FBI Warns that Alaskans Targeted in Texting Scam
If you receive a text message on your cell phone stating that your Debit or Credit card has been de-activated and to call a 907 number in order to re-activate it, do not call the numbers provided in the text. These texts are attempts to provide fraudsters with the card information necessary to perform fraudulent transactions.
Instead, delete the message and call the number on the back of your card or the listed phone number for the financial institution that issued your card or, if Denali State Bank issued your card, call the Customer Service department at 907-458-4236.
And remember to never provide passwords or Personal Identification Numbers (PINs).
June 11, 2012: Linked In Password Hashes Exposed
Attack Details: Earlier today rumors began circulating that a member of a Russian forum had posted the password hashes for 6.5 million LinkedIn users. When you create a password for a website or service, typically the password itself is not stored. Instead the password is run through an encryption algorithm, and the encrypted version of the password, called a “hash”, is stored. Although the hash itself is more secure than a plaintext password it is still vulnerable to being reverse engineered. This is especially true if the password is based on a regular dictionary word and does not contain capitalization, numbers, or special characters. Although LinkedIn has yet to verify that a breach has occurred on their systems, multiple security researchers have confirmed the legitimacy of the posted hashes.
Countermeasures: LinkedIn has recommended that users update their passwords as soon as possible.
April 5, 2012: Fraudulent Utility Bill E-mail
The IC3 has received over 40 complaints since May 2011 reporting the receipt of an unsolicited e-mail purportedly from a specified utility company. The e-mail stated the recipient had a new bill which needed to be paid, and the bill was attached to the e-mail. The recipient was instructed to click on the attachment to view their bill. The attachment contained a zip file with a computer virus. The e-mail concluded by stating the recipient received the e-mail message, because he/she receives e-bills from this utility company. Many of the recipients are located in areas of the United States that do not use this utility company as their electric provider.
Businesses Targeted With E-mail Purportedly from the Better Business Bureau (BBB)
The IC3 has received several complaints from businesses regarding an e-mail, purportedly from the BBB, which states the BBB has received a complaint from a customer regarding their business. The recipient is asked to review the complaint attached to the e-mail and respond to the BBB. The file attached to the e-mail contains a virus.
In one complaint received by the IC3, a business claimed their computer was infected with a virus after opening the attachment in the e-mail they received. As a result, the business lost nearly $100,000 when fraudsters successfully wired money from the company's bank account after the virus enabled them to capture passwords and other important banking information.
Malicious Complaint E-mail Claiming It's From BBB
Better Business Bureau is issuing an urgent SCAM alert cautioning businesses and consumers about an email that looks like it is from BBB, with the subject line "Complaint from your customers." This e-mail is fraudulent; ignore its contents and delete it immediately. If you have already clicked on a link in the e-mail, run a full virus scan of your computer.
The e-mails have return addresses that BBB does not use (one example is email@example.com) and it is signed with the address of the Council of Better Business Bureaus, the national office of the BBB system. The e-mail contains a link to a non-BBB web site. Do NOT click on the link.
BBB is working with law enforcement to determine its source and stop the fraudulent campaign.
1/29/12 Your ATM or Debit Card Could Be At Risk
We have received reports of email notifications from what appears to be a service that monitors ATM and debit card transactions for potentially fraudulent activity. The email warns there may be transactions conducted against the card at overseas locations.
As a reminder to keep all of your information secure:
NEVER reply to or click on any links provided in unsolicited emails.
- Never give out sensitive personal information online or over the phone in response to an unsolicited request.
- Do not open attachments included with unsolicited email
For more information on protecting your information, please see the “Security” tab on www.denalistatebank.com.
Fraudulent "FDIC notification" Emails Circulating
The Federal Deposit Insurance Corporation (FDIC) has received numerous reports of fraudulent e-mails that appear to be from the FDIC and contain an infected attachment.
The fraudulent e-mails have addresses such as "firstname.lastname@example.org" or "email@example.com" on the "From" line. The message appears, with spelling and grammatical errors, as follows:
Subject line: "FDIC notification"
Your account ACH and WIRE transaction have been temporarily suspended for security reasons due to the expiration of your security version. To download and install the newest installations read the document(pdf) attached below.
As soon as it is setup, you transaction abilities will be fully restored.
Best Regards, Online Security departament, Federal Deposit Insurance Corporation."
The e-mails contain an attachment "FDIC_document.zip" that will likely release malicious software if opened. These e-mails and attachments are fraudulent and were not sent by the FDIC. Recipients should consider these e-mails an attempt to collect personal or confidential information, or to load malicious software onto end users' computers. Recipients should NOT open the attachment.
Financial institutions and consumers should be aware that these fraudulent e-mails may be modified over time with other subject lines, sender names, and narratives. The FDIC does not directly contact consumers, nor does the FDIC request bank customers to install software upgrades.
Information about counterfeit items, cyber-fraud incidents, and other fraudulent activity may be forwarded to the FDIC's Cyber-Fraud and Financial Crimes Section, 3501 North Fairfax Drive, CH-11034, Arlington, Virginia 22226, or transmitted electronically to firstname.lastname@example.org. Questions related to federal deposit insurance or consumer issues should be submitted to the FDIC using an online form that can be accessed at http://www2.fdic.gov/starsmail/index.a
Malicious Software Features Usama bin Laden Links to Ensnare Unsuspecting Computer Users
The FBI today warns computer users to exercise caution when they receive e-mails that purport to show photos or videos of Usama bin Laden's recent death. This content could be a virus that could damage your computer. This malicious software or "malware" can embed itself in computers and spread to users' contact lists, thereby infecting the systems of associates, friends and family members. These viruses are often programmed to steal your personally identifiable information.
The Internet Crime Complaint Center (IC3) urges computer users to not open unsolicited (spam) e-mails, including clicking links contained within those messages. Even if the sender is familiar, the public should exercise due diligence. Computer owners must ensure they have up-to-date firewall and anti-virus software running on their machines to detect and deflect malicious software.
The IC3 recommends the public do the following:
Adjust the privacy settings on social networking sites you frequent to make it more difficult for people you know and do not know to post content to your page. Even a "friend" can unknowingly pass on multimedia that's actually malicious software.
Do not agree to download software to view videos. These applications can infect your computer.
- Read e-mails you receive carefully. Fraudulent messages often feature misspellings, poor grammar and nonstandard English.
- Report e-mails you receive that purport to be from the FBI. Criminals often use the FBI's name and seal to add legitimacy to their fraudulent schemes. In fact, the FBI does not send unsolicited e-mails to the public. Should you receive unsolicited messages that feature the FBI's name, seal or that reference a division or unit within the FBI or an individual employee, report it to the Internet Crime Complaint Center at www.ic3.gov.
Phishing Alert: Email Claiming to be from the "Electronic Payments Association" – February 22, 2011
NACHA — The Electronic Payments Association has received reports that individuals and/or companies have received a fraudulent email that has the appearance of having been sent from NACHA and signed by a non-existent NACHA employee. Specifically, this email claims to be from the “Electronic Payments Association” and appears to be coming from the email address “email@example.com.” See a sample of the email below.
Be aware that phishing emails frequently have attachments and/or links to Web pages that host malicious code and software. Do not open attachments or follow Web links in unsolicited emails from unknown parties or from parties with whom you do not normally communicate, or that appear to be known but are suspicious or otherwise unusual.
NACHA itself does not process nor touch the ACH transactions that flow to and from organizations and financial institutions. NACHA does not send communications to individuals or organizations about individual ACH transactions that they originate or receive.
If malicious code is detected or suspected on a computer, consult with a computer security or anti-virus specialist to remove malicious code or re-install a clean image of the computer system.
Always use anti-virus software and ensure that the virus signatures are automatically updated.
Ensure that the computer operating systems and common software applications security patches are installed and current.
Be alert for different variations of fraudulent emails.
Internet Crime Complaint Center's (IC3) Scam Alerts
This report, which is based upon information from law enforcement and complaints submitted to the IC3, details recent cyber crime trends and new twists to previously-existing cyber scams.
Romance Scammers Claiming Affiliation With The IC3
The IC3 has received several complaints regarding a romance scam originating via a dating website. Generally, in romance scams, the subject claims to be out of the country for a business trip and in need of money. The subject asks potential victims to wire funds for various reasons including paying for a hotel, returning to the states, or paying for a lawyer.
Recently, the scammers have added a layer of supposed law enforcement involvement in an attempt to convince the victim the scam is legitimate. In one such IC3 complaint, the "investigator" says he is using his private e-mail because the IC3 database is under maintenance. To convince the victim to wire the requested funds, he claims to be assigned to the case and assures the victim that the subject has been "interrogated and investigated" and that he is a safe, "legit business man."
Other complainants reported having difficulty canceling their membership to the particular dating site, which reportedly offers a "3-day free membership" for their service. The membership is reportedly "automatically" renewed after the three days unless canceled. Complainants reported that the website renewed their membership and charged their credit card over $59 despite the complainant's attempts to cancel the membership. Some complainants said the company did not answer their clls, e-mails, or voice mail messages, while others claimed the company admitted the "error" and offered them free service, but refused to refund the charges. Phishing E-mail Claims "Your Federal Tax Payment Was Rejected"
In October 2010, articles were posted online warning consumers about phishing e-mails purportedly from the Electronic Federal Tax Payment System (EFTPS) claiming the recipient's federal tax payment was rejected. The IC3 has received over 150 complaints reporting this matter. Although different versions of this spam campaign exist, many complainants reported that the e-mails they received were titled "LAST NOTICE: Your Federal Tax Payment has been rejected." E-mails stated, "the problem is that system doesn't process your company ID on holidays and we moved your tax payment batch to a waiting list." Recipients were then directed to click on the link provided to obtain more details about their company's status and tax payment batch file. Some complainants reportedly use the electronic system to pay their estimated quarterly taxes, so the e-mail appeared relevant.
Other related phishing e-mails claimed, "the identification number used in the Company Identification Field is not valid." Recipients were directed to visit hxxp://eftps.gov/r21 and "check the information and refer to Code R21 to get details about your company payment in transaction contacts section."
A recent complaint filed with the IC3 reported the same type of phishing e-mail except this time, the e-mail directed the recipient to open an attachment contained in the e-mail. The e-mail was titled "Your Federal Tax Payment Notice." Like the others, it claimed, "the identification number used in the Company Identification Field is not valid." To entice the recipient to open the attachment, the e-mail stated, "check the attached information and refer to Code R21 to get details about your company payment in transaction contacts section."
Telephone Scam Offering Virus Removal Services To Gain Remote Access To Victims' Computers
The IC3 has received several complaints from victims who reported a telephone scam in which the caller purports to be an employee of a major online company, which develops, manufactures, and supports software along with other products and services. Victims reported that a caller with an Indian accent claimed their computers were infected with viruses. The caller advised the victims they were sending the viruses to others via the Internet, and instructed victims to go to websites such as hxxp://www.irssupport.net, hxxp://www.go4support.org, hxxp://www.teche4pc.com, and hxxp://www.ammyy.com. When the victims navigated to one of the websites, they were further instructed to click on live support or live connect for assistance in removing the viruses. Some victims were instructed to download a program once they were on the hxxp://www.ammyy.com website. After the victim clicked on the link or downloaded the program, the caller gained control of the victim's computer. Victims watched as the caller explored personal files, pointing out files that were infected. Some victims reportedly believe the caller copied their files and obtained their personal information. In some cases, the caller tried to sell the victims' software. Many victims reported loud background noise during the call, indicating a possible boiler room-type operation. Some victims reported the scam to the online software company. The company has an alert on their website warning consumers about this matter.