2009 Scam Alerts


December 16, 2009

Read about the latest scams and threats in the posting below. This update was issued by the FDIC.

Should you receive a pop-up advertisement offering an anti-virus software, do not follow the links or prompts.

POP-UP ADVERTISEMENTS OFFERING ANTI-VIRUS SOFTWARE POSE THREAT TO INTERNET USERS

An ongoing threat exists for computer users who, while browsing the Internet, began receiving pop-up security warnings that state their computers are infected with numerous viruses.
These pop-ups known as scareware, fake, or rogue anti-virus software look authentic and may even display what appears to be real-time anti-virus scanning of the user’s hard drive. The scareware will show a list of reputable software icons; however, the user cannot click a link to go to the actual site to review or see recommendations.

The scareware is intimidating to most users and extremely aggressive in its attempt to lure the user into purchasing the rogue software that will allegedly remove the viruses from their computer. It is possible that these threats are received as a result of clicking on advertisements contained on a website. Cyber criminals use botnets to push the software and use advertisements on websites to deliver it. This is known as malicious advertising or malvertising. Once the pop-up appears it cannot be easily closed by clicking “close” or the “X” button. If the user clicks on the pop-up to purchase the software, a form is provided that collects payment information and the user is charged for the bogus product. In some instances, whether the user clicks on the pop-up or not, the scareware can install malicious code onto the computer. By running your computer with an account that has rights to install software, this issue is more likely to occur.

Downloading the software could result in viruses, Trojans, and/or keyloggers being installed on the user’s computer. The repercussions of downloading the malicious software could prove further financial loss to the victim due to computer repair, as well as, cost to the user and/or financial institutions due to identity theft.

The assertive tactics of the scareware has caused significant losses to users. The FBI is aware of an estimated loss to victims in excess of $150 million.

Be cautious—Cyber criminals use easy to remember names and associate them with known applications. Beware of pop-ups that are offer a variation of recognized security software. It is recommended that the user research the exact name of the software being offered.

Take precautions to ensure operating systems are updated and security software is current. If a user receives these anti-virus pop-ups, it is recommended to close the browser or shut the system down. It is suggested that the user run a full, anti-virus scan whenever the computer is turned back on.


November 12, 2009

A random sampling of clients and employees of The Bank of Northern Michigan have received a falsified e-mail with the subject title "Rejected ACH Transaction." This e-mail appears to be from NACHA - The Electronic Payments Association announcing that there is a problem with an ACH transaction they have originated. The e-mail includes a link which redirects the individual to a fake web page which appears like the NACHA website and contains a link which is almost certainly an executable virus with malware. (Sample e-mail below)

Please be aware that the e-mail did not originate from NACHA, and the website is not that of NACHA's. Should you receive this email, delete it immediately. Do not click on the link.


= = = = = Sample E-mail = = = = = =

From: nacha.org [mailto:report@nacha.org]
Sent: Thursday, November 12, 2009 10:25 AM
To: Doe, John
Subject: Rejected ACH transaction, please review the transaction report

Dear bank account holder,
The ACH transaction, recently initiated from your bank account, was rejected by the Electronic Payments Association. Please review the transaction report by clicking the link below:

Unauthorized ACH Transaction Report (example link presentation)


October 28, 2009

The Federal Deposit Insurance Corporation (FDIC) has become aware of e-mails appearing to be sent from the FDIC that are asking recipients to download and open a "personal FDIC insurance file" to check their deposit insurance coverage. These e-mails are fraudulent and were not sent by the FDIC. The FDIC is attempting to identify the source of the e-mails and disrupt the transmission.

Currently, the subject line of the fraudulent e-mails includes the wording "check your Bank Deposit Insurance Coverage." The e-mails state: "You have received this message because you are a holder of a FDIC-insured bank account. Recently FDIC has officially named the bank you have opened your account with as a failed bank, thus, taking control of its assets."

The e-mails ask recipients to "visit the official FDIC website" by clicking on a hyperlink provided, which appears to be related to the FDIC and directs recipients to a fraudulent Web site. The Web site includes hyperlinks that appear to open forms. However, it is believed that clicking on the hyperlinks will cause an unknown executable file to be downloaded. While the FDIC is working with the United States Computer Emergency Readiness Team (US-CERT) to determine the exact effects of the executable file, recipients should consider the intent of the software as a malicious attempt to collect personal or confidential information, some of which may be used to gain unauthorized access to online banking services or to conduct identity theft. Financial institutions and consumers should NOT access the Web site or download the executable files provided on the Web site.

Information about counterfeit items, cyber-fraud incidents and other fraudulent activity may be forwarded to the FDIC's Cyber-Fraud and Financial Crimes Section, 550 17th Street, N.W., Room F-3054, Washington, D.C. 20429, or transmitted electronically to alert@fdic.gov. Information related to federal deposit insurance or consumer issues should be submitted to the FDIC using an online form that can be accessed at https://www2.fdic.gov/starsmail/index.asp.

For your reference, FDIC Special Alerts may be accessed from the FDIC's website at www.fdic.gov/news/news/SpecialAlert/2009/index.html. To learn how to automatically receive FDIC Special Alerts through e-mail, please visit www.fdic.gov/about/subscriptions/index.html.


October 13, 2009

Read about the latest email scams and threats in the postings below. Each of these updates were issued by the FDIC.

Should you receive these or similar emails, do not follow the links or prompts.

FRAUDULENT E-MAIL CLAIMING TO CONTAIN FBI
“INTELLIGENCE BULLETIN NO. 267”

10/05/09—A fraudulent e-mail message claiming to contain a confidential FBI report titled “New Patterns in Al-Qaeda Financing” has been circulating since August 15, 2009. The e-mail has the subject line “Intelligence Bulletin No. 267,” and contains an attachment titled “bulletin.exe.” This message, or similar messages, may contain files that are harmful to the recipient’s system and may try to steal user credentials.

DO NOT CLICK ON ANY LINKS ASSOCIATED WITH THIS E-MAIL OR SIMILAR E-MAILS, IT IS A HOAX.

The FBI does not send unsolicited e-mails or email official reports. Consumers should not respond to any unsolicited e-mails or click on any embedded links, as they may contain viruses or other malicious software.

Below is an example of the fraudulent e-mail message:

INTELLIGENCE BULLETIN No. 267
Title: New Patterns in Al-Qaeda Financing
Date: August 15, 2009
THREAT LEVEL: YELLOW (ELEVATED)

THE INTELLIGENCE BULLETIN PROVIDES LAW ENFORCEMENT AND OTHER PUBLIC SAFET= OFFICIALS WITH SITUATIONAL AWARENESS CONCERNING INTERNATIONAL AND DOMES=IC TERRORIST GROUPS AND TACTICS.

HANDLING NOTICE: Recipients are reminded that FBI Intelligence Bulletins =ontain sensitive terrorism and counterterrorism information meant for us= primarily within the law enforcement community. Such bulletins are not =o be released either in written or oral form to the media, the general p=blic, or other personnel who do not have a valid ?eed-to-know?with=ut prior approval from an authorized FBI official, as such release could jeopardize national security

As with many fraudulent e-mail messages, this message contains multiple spelling errors and poor grammar.

--------------------------------------------------------------------------------

FRAUDULENT E-MAIL CLAIMING TO BE FROM DHS AND THE FBI COUNTERTERRORISM DIVISION

10/05/09—Fraudulent e-mails containing the subject line “New DHS Report” have been circulating since August 15, 2009. The e-mails claim to be from the Department of Homeland Security (DHS) and the FBI Counterterrorism Division. The e-mail text contains information about “New Usama Bin Ladin Speech Directed to the People of Europe,” and has an attachment titled “audio.exe.” The attachment is purportedly an audio speech from Bin Ladin; however, it actually contains malicious software intended to steal information from the recipient’s system.

DO NOT CLICK ON ANY LINKS ASSOCIATED WITH THIS E-MAIL OR SIMILAR E-MAILS, IT IS A HOAX.

The FBI does not send unsolicited e-mails or e-mail official reports. Consumers should not respond to any unsolicited e-mails or click on any embedded links, as they may contain viruses or malware.

One example of this fraudulent e-mail message is as follows:

Subject: New DHS Report

New Usama Bin Ladin Speech Directed to the People of Europe
Prepared by DHS/I&A Intelligence Watch and Warning Division and the FBI Counter Terrorism Division

(U//FOUO) Media outlets are reporting the release of a new audio tape on Al Jazeera today from Usama Bin Ladin, in which he states that all European countries involved in the Afghanistan war should end their support of American oppression in Afghanistan. In the audio message, Bin Ladin claims direct responsibility for the 11 September 2001 attacks and emphasizes that neither the Afghan people nor the Afghan government had foreknowledge of the attacks.

////Signed////
Charlie Allen
Chief Intelligence Officer
Department of Homeland Security

As with many fraudulent e-mail messages, this message contains multiple spelling errors and poor grammar.

--------------------------------------------------------------------------------

FRAUDULENT E-MAIL CLAIMING TO CONTAIN AN FBI INTELLIGENCE BULLETIN FROM THE WEAPONS OF MASS DESTRUCTION DIRECTORATE

10/05/09—A fraudulent e-mail, initially appearing around June 16, 2009, claims to contain a confidential FBI report from the FBI “Weapons of Mass Destruction Directorate.” The subject line of the email is “RE: Weapons of Mass Destruction Directorate,” and contains an attachment “reports.exe.” This message and similar messages may contain a file related to the ‘W32.Waledac” trojan software, which is designed to steal user authentication credentials or send spam messages.

DO NOT CLICK ON ANY LINKS ASSOCIATED WITH THIS E-MAIL OR SIMILAR E-MAILS, IT IS A HOAX.

The FBI does not send unsolicited e-mails or e-mail official reports. Consumers should not respond to any unsolicited e-mails or click on any embedded links, as they may contain viruses or malicious software.

Below is an example of the fraudulent e-mail:

CLASSIFIED
FEDERAL BUREAU OF INVESTIGATION
INTELLIGENCE BULLETIN
Weapons of Mass Destruction Directorate

HANDLING NOTICE: Recipients are reminded that FBI Intelligence Bulletins contain sensitive terrorism and counterterrorism information meant for use primarily within the law enforcement and homeland security communities. Such bulletins shall not be released, either in written or oral form, to the media, the general public, or other personnel who do not have a valid need-to-know without prior approval from an authorized FBI official, as such release could jeopardize national security.
Link to malicious software (report.exe)

--------------------------------------------------------------------------------

TECHNIQUES USED BY FRAUDSTERS ON SOCIAL NETWORKING SITES

10/01/09—Fraudsters continue to hijack accounts on social networking sites and spread malicious software by using various techniques. One technique involves the use of spam to promote phishing sites, claiming there has been a violation of the terms of agreement or some other type of issue which needs to be resolved. Other spam entices users to download an application or view a video. Some spam appears to be sent from users' "friends", giving the perception of being legitimate. Once the user responds to the phishing site, downloads the application, or clicks on the video link, their computer, telephone or other digital device becomes infected.

Another technique used by fraudsters involves applications advertised on social networking sites, which appear legitimate; however, some of these applications install malicious code or rogue anti-virus software. Other malicious software gives the fraudsters access to your profile and personal information. These programs will automatically send messages to your "friends" list, instructing them to download the new application too.

Infected users are often unknowingly spreading additional malware by having infected websites posted on their webpage without their knowledge. Friends are then more apt to click on these sites since they appear to be endorsed by their contacts.

Tips on avoiding these tactics:

  • Adjust website privacy settings. Some networking sites have provided useful options to assist in adjusting these settings to help protect your identity.
  • Be selective of your friends. Once selected, your "friends" can access any information marked as "viewable by all friends."
  • You can select those who have "limited" access to your profile. This is for those whom you do not wish to give full friend status to or with whom you feel uncomfortable sharing personal information.
  • Disable options and then open them one by one such as texting and photo sharing capabilities. Users should consider how they want to use the social networking site. If it is only to keep in touch with people then perhaps it would be better to turn off the extra options which will not be used.
  • Be careful what you click on. Just because someone posts a link or video to their "wall" does not mean it is safe.

Those interested in becoming a user of a social networking site and/or current users are recommended to familiarize themselves with the site's policies and procedures before encountering such a problem.


September 15th, 2009

 
SMiShing attacks (also known as text phishing), have impacted cardholders of financial institutions located primarily in the eastern region of the U.S.
 
SMiSHing is a type of social engineering that uses cell phone text messages to persuade victims to provide personal information such as a card number, CVV2, and PINs. The text message may contain either a website address or more commonly, a phone number that connects to an automated voice response system, which then asks for personal information.
 
The following are examples of SMiShing messages recently sent to cardholders:
  • Text message originating from either notce@jpecu or message@cccu:

ABC CU-has-deactived-your-Debit_card. To-reactive-contact:210957XXXX.

This is an automated message from ABC Bank. Your ATM card has been suspended. To reactivate call urgent at 1-866-215-XXXX.

  • Text message originating from sms.alert@visa.com:

sms.alert@visa.com/VISA. (Card Blocked) Alert. For more information please call 1-877-269-XXXX.

Should you receive this type of text message, do not follow its prompts or call the number provided.

 

Fraudulent Letters Offering Payment Reductions

 

 

Archives:
2012
2011
2010
2009