E-Scams & Warnings

With the Valentine's Day holiday approaching, be on the lookout for spam e-mails spreading the Storm Worm malicious software (malware). The e-mail directs the recipient to click on a link to retrieve the electronic greeting card (e-card). Once the user clicks on the link, malware is downloaded to the Internet-connected device and causes it to become infected and part of the Storm Worm botnet. A botnet is a network of compromised machines under the control of a single user. Botnets are typically set up to facilitate criminal activity such as spam e-mail, identity theft, denial of service attacks, and spreading malware to other machines on the Internet.

The Storm Worm virus has capitalized on various holidays in the last year by sending millions of e-mails advertising an e-card link within the text of the spam e-mail. Valentine's Day has been identified as the next target.

Be wary of any e-mail received from an unknown sender. Do not open any unsolicited e-mail and do not click on any links provided.

If you have received this, or a similar e-mail, please file a complaint at Internet Crime Complaint Center.

The FBI has recently developed information indicating cyber criminals are attempting to once again send fraudulent e-mails to unsuspecting recipients stating that someone has filed a complaint against them or their company with the Department of Justice or another organization such as the Internal Revenue Service, Social Security Administration, or the Better Business Bureau.

Information obtained during the FBI investigation has been provided to the Department of Homeland Security (DHS). DHS has taken steps to alert their public and private sector partners with the release of a Critical Infrastructure Information Notice (CIIN).

The e-mails are intended to appear as legitimate messages from the above departments, and they address the recipients by name, and other personal information may be contained within the e-mail. Consistent with previous efforts, the scam will likely be an effort to secure Personally Identifiable Information. The nature of these types of scams is to create a sense of urgency for the recipient to provide a response through clicking on a hyperlink, opening an attachment, or initiating a telephone call.

It is believed this e-mail refers to a complaint that is in the form of an attachment, which actually contains virus software designed to steal passwords from the recipient. The virus is wrapped in a screensaver file wherein most anti-virus programs are unable to detect its malicious intent. Once downloaded, the virus is designed to monitor username and password logins, and record the activity, as well as other password-type information, entered on the compromised machine.

Be wary of any e-mail received from an unknown sender. Do not open any unsolicited e-mail and do not click on any links provided. If you have received a scam e-mail please notify the IC3 by filing a complaint at www.ic3.gov.

Are you one of many who have received an e-mail, text message, or telephone call, supposedly from your credit card/debit card company directing you to contact a telephone number to re-activate your card due to a security issue? The IC3 has received multiple reports of different variations of this scheme known as "vishing". These attacks against US financial institutions and consumers continue to rise at an alarming rate.

Vishing operates like phishing by persuading consumers to divulge their Personally Identifiable Information (PII), claiming their account was suspended, deactivated, or terminated. Recipients are directed to contact their bank via a telephone number provided in the e-mail or by an automated recording. Upon calling the telephone number, the recipient is greeted with "Welcome to the bank of %u2026%u2026" and then requested to enter their card number in order to resolve a pending security issue.

For authenticity, some fraudulent e-mails claim the bank would never contact customers to obtain their PII by any means, including e-mail, mail, or instant messenger. These e-mails further warn recipients not to provide sensitive information when requested in an e-mail and not to click on embedded links, claiming they could contain "malicious software aimed at capturing login credentials."

Please beware-spam e-mails may actually contain malicious code (malware) which can harm your computer. Do not open any unsolicited e-mail and do not click on any links provided.

A new version recently reported involves the sending of text messages to cell phones claiming the recipient's on-line bank account has expired. The message instructs the recipient to renew their on-line bank account by using the link provided.

Due to rapidly evolving criminal methodologies, it is impossible to include every scenario. Therefore, be cognizant and protect your PII. Beware of e-mails, telephone calls, or text messages requesting your PII.

If you have a question concerning your account or credit/debit card, you should contact your bank using a telephone number obtained independently, such as from your statement, a telephone book, or other independent means.

If you have received this, or a similar hoax, please file a complaint at www.ic3.gov.

We have increasingly received reports of fraudulent schemes misrepresenting the FBI and Director Robert S. Mueller III. The e-mails may include pictures of the FBI Director, the seal, letter head, and banners. The letters may also claim to come from domestic or foreign FBI offices.

Most of the schemes that use the Director's name or refer to the FBI are lottery endorsements and inheritance notifications. They also include threat and extortion e-mails, website monitoring containing malicious computer program attachments (malware), and online auction scams.

Beware of any unsolicited e-mail referencing the FBI, Director Mueller or any other FBI official endorsing any type of Internet activity.

Fraudsters pretending to be from the FBI-which is an old trick-hope to cash in by intimidating their victims.

If you have experienced this situation please notify the IC3 by filing a complaint at www.ic3.gov.

Buy 3 T-Shirts, Get 1 Free on CafePress.com for a Limited Time!

We continue to receive reports of spam e-mail which claim to be from an official of the U.S. military sent on behalf of American soldiers stationed overseas. The scam e-mails vary in content; however, the general theme of each is to request personal information and/or funds from the individual receiving the e-mail.

Beware of any e-mail received from an unknown sender which either requests personal information or asks for money for any reason. We recommend against opening e-mail from unknown senders because they often carry viruses or other malicious software.

If you receive an e-mail similar to this, please file a complaint at www.ic3.gov.

We continue to receive reports of Internet fraud related to electronic greeting cards containing malware (malicious software). The cards, which are also referred to as e-cards or postcards, are being sent via spam.

Like many other Internet fraud schemes, the perpetrators claim the card is from a family member or friend. Although there have been variations in the spam message and attached malware, generally the spam directs the recipient to click the link provided in the e-mail to view their e-card. Upon clicking the link, the recipient is unknowingly taken to a malicious web page.

Beware of unsolicited e-mails. It is recommended not to open e-mails from unknown senders because they often contain viruses or other malicious software.

If you have received an e-mail similar to this, please file a complaint at www.ic3.gov.

They're called "bot-herders:" hackers who install malicious software on computers through the Internet without the owners' knowledge. Once the software is loaded, they can control the computer remotely. And once they've compromised enough computers, they have a robot network or botnet.

Some botnets are huge: tens of thousands of infected computers. Or more. As a result of Operation Bot Roast, an ongoing and coordinated initiative to disrupt and dismantle these bot-herders, we've identified about 1 million computers across the country that have been compromised.

The FBI has also charged numerous individuals with cyber crimes around the nation as a direct result of the coordinated operation, including:
1. Robert Alan Soloway of Seattle, Washington, is accused of using botnets to send tens of millions of spam messages touting his website;
2. James C. Brewer of Arlington, Texas, is accused of infecting tens of thousands of computers worldwide, including some at Chicago-area hospitals; and
3. Jason Michael Downey of Covington, Kentucky, is charged with using botnets to disable other systems.
As the investigations continue to unfold, it is possible we will uncover more victims. Here are some important things to remember:

First, if you believe your computer has been compromised, do not call the FBI directly. You should contact your Internet service provider. They can help you determine if your computer has been infected, and what steps to take to restore it. We are not in a position to provide technical assistance.

Second, if you determine you are a victim, then we encourage you to file a complaint online through our Internet Crime Complaint Center.

Third, the FBI will not contact you online and request your personal information : Be wary of fraud schemes that request this type of information, especially via unsolicited e-mails.

Operation Bot Roast was launched because the national security implications of the growing botnet threat are broad. The hackers may use the computers themselves, or they may rent out their botnets to the highest bidder. The more computers they control, they more they can charge their clients.

A bot-herder can do a lot with compromised computers:

1. Steal the computer owner's identity;
Launch massive spam campaigns;
2. Engage in click-fraud-schemes which artificially inflate the number of visitors to a website;
3. Launch denial of service attacks that can cripple web servers and crash sites.

One of the difficulties in fighting this type of cyber crime is that it is difficult for computer owners to know if their machines have been infected. There is no easy way to tell, unfortunately. It may be running slowly, your outbox may be full of mail you didn't send, and you may get mail stating you've sent spam.

"The majority of the victims are not even aware that their computers have been compromised or their personal information exploited," said FBI Assistant Director James Finch, who heads our Cyber Division.

That's why we urge every computer owner to implement the security precautions that are available. Prevention is always better than reaction.

From FBI.gov., an official site of the U.S. Federal Government.

If you've ever thought about visiting a cyber casino, here's something you should know: it's illegal to gamble online in the United States.

"You can go to Vegas. You can go to Atlantic City. You can go to a racetrack. You can go to those places and gamble legally. But don't do it online. It's against the law," says Leslie Bryant, head of our Cyber Crime Fraud unit at FBI Headquarters.

That means:

1. No placing cyber bets on sporting events or in virtual card games;

2. No transferring money electronically for gambling; and

3. No wagers in offshore Internet casinos even if you live in the U.S.

What's allowed? Some free online games, fantasy leagues, and Indian gaming sites that aren't strictly defined as Internet gambling.

It's also illegal for businesses to run gambling websites and to solicit online bets. Even companies handling transactions for cyberspace bettors can face federal charges.

Cracking down. Our strategy for tackling illegal online gambling-as a key enforcement agency-is to start with the companies providing the services in the first place. "We're going after the people making the money-the owners of these virtual casinos, gaming rooms, and off-track betting parlors," Bryant says.

We currently have about a dozen of these cases in motion. One of the biggest came last July when a federal grand jury in St. Louis returned a 22-count indictment against 11 individuals and four companies for their involvement in illegal online gaming and related activities. On May 24, one of the companies-BetonSports- pled guilty to racketeering charges in the case.

We've also had success against companies supporting the money flows behind virtual gambling. In January, for example, two Canadians were charged with operating an Internet payment services company that transferred billions of dollars in illegal gambling proceeds between U.S. citizens and the owners of online gambling sites outside the country.

In 2003, another Internet financial services company paid $10 million in a civil agreement to settle allegations that it aided illegal offshore and online gambling agreements. The U.S. government has also settled several cases with online businesses that have accepted money to market virtual gambling operations.

Think a little online gambling can't cost you? Don't bet on it. Even if you don't get caught gambling, you could well lose the money you have in an online gaming account if the company faces charges, since the U.S. government seizes assets in these cases whenever possible.

FYI, here are the primary federal laws that govern online gambling:

Unlawful Internet Gambling Enforcement Act of 2006
Transmission of wagering, betting by use of a wire communication
Broadcasting lottery information
Fraud by wire
Mail fraud: Attempt and Conspiracy

From FBI.gov., an official site of the U.S. Federal Government.

Some words to the wise: if you have a wireless Internet or network connection, make sure you've got the best possible security measures in place. And don't delay.

What is WEP? In layman's terms, it's one way computers try to keep unauthorized users from tapping into your wireless network. A wireless network is more vulnerable to outside hackers than a closed one, which physically connects computers with cables.

WEP is generally the lowest level of security that comes with a new wireless network. Hackers have been improving their ability to get around the security settings in WEP for years. They know that most people don't even bother to set up password protection, and when they do, they simply use the default.

That can be a boon to "war drivers," people who drive around looking for unsecured wireless Internet access points to hijack. After they tap into the connection, they can do all sorts of things-including illegally sending spam or pilfering your computer's data, like Nicholas Tombros did a few years ago.

You might not even know if these hackers have gained access to your connection. They may be a couple houses over or on the next street. But if they're doing something illegal with your Internet connection, it's going to come back to you.

So what can you do? At the very least, set up password protection and change the default and security settings on the WEP, if that's what you're using. Then we recommend you consider changing your wireless security to a more secure protocol, like WPA2, TKIP, or AES.

Don't know how to do that? Check the website of your wireless router manufacturer. All of the major companies have websites devoted to security.

"There's a lot of information out there about making your wireless system more secure," says James E. Finch, assistant director of the FBI Cyber Division. "We recommend taking a layered security approach. That is, throw as many locks on the computer to thwart these hackers as possible."

This comes directly from the FBI website.

When it comes to crime, the Internet is like a Swiss Army knife-a multi-purpose tool that's easy to use and highly versatile. That's made crystal clear by the 2006 annual report just issued by our Internet Crime Complaint Center (IC3), which shows how criminals used the 'Net to launch nine different varieties of fraud alone.

Among the highlights from the report, which is now posted on the web:

Overall totals: During 2006, consumers filed 207,492 complaints. Complainants said they lost $198.4 million, the highest total ever.
Types of fraud: Nearly 45 percent of the complaints involved online auction fraud-such as getting a different product than you expected-making it the largest category; more than 19 percent concerned undelivered merchandise or payments. Another pervasive scheme last year involved an e-mail threat of murder . Get more details on all nine fraud categories in Appendix I of the report, including identity theft, investment fraud, cyberstalking, phishing, spoofing, spamming, and others.

The perpetrators: Three-quarters were men. Nearly 61 percent lived in the U.S., with half in one of seven states. Other top countries included the U.K., Nigeria, Canada, Romania, and Italy.
Victims: All over the map. But the report shows that the "average" complainant was a man between 30 and 40 living in California, Texas, Florida, or New York. Individuals who reported losing money lost an average of $724; the highest losses involved Nigerian letter fraud, with a median loss of $5,100. Nearly 74 percent of the complaints said they were contacted through e-mail, and 36 percent complained of fraud through websites, highlighting the anonymous nature of the web.

How can you avoid becoming a victim yourself? Take a look at Appendix II of the report, which offers some tips and best practices. You can also read about the successful prosecutions of cases that stemmed from complaints submitted to IC3. And please see our additional advice on Internet scams on this website.

The IC3, a partnership between the National White Collar Crime Center and the FBI opened in October 2000, serves as a clearinghouse for reporting cyber crime. Consumers who think they've been victimized can file a complaint on the IC3 website; valid complaints are referred to an appropriate law enforcement or regulatory agency. Even those complaints that don't lead to further action help paint a picture of cyber crime trends.

A "spam" mail I just received offers you a coupon for Red Lobster. If you click on it, you're taken to a page asking for your shipping address, email and phone number.

It is apparently, just a way to get this information because if you enter it and click the submit button, it just keeps refreshing the page.

The site it takes me to is: http://www.aerjd.com/redlobster/red_splash.html

Below is a copy of the email. If you get one, you should forward a copy to Red Lobster.
****************
Red Lobster

Because you love fresh seafood, you deserve a special reward.

We're giving away a limited number of Free $250 Red Lobster Gift Cards!

Click Here To Claim Your Red Lobster Card

Use it yourself, or make someone special smile. For birthdays, anniversaries, or
for any reason at all, the Red Lobster gift card makes a great gift.

This e-mail alert was taken from the FBI website.

We have received reports concerning a fraudulent e-mail claiming to be from the FBI.

The new e-mail hoax is similar to one described in a November 22, 2005, posting on the Internet Crime Complaint Center website. The e-mail includes a virus-laden attachment.

This hoax e-mail contains the following text:

Dear Sir/Madam,

We have logged your IP address on more than 30 illegal Websites. Important: Please answer our questions! The list of questions are attached.

Yours faithfully,
Steven Allison
Federal Bureau of Investigation - FBI
935 Pennsylvania Avenue, NW, Room 3220
Washington, DC 20535
Phone: (202) 283-5817

This e-mail is a hoax. Do not download its attachment. If you receive this e-mail or one similar to it, delete the message and do not open the attachment.