E-Scams & Warnings

To report potential e-scams, please go the Internet Crime Complaint Center and file a report. Note: the FBI does not send mass e-mails to private citizens about cyber scams, so if you received an e-mail that claims to be from the FBI Director or other top official, it is most likely a scam.

If you receive unsolicited e-mail offers or spam, you can forward the messages to the Federal Trade Commission at spam@uce.gov.

Below are some recent scams and warnings:

Many holiday scams are variations of tricks you may encounter at any time of the year. Ongoing awareness of these scams is critical to protecting your personal and financial information this holiday season.

Beware of these malicious scams, which seem to run rampant during the most festive months of the year.
• Phishing scams: People should not respond to emails, text messages, and phone calls that advertise the sale of gift cards, holiday gifts, promotions, contests and jobs.
• Bogus Gift Cards: Cybercriminals can’t help but want to get in on the action by offering bogus gift cards online. Be wary of buying gift cards from third parties and buy directly from the retailer.
• Holiday SMiShing: Using text messages, scammers try to lure you into revealing personal information by pretending to be a legitimate organization.
• Social Media Scams: Beware of ads and postings for phony contests, and “stay at home” jobs from your Facebook and Twitter “friends.” People should not respond to these advertisements.
• Fake Charities: In this season of giving, the bad guys are hoping to get in on the giving by sending spam emails advertising fake charities. People should confirm the legitimacy of a charity through the Better Business Bureau.
• Dangerous E-cards: E-cards are popular way to send a quick “thank you” or holiday greeting, but some may contain spyware or viruses that download onto your computer once you click to view the greeting.
• Phony Classifieds: Beware of phony offers that ask for too much personal information or to wire funds via Western Union, since these are most likely scams.
• Phony E-tailers: Phony sites try to lure you into typing in your credit card and personal details by promoting great deals. Now they have your money and information, and you never receive anything.
• Travel Scams: Phony travel web pages with beautiful pictures and too-good-to-be-true deals are used to get you to hand over your financial details.
• Craigslist/Auction sites: Be wary of shopping online at Craigslist and public auction sites. Shoppers might purchase merchandise that is never delivered. People should follow the best practices published by Craigslist and other public auction websites to avoid scams.

Risk Prevention Tips
Secure home computers and mobile devices. Online shoppers should ensure their home computers are secured with a firewall and antivirus software before performing any online transactions. Operating system patches should be downloaded when made available by software vendors. People should also protect mobile devices (mobile phones, tablets, etc.) used to conduct online transactions by installing antivirus software.

CITADEL MALWARE CONTINUES TO DELIVER REVETON RANSOMWARE IN ATTEMPTS TO EXTORT MONEY
A new extortion technique is being deployed by cyber-criminals using the Citadel malware platform to deliver Reveton ransomware. The latest version of the ransomware uses the name of the Internet Crime Complaint Center (IC3) to frighten victims into sending money to the perpetrators. In addition to instilling a fear of prosecution, this version of the malware also claims that the user’s computer activity is being recorded using audio, video, and other devices.

As described in prior alerts on this malware, it lures the victim to a drive-by download website, at which time the ransomware is installed on the user’s computer. Once installed, the computer freezes and a screen is displayed warning the user they have violated United States Federal Law. The message further declares that a law enforcement agency has determined that a computer using the victim’s IP address has accessed child pornography and other illegal content.

To unlock the computer, the user is instructed to pay a fine using prepaid money card services. The geographic location of the user’s PC determines what payment services are offered. In addition to the ransomware, the Citadel malware continues to operate on the compromised computer and can be used to commit online banking and credit card fraud.

This is not a legitimate communication from the IC3, but rather is an attempt to extort money from the victim. If you have received this or something similar do not follow payment instruction.

It is suggested you:
• File a complaint at www.IC3.gov.
• Keep operating systems and legitimate antivirus and antispyware software updated.
• Contact a reputable computer expert to assist with removing the malware.
________________________________________

Smartphone Users Should be Aware of Malware Targeting Mobile Devices and Safety Measures to Help Avoid Compromise

The IC3 has been made aware of various malware attacking Android operating systems for mobile devices. Some of the latest known versions of this type of malware are Loozfon and FinFisher. Loozfon is an information-stealing piece of malware. Criminals use different variants to lure the victims. One version is a work-at-home opportunity that promises a profitable payday just for sending out e-mail. A link within these advertisements leads to a website that is designed to push Loozfon on the user’s device. The malicious application steals contact details from the user’s address book and the infected device’s phone number.

FinFisher is a spyware capable of taking over the components of a mobile device. When installed the mobile device can be remotely controlled and monitored no matter where the Target is located. FinFisher can be easily transmitted to a smartphone when the user visits a specific web link or opens a text message masquerading as a system update.

Loozfon and FinFisher are just two examples of malware used by criminals to lure users into compromising their devices.

Safety tips to protect your mobile device:
• When purchasing a smartphone, know the features of the device, including the default settings. Turn off features of the device not needed to minimize the attack surface of the device.

• Depending on the type of phone, the operating system may have encryption available. This can be used to protect the user’s personal data in the case of loss or theft.

• With the growth of the application market for mobile devices, users should look at the reviews of the developer/company who published the application.

• Review and understand the permissions you are giving when you download applications.
• Passcode protect your mobile device. This is the first layer of physical security to protect the contents of the device. In conjunction with the passcode, enable the screen lock feature after a few minutes of inactivity.

• Obtain malware protection for your mobile device. Look for applications that specialize in antivirus or file integrity that helps protect your device from rogue applications and malware.

• Be aware of applications that enable geo-location. The application will track the user’s location anywhere. This application can be used for marketing, but can also be used by malicious actors, raising concerns of assisting a possible stalker and/or burglaries.

• Jailbreak or rooting is used to remove certain restrictions imposed by the device manufacturer or cell phone carrier. This allows the user nearly unregulated control over what programs can be installed and how the device can be used. However, this procedure often involves exploiting significant security vulnerabilities and increases the attack surface of the device. Anytime an application or service runs in “unrestricted” or “system” level within an operation system, it allows any compromise to take full control of the device.

• Do not allow your device to connect to unknown wireless networks. These networks could be rogue access points that capture information passed between your device and a legitimate server.

• If you decide to sell your device or trade it in, make sure you wipe the device (reset it to factory default) to avoid leaving personal data on the device.

• Smartphones require updates to run applications and firmware. If users neglect this, it increases the risk of having their device hacked or compromised.

• Avoid clicking on or otherwise downloading software or links from unknown sources.

• Use the same precautions on your mobile phone as you would on your computer when using the Internet.

If you have been a victim of an Internet scam or have received an e-mail that you believe was an attempted scam, please file a complaint at www.IC3.gov.

If you have been a victim of an Internet scam or have received an e-mail that you believe was an attempted scam, please file a complaint at www.IC3.gov.

Note: The FBI does not send mass e-mails to private citizens about cyber scams, so if you received an e-mail that claims to be from the FBI Director or other top official, it is most likely a scam.