimate site,
but rather to the spoofer's account. The information you entered will most likely
be sold to criminals, who'll use it to ruin your credit and drain your account.
In phishing and vishing attacks, individuals report receiving e-mails or text messages
indicating a problem with their account. They are directed to follow the link provided
in the message to update their account or correct the problem. The link actually
directs the individuals to a fraudulent website that looks legitimate where their
personal information, such as account number and PIN, is compromised.
Other reported scams have included victims receiving an e-mail message asking them
to complete an online survey. At the end of the survey, they are asked for their
personal account information to allow funds to be credited to the account in appreciation
for completing the survey. Providing this information will allow criminals to compromise
the account.
Here are some tips you can use to avoid becoming a victim of cyber fraud:
* Do not respond to unsolicited (spam) e-mail.
* Do not click on links contained within an unsolicited e-mail.
* Be cautious of e-mail claiming to contain pictures in attached files, as the files
may contain viruses. Only open attachments from known senders.
* Avoid filling out forms in e-mail messages that ask for personal information.
* Always compare the link in the e-mail to the link that you are actually directed
to.
* Log on to the official website, instead of "linking" to it from an unsolicited e-mail.
* Contact the actual business that supposedly sent the e-mail to verify if the e-mail
is genuine.
To receive the latest information about cyber scams please go to the FBI website and sign up for e-mail alerts by clicking on one of the red envelopes. If you have received a scam e-mail, please notify the IC3 by filing a complaint at www.ic3.gov. For more information on e-scams, please visit the FBI's New E-Scams and Warnings webpage.
-----
www.fayettefrontpage.com
Fayette Front Page
www.georgiafrontpage.com
Georgia Front Page
Subscribe to:
Posts (Atom)
