Flickertronics Security Alerts

24x7 Live                                     (904) 825-6708

Support                                      (800) 899-5350

Ancient City Underground.com  -   Security Alerts and Bulletins from St Augustine, Florida, the nations's oldest city

Home      |  Products      |  Healtcare & HIPAA Solutions      |  Security Alerts      |  TechSourceNews      |  ShopGenie.me      |  Computers      |  Contact US  

  Colo5 Jacksonville, Fl -  2009 Server Install      Photo Gallery    

Level 3 Atlanta, Ga. 2006 Server Install     Photo Gallery

     
               
  Critical Securtiy Alerts - IT Preparedness   Disaster Preparedness - Reporting Identity Theft    
Hello, I am Flicker, CEO of Flickertronics, a local business IT provider and computer repair store in business over 18 years. Our alerts help keep security and safety in the forefront of your thoughts. Our affiliation with US-CERT (United States Computer Emergency Readiness Team) allows us to realize the importance of this information and the fact that this information will keep you safer and potentially save your critical business information before a disaster occurs. Giving you this information combats Cybercriminals and enables you to help us assist US-CERT in keeping our country safer. Our Print Newspaper and security articles written by myself and my staff, Tech Source News
 

As the first established Data Recovery Center in St Johns County (since 1997) we have seen large numbers of the CryptoLocker Ransomware Virus attacks over the past months in what can only be called epidemic proportions. Once you have been attacked by the CryptoLocker Ransomware Virus your data is unrecoverable without paying the cybercrimnal a ransom, and there is no guarrantee the criminal wil restore your files and data after you pay the ransom!

 

   Big Vulnerability in Hotel Wi-Fi Router Puts Guests at Risk  

 

Do not follow unsolicited web links in email and use caution when opening email attachments. Refer to the Security Tip Avoiding Social Engineering and Phishing Attacks for more information on social engineering attacks.

* Tech Source News  Newspaper
 
Topics on this page
* New E-Scams & Warnings
* Cybersecurity Lab
* Play the Cybersecurity Lab
  Game
* U.S. Computer Emergency
  Readiness Team (US-CERT)
* National Vulnerability Database
* Computer Security Division
  Computer
* Security Resource Center
  (CSRC)
* National Cyber Security
  Alliance (NCSA)
* Federal Trade Commission's
  OnGuard
Videos
NOVA PBS: Cybersecurity 101
NOVA PBS: The Secret Lives of Hackers
NOVA PBS: Cyber Codes
NOVA PBS: A Cyber Privacy Parable
PBS NEWSHOUR: College Students Combat Hackers
 
*

What are rootkits and botnets?

* Recognizing Fake Antiviruses
* What is a social engineering
  attack?
* Preventing and Responding to
  Identity Theft
* Cyber Security Tips
* Home Network Security
* Dealing With Cyberbullies
* The Internet Crime Complaint
  Center (IC3)  www.ic3.gov
* Internet Crime Prevention Tips
* Internet Crime Schemes
* Highly Resilient Peer-to-Peer Botnets Are Here: An Analysis of Gameover Zeus
  Understanding Hidden Threats: R
   

US-CERT Tips

Tips describe and offer advice about common security issues for non-technical computer users. Sign up to receive these security tips in your inbox or subscribe to the US-CERT RSS feed.

 

 

 

 

'One Ring' Wireless Phone Scam

 

Using Caution with Email Attachments

 

Spear-Phishing Attacks  by Cyber Criminals Compromise Computer Networks

 

Reveton FBI Ransomware Targeting OS X Mac

Crypto Locker Virus Destroys Important Files Permanently!

 

Holiday Shopping Tips

 

Spear-Phishing Attacks  by Cyber Criminals Compromise Computer Networks

 

Reveton FBI Ransomware Targeting OS X Mac

“FBI Ransomware” Moneypak Virus

 

The Risks Of Using Portable Devices

 

Regin Malware is a sophisticated backdoor Trojan

 

Targeted Destructive Malware attacks share drives

Apple iOS "Masque Attack" Technique

 

Malware Targeting Point of Sale Systems

 

A look at Point of Sale RAM scraper malware and how it works

 

Understanding Hidden Threats: Rootkits and Botnets

Lenovo Superfish Adware Vulnerable to HTTPS Spoofing

 

The Directory Listing Scam

 

The Supply Swindle

 

The URL Hustle

 

The Charity Con

 

The Check Cheat

How can I protect my business?

 
  Fiat Chrysler is recalling about 1.4 million cars and trucks in the U.S. after two hackers were able to take control of a Jeep over the Internet. (July 24, 2015) 

 Story Here

 
     

Alert (TA15-098A)

AAEH   https://www.us-cert.gov/ncas/alerts/TA15-098A

 

Original release date: April 09, 2015

Systems Affected

  • Microsoft Windows 95, 98, Me, 2000, XP, Vista, 7, and 8
  • Microsoft Server 2003, Server 2008, Server 2008 R2, and Server 2012

Overview

AAEH is a family of polymorphic downloaders created with the primary purpose of downloading other malware, including password stealers, rootkits, fake antivirus, and ransomware.

The United States Department of Homeland Security (DHS), in collaboration with Europol, the Federal Bureau of Investigation (FBI) and the Department of Justice (DOJ), released this Technical Alert to provide further information about the AAEH botnet, along with prevention and mitigation recommendations.

Description

AAEH is often propagated across networks, removable drives (USB/CD/DVD), and through ZIP and RAR archive files. Also known as VObfus, VBObfus, Beebone or Changeup, the polymorphic malware has the ability to change its form with every infection. AAEH is a polymorphic downloader with more than 2 million unique samples. Once installed, it morphs every few hours and rapidly spreads across the network.  AAEH has been used to download other malware families, such as Zeus, Cryptolocker, ZeroAccess, and Cutwail.

Impact

A system infected with AAEH may be employed to distribute malicious software, harvest users' credentials for online services, including banking services, and extort money from users by encrypting key files and then demanding payment in order to return the files to a readable state. AAEH is capable of defeating anti-virus products by blocking connections to IP addresses associated with Internet security companies and by preventing anti-virus tools from running on infected machines.  

Solution

Users are recommended to take the following actions to remediate AAEH infections:

References

Revisions

  • April 9, 2015: Initial Release

 

 
'One Ring' Wireless Phone Scam 
 

The FCC has recently learned of a new phone scam targeting wireless consumers. Thursday March 26, 2015     Compiled from http://www.fcc.gov/guides/one-ring-wireless-phone-scam

Some wireless consumers are receiving calls from phone numbers with three-digit area codes that appear to be domestic, but are actually associated with international pay-per-call phone numbers.  These calls often disconnect after one ring, not giving the consumer time to answer the call and tempting them to return the call.  If you receive a call like this and do not recognize the number of the incoming call, do not return the call.

If you return the phone call, you may be connected to an international hotline than can charge a fee just for connecting, along with significant per-minute fees if they can keep you on the phone.  These charges may show up on your bill as premium services.

This scam appears to be a variation of an old long distance phone scam that tricks consumers into receiving high charges on their phone bills.  In the past, telephone consumers have been fooled into making expensive international calls by scam artists who leave messages on consumers' answering machines or their email accounts.  The messages urge consumers to call a number with an "809," "284," "876" or some other area code to collect a prize, find out about a sick relative, or engage in sex talk.

How the Scam Works

  • Your wireless phone rings once or twice and then disconnects the call.  When the number appears in your wireless phone log as a missed call, it appears to be a typical domestic telephone number; or you get an email or voicemail telling you to call a phone number with an "809", "284", "876" or some other three-digit international area code.
  • When you return the call, you assume you are making a domestic long distance call – as "649," "809," "284," "876" and other area codes involved in this scam, appear to be typical three-digit U.S. area codes.  When you dial the three-digit area code plus the number, however, you are connected to a phone number outside the United States, often in Canada or the Caribbean, and are charged expensive international call rates, and may be charged for pay-per-call services as well.  (For example, "649" goes to the Turks and Caicos, "809" goes to the Dominican Republic, "284" goes to the British Virgin Islands, and "876" goes to Jamaica.) 
  • You don't find out about the higher international call rates until you receive your phone bill.

How You Can Best Avoid the Scam

  • Check any unfamiliar area codes before returning calls.
  • Be aware that many 3-digit area codes (mostly in the Caribbean) connect callers to international telephone numbers.
  • If you do not otherwise make international calls, ask your local or wireless phone company to block outgoing international calls on your line.

What to Do If You Are a Victim of This Scam

If you are billed for a call you made as a result of this scam, first try to resolve the matter with your telephone company.  If you are unable to resolve it directly, you can file a complaint with the FCC.  There is no charge for filing a complaint.  You can file your complaint using an FCC online complaint form found at www.fcc.gov/complaints.  You can also file your complaint with the FCC's Consumer Center by calling 1-888-CALL-FCC (1-888-225-5322) voice or 1-888-TELL-FCC (1-888-835-5322) TTY; faxing 1-866-418-0232; or writing to:

Federal Communications Commission
Consumer & Governmental Affairs Bureau
Consumer Inquiries and Complaints Division
445 12th Street, SW
Washington, DC  20554

 
 

Security Alert SA31-043: Crypto Locker Virus Destroys Important Files Permanently!

Wednesday March 18, 2015     Compiled from https://www.us-cert.gov/ncas/alerts/TA13-309A

Systems Affected

Microsoft Windows systems running Windows 8, Windows 7, Vista, and XP operating systems

Overview

US-CERT is aware of a malware campaign that surfaced in 2013 and is associated with an increasing number of ransomware infections. CryptoLocker is a new variant of ransomware that restricts access to infected computers and demands the victim provide a payment to the attackers in order to decrypt and recover their files. As of this time, the primary means of infection appears to be phishing emails containing malicious attachments.

Description

CryptoLocker appears to have been spreading through fake emails designed to mimic the look of legitimate businesses and through phony FedEx and UPS tracking notices.  In addition, there have been reports that some victims saw the malware appear following after a previous infection from one of several botnets frequently leveraged in the cyber-criminal underground.

Impact

The malware has the ability to find and encrypt files located within shared network drives, USB drives, external hard drives, network file shares and even some cloud storage drives.  If one computer on a network becomes infected, mapped network drives could also become infected. CryptoLocker then connects to the attackers’ command and control (C2) server to deposit the asymmetric private encryption key out of the victim’s reach.

Victim files are encrypted using asymmetric encryption. Asymmetric encryption uses two different keys for encrypting and decrypting messages. Asymmetric encryption is a more secure form of encryption as only one party is aware of the private key, while both sides know the public key.

While victims are told they have three days to pay the attacker through a third-party payment method (MoneyPak, Bitcoin), some victims have claimed online that they paid the attackers and did not receive the promised decryption key.  US-CERT and DHS encourage users and administrators experiencing a ransomware infection to report the incident to the FBI at the Internet Crime Complaint Center (IC3).

Solution

Prevention

US-CERT recommends users and administrators take the following preventative measures to protect their computer networks from a CryptoLocker infection:

Mitigation

US-CERT suggests the following possible mitigation steps that users and administrators can implement, if you believe your computer has been infected with CryptoLocker malware:

  • Users who are infected with the malware should consult with a reputable security expert to assist in removing the malware.
  • If possible, change all online account passwords and network passwords after removing the system from the network. Change all system passwords once the malware is removed from the system.
  • If your computer has not yet been encrypted with the CryptoLocker malware, the tools listed in TA14-150A may be able to remove this malware from your machine.
  • FireEye and Fox-IT have created a web portal (link is external) claiming to restore/decrypt files of CryptoLocker victims. US-CERT has performed no evaluation of this claim, but is providing a link to enable individuals to make their own determination of suitability for their needs. At present, US-CERT is not aware of any other product that claims similar functionality. (Note: DHS and Flickertronics does not endorse any private sector product or service.  The link above is provided for informational purposes only.)

References

Revisions

  • November 5, 2013: Initial Release
  • November 13, 2013: Update to Systems Affected (inclusion of Windows 8)
  • November 15, 2013: Updates to Impact and Prevention sections.
  • November 18, 2013: Updated Prevention and Mitigation Sections
  • June 2, 2014: Update to include GameOver Zeus Alert (TA14-150A) reference in Mitigation Section
  • August 15, 2014: Updated Mitigation section for FireEye and Fox-IT
 
 

Security Tip (ST04-010)

Using Caution with Email Attachments

Original release date: September 10, 2009 | Last revised: February 06, 2013

While email attachments are a popular and convenient way to send documents, they are also a common source of viruses. Use caution when opening attachments, even if they appear to have been sent by someone you know.

Why can email attachments be dangerous?

Some of the characteristics that make email attachments convenient and popular are also the ones that make them a common tool for attackers:

  • Email is easily circulated - Forwarding email is so simple that viruses can quickly infect many machines. Most viruses don't even require users to forward the email—they scan a users' computer for email addresses and automatically send the infected message to all of the addresses they find. Attackers take advantage of the reality that most users will automatically trust and open any message that comes from someone they know.
  • Email programs try to address all users' needs - Almost any type of file can be attached to an email message, so attackers have more freedom with the types of viruses they can send.
  • Email programs offer many "user-friendly" features - Some email programs have the option to automatically download email attachments, which immediately exposes your computer to any viruses within the attachments.

What steps can you take to protect yourself and others in your address book?

  • Be wary of unsolicited attachments, even from people you know - Just because an email message looks like it came from your mom, grandma, or boss doesn't mean that it did. Many viruses can "spoof" the return address, making it look like the message came from someone else. If you can, check with the person who supposedly sent the message to make sure it's legitimate before opening any attachments. This includes email messages that appear to be from your ISP or software vendor and claim to include patches or anti-virus software. ISPs and software vendors do not send patches or software in email.
  • Keep software up to date - Install software patches so that attackers can't take advantage of known problems or vulnerabilities (see Understanding Patches for more information). Many operating systems offer automatic updates. If this option is available, you should enable it.
  • Trust your instincts - If an email or email attachment seems suspicious, don't open it, even if your anti-virus software indicates that the message is clean. Attackers are constantly releasing new viruses, and the anti-virus software might not have the signature. At the very least, contact the person who supposedly sent the message to make sure it's legitimate before you open the attachment. However, especially in the case of forwards, even messages sent by a legitimate sender might contain a virus. If something about the email or the attachment makes you uncomfortable, there may be a good reason. Don't let your curiosity put your computer at risk.
  • Save and scan any attachments before opening them - If you have to open an attachment before you can verify the source, take the following steps:
    1. Be sure the signatures in your anti-virus software are up to date (see Understanding Anti-Virus Software for more information).
    2. Save the file to your computer or a disk.
    3. Manually scan the file using your anti-virus software.
    4. If the file is clean and doesn't seem suspicious, go ahead and open it.
  • Turn off the option to automatically download attachments - To simplify the process of reading email, many email programs offer the feature to automatically download attachments. Check your settings to see if your software offers the option, and make sure to disable it.
  • Consider creating separate accounts on your computer - Most operating systems give you the option of creating multiple user accounts with different privileges. Consider reading your email on an account with restricted privileges. Some viruses need "administrator" privileges to infect a computer.
  • Apply additional security practices - You may be able to filter certain types of attachments through your email software (see Reducing Spam) or a firewall (see Understanding Firewalls).

Both the National Cyber Security Alliance and US-CERT have identified this topic as one of the top tips for home users.

Authors

Mindi McDowell and Allen Householder

 

New E-Scams & Warnings

To report potential e-scams, please go the Internet Crime Complaint Center and file a report. Note: the FBI does not send mass e-mails to private citizens about cyber scams, so if you received an e-mail that claims to be from the FBI Director or other top official, it is most likely a scam.

If you receive unsolicited e-mail offers or spam, you can forward the messages to the Federal Trade Commission at spam@uce.gov.

Below are some recent scams and warnings.

Holiday Shopping Tips

11/26/13—The FBI reminds holiday shoppers to beware of cyber criminals who are out to steal money and personal information. Scammers use many techniques to defraud consumers, from phishing e-mails offering too good to be true deals on brand-name merchandise to offering quick cash to victims who will re-ship packages to additional destinations. Previously reported scams are still being executed today.

While monitoring credit reports on an annual basis and reviewing account statements each month is always a good idea, consumers should keep a particularly watchful eye on their personal credit information at this time of year. Scrutinizing credit card bills for any fraudulent activity can help to minimize victims’ losses. Unrecognizable charges listed on a credit card statement are often the first time consumers realize their personally identifiable information has been stolen.

Bank transactions and correspondence from financial institutions should also be closely reviewed. Bank accounts can often serve as a target for criminals to initiate account takeovers or commit identity theft by creating new accounts in the victims’ name. Consumers should never click on a link embedded in an e-mail from their bank, but rather open a new webpage and manually enter the URL (web address), because phishing scams often start with phony e-mails that feature the bank’s name and logo.

When shopping online, make sure to use reputable sites. Often consumers are shown specials on the web, or even in e-mail offers, that look too good to be true. These sites are used to capture personally identifiable information, including credit card numbers, addresses and phone numbers to make fraudulent transactions. It’s best to shop on sites with which you are familiar and that have an established reputation as trusted online retailers, according to the MRC, a nonprofit that supports and promotes operational excellence for fraud, payments and risk professionals within eCommerce.

If you look for an item or company name through a search engine site, scrutinize the results listed before going to a website. Do not automatically click on the first result, even if it looks identical or similar to the desired result. Many fraudsters go to extreme lengths to have their own website appear ahead of a legitimate company on popular search engines. Their website may be a mirrored version of a popular website, but with a slightly different URL.

Purchases made on these sites could result in one or more of the following consequences: never receiving the item, having your credit card details stolen, or downloading malware/computer virus to your computer. Before clicking on a result in a search engine, inspect the URL of the destination website. Look for any misspellings or extra characters such as a period or comma as these are indicative of fraud. When taken to the payment page of a website, again verify the URL and ensure it is secure by starting with “HTTPS,” not just “HTTP.”

Here are some additional tips you can use to avoid becoming a victim of cyber fraud:

  • Do not respond to unsolicited (spam) e-mail.
  • Do not click on links contained within an unsolicited e-mail.
  • Be cautious of e-mail claiming to contain pictures in attached files; the files may contain viruses. Only open attachments from known senders. Scan the attachments for viruses if possible.
  • Avoid filling out forms contained in e-mail messages that ask for personal information.
  • Always compare the link in the e-mail to the link you are actually directed to and determine if they match and will lead you to a legitimate site.
  • Log on directly to the official website for the business identified in the e-mail instead of “linking” to it from an unsolicited e-mail. If the e-mail appears to be from your bank, credit card issuer, or other company you deal with frequently, your statements or official correspondence from the business will provide the proper contact information.
  • Contact the actual business that supposedly sent the e-mail to verify that the e-mail is genuine.
  • If you are requested to act quickly or there is an emergency that requires your attention, it may be a scam. Fraudsters create a sense of urgency to get you to act quickly.
  • Remember if it looks too good to be true, it probably is.

Finally, check these additional sources to become even more informed on safe online shopping. Previous Holiday Shopping Tips public service announcements can be viewed on IC3.gov at the following links: http://www.ic3.gov/media/2012/121120.aspx, http://www.ic3.gov/media/2011/111121.aspx, and http://www.ic3.gov/media/2010/101118.aspx.

US-CERT posted a Holiday Season Phishing Scams and Malware Campaigns release on November 19, 2013, reminding consumers to stay aware of seasonal scams. The entire alert can be viewed at https://www.us-cert.gov/ncas/current-activity/2013/11/19/Holiday-Season-Phishing-Scams-and-Malware-Campaigns.

CryptoLocker Ransomware Encrypts Users' Files

10/28/13—The FBI is aware of a file encrypting Ransomware known as CryptoLocker. Businesses are receiving e-mails with alleged customer complaints containing an attachment that when opened, appears as a window and is in fact a malware downloader. This downloader then downloads and installs the actual CryptoLocker malware.

The verbiage in the window states that important files have been encrypted using a unique public key generated for the computer. To decrypt the files, you need to obtain the private key. A copy of the private key is located on a remote server that will destroy the key after the specified time shown in the window. The attackers demand a ransom of $300 to be paid in order to decrypt the files.

Unfortunately, once the encryption of the files is complete, decryption is not feasible. To obtain the file specific Advanced Encryption Standard (AES) key to decrypt a file, you need the private RSA key (an algorithm for public key cryptography) corresponding to the RSA public key generated for the victim’s system by the command and control server. However, this key never leaves the command and control server, putting it out of reach of everyone except the attacker. The recommended solution is to scrub your hard drive and restore encrypted files from a backup.

As with any virus or malware, the way to avoid it is with safe browsing and e-mail habits. Specifically, in this case, be wary of e-mail from senders you don’t know and never open or download an attachment unless you’re sure you know what it is and that it’s safe. Be especially wary of unexpected e-mail from postal/package services and dispute notifications.

If you have been a victim of an Internet scam, please file a complaint at www.ic3.gov.

Citadel Malware Continues to Deliver Reveton Ransomware in Attempts to Extort Money

07/27/13—The FBI’s Internet Crime Complaint Center (IC3) and the Department of Homeland Security (DHS) have recently received complaints regarding a ransomware campaign using the name of DHS to extort money from unsuspecting victims.

In May 2012, the IC3 posted an alert about the Citadel malware platform used to deliver ransomware known as Reveton. The ransomware directs victims to a download website, at which time it is installed on their computers. Ransomware is used to intimidate victims into paying a fine to “unlock” their computers. The ransomware has been called “FBI Ransomware” because it frequently uses the FBI’s name, but similar ransomware campaigns have used the names of other law enforcement agencies such as DHS and IC3.

As in other variations, the ransomware using the name of DHS produces a warning that accuses victims of violating various U.S. laws and locks their computers. To unlock their computers and avoid legal issues, victims are told they must pay a $300 fine via a prepaid money card.

This is not a legitimate communication from law enforcement, but rather is an attempt to extort money from the victim. If you have received this or something similar, do not follow the instructions in the warning, and do not attempt to pay the fine.

It is suggested that you:

  • Contact a reputable computer expert to assist with removing the malware.
  • File a complaint at www.IC3.gov.
  • Keep operating systems and legitimate antivirus and antispyware software updated.

 

Ransomware Purporting to be from the FBI is Targeting OS X Mac Users

07/18/13—In May 2012, the Internet Crime Complaint Center posted an alert about the Citadel malware platform used to deliver ransomware known as Reveton. The ransomware directs victims to a drive-by download website, at which time it is installed on their computers.  is used to intimidate victims into paying a fine to “unlock” their computers. Paying the fine does nothing to solve the problem with the computer; do not follow the ransomware instructions. The ransomware has been called “FBI Ransomware” because it uses the FBI’s name.

The newest version of ransomware targets OS X Mac users. This new version is not malware; it appears as a webpage that uses JavaScript to load numerous iframes (browser windows) and requires victims to close each iframe. The cyber criminals anticipate victims will pay the requested ransom before realizing all iframes need to be closed.

The ransomware is pushed to victims’ computers when they browse common websites, specifically when they query popular search terms. Once the web browser is exploited, the victim’s computer displays a pop-up warning that appears to be from the FBI. Cyber criminals use “FBI.gov” within the URL to make the warning appear more legitimate.

As the FBI saw in 2012, the warning accuses victims of violating various U.S. laws, then locks the user’s computer. To unlock the computer and avoid legal issues, victims are told they must pay a $300 fine via a prepaid money card. Attempts to close the warning page results in additional messages that reappear each time victims try to close their web browser.

The simplest way to remove the ransomware’s iframes is by clicking on the Safari menu and choosing the “Reset Safari,” option, making sure all check boxes are selected. You may also hold down the Shift key while relaunching Safari, which will prevent Safari from reopening windows and tabs from the previous session. Victims can also disable the reopening feature across OS X from the General pane of System Preferences.

Ransomware messages are an attempt to extort money. If you have received a ransomware message, do not follow payment instructions. Be sure to file a complaint at www.IC3.gov.

Cyber Criminals Continue to Use Spear-Phishing Attacks to Compromise Computer Networks

06/25/13—The FBI has seen an increase in criminals who use spear-phishing attacks to target multiple industry sectors. These attacks allow criminals to access private computer networks. They exploit that access to create fake identities, steal intellectual property, and compromise financial credentials to steal money from victims’ accounts.

In spear-phishing attacks, cyber criminals target victims because of their involvement in an industry or organization they wish to compromise. Often, the e-mails contain accurate information about victims obtained via a previous intrusion or from data posted on social networking sites, blogs, or other websites. This information adds a veneer of legitimacy to the message, increasing the chances the victims will open the e-mail and respond as directed.

Recent attacks have convinced victims that software or credentials they use to access specific websites needs to be updated. The e-mail contains a link for completing the update. If victims click the link, they are taken to a fraudulent website through which malicious software (malware) harvests details such as the victim’s usernames and passwords, bank account details, credit card numbers, and other personal information. The criminals can also gain access to private networks and cause disruptions or steal intellectual property and trade secrets.

To avoid becoming a victim, keep in mind that online businesses, including banks and merchants, typically will not ask for personal information, such as usernames and passwords, via e-mail. When in doubt either call the company directly or open your computer’s Internet browser and type the known website’s address. Don’t use the telephone number contained in the e-mail, which is likely to be fraudulent as well.

In general, avoid following links sent in e-mails, especially when the sender is someone you do not know or appears to be from a business advising that your account information needs updated.

Keep your computer’s anti-virus software and firewalls updated. Many of the latest browsers have a built-in phishing filter that should be enabled for additional protection.

If you believe you may have fallen victim to a spear-phishing attack, file a complaint with the FBI’s Internet Crime Complaint Center at www.ic3.gov/.

 

Cyber Criminals Using Photo-Sharing Programs to Compromise Computers

05/30/13—The FBI has seen an increase in cyber criminals who use online photo-sharing programs to perpetrate scams and harm victims’ computers. These criminals advertise vehicles online but will not provide pictures in the advertisement. They will send photos on request. Sometimes the photo is a single file sent as an e-mail attachment, and sometimes the victim receives a link to an online photo gallery.

The photos can and often contain malicious software that infects the victim’s computer, directing the user to fake websites that look nearly identical to the real sites where the original advertisement was seen. The cyber criminals run all aspects of these fake websites, including “tech support” or “live chat support” and any “recommended” escrow services. After the victim agrees to purchase the item and makes the payment, the criminals stop responding to correspondence. The victims never receive any merchandise.

The FBI urges consumers to protect themselves when shopping online. Here are a few tips for staying safe:

  • Be cautious if you lose an auction on an auction site but the seller contacts you later saying the original bidder fell through.
  • Make sure websites are secure and authenticated before you purchase an item online. Use only well-known escrow services.
  • Research to determine if a car dealership is real and how long it has been in business.
  • Be wary if the price for the item you’d like to buy is severely undervalued; if it is, the item is likely fraudulent.
  • Scan files before downloading them to your computer.
  • Keep your computer software, including the operating system, updated with the latest patches.
  • Ensure your anti-virus software and firewalls are current—they can help prevent malware infections.

If you have fallen victim to this type of scam, file a complaint with the Internet Crime Complaint Center at www.ic3.gov.

 

Citadel Malware Continues to Deliver Reveton Ransomware in Attempts to Extort Money

11/30/12—A new extortion technique is being deployed by cyber criminals using the Citadel malware platform to deliver Reveton ransomware. The latest version of the ransomware uses the name of the Internet Crime Complaint Center to frighten victims into sending money to the perpetrators. In addition to instilling a fear of prosecution, this version of the malware also claims that the user’s computer activity is being recorded using audio, video, and other devices.

As described in prior alerts on this malware, it lures the victim to a drive-by download website, at which time the ransomware is installed on the user’s computer. Once installed, the computer freezes and a screen is displayed warning the user they have violated United States Federal Law. The message further declares that a law enforcement agency has determined that a computer using the victim’s IP address has accessed child pornography and other illegal content.

To unlock the computer, the user is instructed to pay a fine using prepaid money card services. The geographic location of the user’s PC determines what payment services are offered. In addition to the ransomware, the Citadel malware continues to operate on the compromised computer and can be used to commit online banking and credit card fraud.

This is not a legitimate communication from the IC3, but rather is an attempt to extort money from the victim. If you have received this or something similar do not follow payment instruction.

It is suggested that you:

  • File a complaint at www.IC3.gov;
  • Keep operating systems and legitimate antivirus and antispyware software updated; and
  • Contact a reputable computer expert to assist with removing the malware.

Smartphone Users Should be Aware of Malware Targeting Mobile Devices and Safety Measures to Help Avoid Compromise

10/12/12—The IC3 has been made aware of various malware attacking Android operating systems for mobile devices. Some of the latest known versions of this type of malware are Loozfon and FinFisher. Loozfon is an information-stealing piece of malware. Criminals use different variants to lure the victims. One version is a work-at-home opportunity that promises a profitable payday just for sending out e-mail. A link within these advertisements leads to a website that is designed to push Loozfon on the user’s device. The malicious application steals contact details from the user’s address book and the infected device’s phone number.

FinFisher is a spyware capable of taking over the components of a mobile device. When installed the mobile device can be remotely controlled and monitored no matter where the Target is located. FinFisher can be easily transmitted to a smartphone when the user visits a specific web link or opens a text message masquerading as a system update.

Loozfon and FinFisher are just two examples of malware used by criminals to lure users into compromising their devices.

Safety tips to protect your mobile device:

  • When purchasing a smartphone, know the features of the device, including the default settings. Turn off features of the device not needed to minimize the attack surface of the device.
  • Depending on the type of phone, the operating system may have encryption available. This can be used to protect the user’s personal data in the case of loss or theft.
  • With the growth of the application market for mobile devices, users should look at the reviews of the developer/company who published the application.
  • Review and understand the permissions you are giving when you download applications.
  • Passcode protect your mobile device. This is the first layer of physical security to protect the contents of the device. In conjunction with the passcode, enable the screen lock feature after a few minutes of inactivity.
  • Obtain malware protection for your mobile device. Look for applications that specialize in antivirus or file integrity that helps protect your device from rogue applications and malware.
  • Be aware of applications that enable geo-location. The application will track the user’s location anywhere. This application can be used for marketing, but can also be used by malicious actors, raising concerns of assisting a possible stalker and/or burglaries.
  • Jailbreak or rooting is used to remove certain restrictions imposed by the device manufacturer or cell phone carrier. This allows the user nearly unregulated control over what programs can be installed and how the device can be used. However, this procedure often involves exploiting significant security vulnerabilities and increases the attack surface of the device. Anytime an application or service runs in “unrestricted” or “system” level within an operation system, it allows any compromise to take full control of the device.
  • Do not allow your device to connect to unknown wireless networks. These networks could be rogue access points that capture information passed between your device and a legitimate server.
  • If you decide to sell your device or trade it in, make sure you wipe the device (reset it to factory default) to avoid leaving personal data on the device.
  • Smartphones require updates to run applications and firmware. If users neglect this, it increases the risk of having their device hacked or compromised.
  • Avoid clicking on or otherwise downloading software or links from unknown sources.
  • Use the same precautions on your mobile phone as you would on your computer when using the Internet.

If you have been a victim of an Internet scam or have received an e-mail that you believe was an attempted scam, please file a complaint at www.IC3.gov.

 

Lawyers’ Identities Being Used for Fake Websites and Solicitations

09/14/12—A recent scam has surfaced in which the identify of a Texas attorney, who had not practiced in years, was used to set up a fake law firm website using the attorney’s maiden name, former office address, and portions of her professional biography. Other attorneys have complained about the use of their names and professional information to solicit legal work. All attorneys should be on the alert to this scam. If you become aware of the same or a similar situation involving your name and/or law firm, you should immediately report the incident to local authorities, your state Bar, and the FBI at the Internet Crime Complaint Center. Additionally, be sure to closely monitor your credit report or bank accounts to ensure that your identity is not the only thing being stolen. If you have been a victim of an Internet scam or have received an e-mail that you believe was an attempted scam, please file a complaint at www.IC3.gov.

 

Citadel Malware Continues to Deliver Reveton Ransomware in Attempts to Extort Money

08/07/12—The IC3 has been made aware of a new Citadel malware platform used to deliver ransomware named Reveton. The ransomware lures the victim to a drive-by download website, at which time the ransomware is installed on the user’s computer. Once installed, the computer freezes and a screen is displayed warning the user they have violated United States federal law. The message further declares the user’s IP address has been identified by the Federal Bureau of Investigation as visiting websites that feature child pornography and other illegal content.

To unlock the computer, the user is instructed to pay a fine to the U.S. Department of Justice using a prepaid money card service. The geographic location of the user’s IP address determines what payment services are offered. In addition to the ransomware, the Citadel malware continues to operate on the compromised computer and can be used to commit online banking and credit card fraud.

This is an attempt to extort money with the additional possibility of the victim’s computer being used to participate in online bank fraud. If you have received this or something similar, do not follow payment instructions. Infected computers may not operate normally. If your computer is infected, you may need to contact a local computer expert for assistance to remove the malware.

It is suggested that you:

  • File a complaint at www.IC3.gov.
  • Seek out a local computer expert to assist with removing the malware.

Related story
New Internet Scam: Ransomware Locks Computers, Demands Payment

Citadel Malware Delivers Reveton Ransomware in Attempts to Extort Money

05/30/12—The IC3 has been made aware of a new Citadel malware platform used to deliver ransomware, named Reveton. The ransomware lures the victim to a drive-by download website, at which time the ransomware is installed on the user’s computer. Once installed, the computer freezes and a screen is displayed warning the user they have violated United States federal law. The message further declares the user’s IP address was identified by the Computer Crime & Intellectual Property Section as visiting child pornography and other illegal content.

To unlock the computer, the user is instructed to pay a $100 fine to the U.S. Department of Justice using prepaid money card services. The geographic location of the user’s IP address determines what payment services are offered. In addition to the ransomware, the Citadel malware continues to operate on the compromised computer and can be used to commit online banking and credit card fraud.

This is an attempt to extort money with the additional possibility of the victim’s computer being used to participate in online bank fraud. If you have received this or something similar, do not follow payment instructions.

It is suggested that you:

  • Contact your banking institutions.
  • File a complaint at www.IC3.gov.

 

Malware Installed on Travelers’ Laptops Through Software Updates on Hotel Internet Connections

05/08/12—Recent analysis from the FBI and other government agencies demonstrates that malicious actors are targeting travelers abroad through pop-up windows while they are establishing an Internet connection in their hotel rooms.

Recently, there have been instances of travelers’ laptops being infected with malicious software while using hotel Internet connections. In these instances, the traveler was attempting to set up the hotel room Internet connection and was presented with a pop-up window notifying the user to update a widely used software product. If the user clicked to accept and install the update, malicious software was installed on the laptop. The pop-up window appeared to be offering a routine update to a legitimate software product for which updates are frequently available.

The FBI recommends that all government, private industry, and academic personnel who travel abroad take extra caution before updating software products through their hotel Internet connection. Checking the author or digital certificate of any prompted update to see if it corresponds to the software vendor may reveal an attempted attack. The FBI also recommends that travelers perform software updates on laptops immediately before traveling, and that they download software updates directly from the software vendor’s website if updates are necessary while abroad.

Anyone who believes they have been a target of this type of attack should immediately contact their local FBI office and promptly report it to the IC3’s website at www.IC3.gov. The IC3’s complaint database links complaints together to refer them to the appropriate law enforcement agency for case consideration. The complaint information is also used to identify emerging trends and patterns.

U.S. Law Firms Continue to be the Target of Counterfeit Check Scheme

03/12/12—The IC3 continues to receive reports of counterfeit check schemes targeting U.S. law firms. The scammers contact lawyers via e-mail, claiming to be overseas and requesting legal representation in collecting a debt from third parties located in the U.S. The law firms receive a retainer agreement and a check payable to the law firm. The firms are instructed to deposit the check, take out retainer fees, and wire the remaining funds to banks in China, Korea, Ireland, or Canada. After the funds are wired overseas, the checks are determined to be counterfeit.

In a slight variation of the scheme’s execution, the victim law firm receives an e-mail from what appears to be an attorney located in another state requesting assistance for a client. The client needs aid in collecting a debt from a company located in the victim law firm’s state. In some cases, the name of the referring attorney and the debtor company used in the e-mail were verified as legitimate entities and were being used as part of the scheme. The law firm receives a signed retainer agreement and a check made payable to the law firm from the alleged debtor. The client instructs the law firm to deposit the check and to wire the funds, minus all fees, to an overseas bank account. The law firm discovers after the funds are wired that the check is counterfeit.

Law firms should use caution when engaging in transactions with parties who are handling their business solely via e-mail, particularly those parties claiming to reside overseas. Attorneys who agree to represent a client in circumstances similar to those described above should consider incorporating a provision into their retainer agreement that allows the attorney to hold funds received from a debtor for a sufficient period of time to verify the validity of the check.

If you have been a victim of an internet scam or have received an e-mail that you believe was an attempted scam, please file a complaint at www.IC3.gov.

New Variation on Telephone Collection Scam Related to Delinquent Payday Loans

02/21/12—The Internet Crime Complaint Center (IC3) continues to receive complaints from victims of payday loan telephone collection scams. As previously reported in December 2010, the typical payday loan scam involves a caller who claims the victim is delinquent on a payday loan and must make payment to avoid legal consequences.

Callers pose as representatives of the FBI, “Federal Legislative Department,” various law firms, or other legitimate-sounding agencies and claim to be collecting debts for companies such as United Cash Advance, U.S. Cash Advance, U.S. Cash Net, or other Internet check-cashing services. The fraudsters relentlessly call the victim’s home, cell phone, and place of employment in attempts to obtain payment. The callers refuse to provide information regarding the alleged payday loan or any documentation and become verbally abusive when questioned.

The IC3 has observed variations of this scam in which the caller tells the victim that there are outstanding warrants for the victim’s arrest. The caller claims that the basis of the warrants is non-payment of the underlying loan and/or hacking. If it’s the latter, the caller tells the victim that he or she is wanted for hacking into a business’ computer system to steal customer information. The caller will then demand payment via debit/credit card; in other cases, the caller further instructs victims to obtain a prepaid card to cover the payment.

The high-pressure collection tactics used by the fraudsters have also evolved. In one recent complaint, a person posed as a process server and appeared at the victim’s job. In another instance, a phony process server came to a victim’s home. In both cases, after claiming to be serving a court summons, the alleged process server said the victim could avoid going to court if he or she provided a debit card number for repayment of the loan.

If you are contacted by someone who is trying to collect a debt that you do not owe, you should:

  • Contact your local law enforcement agencies if you feel you are in immediate danger;
  • Contact your bank(s) and credit card companies;
  • Contact the three major credit bureaus and request an alert be put on your file;
  • If you have received a legitimate loan and want to verify that you do not have any outstanding obligation, contact the loan company directly;
  • File a complaint at www.IC3.gov.

Timeshare Marketing Scams

01/25/12—Timeshare owners across the country are being scammed out of millions of dollars by unscrupulous companies that promise to sell or rent the unsuspecting victims’ timeshares. In the typical scam, timeshare owners receive unexpected or uninvited telephone calls or e-mails from criminals posing as sales representatives for a timeshare resale company. The representative promises a quick sale, often within 60-90 days. The sales representatives often use high-pressure sales tactics to add a sense of urgency to the deal. Some victims have reported that sales representatives pressured them by claiming there was a buyer waiting in the wings, either on the other line or even present in the office.

Timeshare owners who agree to sell are told that they must pay an upfront fee to cover anything from listing and advertising fees to closing costs. Many victims have provided credit cards to pay the fees ranging from a few hundred to a few thousand dollars. Once the fee is paid, timeshare owners report that the company becomes evasive—calls go unanswered, numbers are disconnected, and websites are inaccessible.

In some cases, timeshare owners who have been defrauded by a timeshare sales scheme have been subsequently contacted by an unscrupulous timeshare fraud recovery company as well. The representative from the recovery company promises assistance in recovering money lost in the sales scam. Some recovery companies require an up-front fee for services rendered, while others promise no fees will be paid unless a refund is obtained for the timeshare owner. The IC3 has identified some instances where people involved with the recovery company also have a connection to the resale company, raising the possibility that timeshare owners are being scammed twice by the same people.

If you are contacted by someone offering to sell or rent your timeshare, the IC3 recommends using caution. Listed below are tips you can use to avoid becoming a victim of a timeshare scheme:

  • Be wary if a company asks you for up-front fees to sell or rent your timeshare.
  • Read the fine print of any sales contract or rental agreement provided.
  • Check with the Better Business Bureau to ensure the company is reputable.

To obtain more information on Internet schemes, visit www.LooksTooGoodToBeTrue.com.

Anyone who believes they have been a victim of this type of scam should promptly report it to the IC3’s website at www.IC3.gov. The IC3’s complaint database links complaints together to refer them to the appropriate law enforcement agency for case consideration.

 

Situational Alert Regarding Charitable Contribution Schemes

08/26/11—In light of Hurricane Irene, the public is reminded to beware of fraudulent e-mails and websites claiming to conduct charitable relief efforts. To learn more about avoiding online fraud, please see “Tips on Avoiding Fraudulent Charitable Contribution Schemes” at: http://www.ic3.gov/media/2011/110311.aspx.

 

Malicious Software Features Usama bin Laden Links to Ensnare Unsuspecting Computer Users

The Internet Crime Complaint Center (IC3) urges computer users to not open unsolicited (spam) e-mails, including clicking links contained within those messages. Even if the sender is familiar, the public should exercise due diligence. Computer owners must ensure they have up-to-date firewall and anti-virus software running on their machines to detect and deflect malicious software.

The IC3 recommends the public do the following:

  • Adjust the privacy settings on social networking sites you frequent to make it more difficult for people you know and do not know to post content to your page. Even a “friend” can unknowingly pass on multimedia that’s actually malicious software.
  • Do not agree to download software to view videos. These applications can infect your computer.
  • Read e-mails you receive carefully. Fraudulent messages often feature misspellings, poor grammar, and nonstandard English.
  • Report e-mails you receive that purport to be from the FBI. Criminals often use the FBI’s name and seal to add legitimacy to their fraudulent schemes. In fact, the FBI does not send unsolicited e-mails to the public. Should you receive unsolicited messages that feature the FBI’s name, seal, or that reference a division or unit within the FBI or an individual employee, report it to the Internet Crime Complaint Center at www.ic3.gov.

 

E-Mails Containing Malware Sent to Businesses Concerning Their Online Job Postings

01/19/2011—Recent FBI analysis reveals that cyber criminals engaging in ACH/wire transfer fraud have targeted businesses by responding via e-mail to employment opportunities posted online. 

Recently, more than $150,000 was stolen from a U.S. business via unauthorized wire transfer as a result of an e-mail the business received that contained malware. The malware was embedded in an e-mail response to a job posting the business placed on an employment website and allowed the attacker to obtain the online banking credentials of the person who was authorized to conduct financial transactions within the company. The malicious actor changed the account settings to allow the sending of wire transfers, one to the Ukraine and two to domestic accounts. The malware was identified as a Bredolab variant, svrwsc.exe. This malware was connected to the ZeuS/Zbot Trojan, which is commonly used by cyber criminals to defraud U.S. businesses. 

The FBI recommends that potential employers remain vigilant in opening the e-mails of prospective employees. Running a virus scan prior to opening any e-mail attachments may provide an added layer of security against this type of attack. The FBI also recommends that businesses use separate computer systems to conduct financial transactions.  

For more information on this type of fraud and prevention tips, please refer to previous public service announcements at the links below:

Anyone who believes they have been a target this type of attack should immediately contact their financial institutions and local FBI office and promptly report it to the IC3’s website at www.ic3.gov. The IC3’s complaint database links complaints together to refer them to the appropriate law enforcement agency for case consideration. The IC3 also uses complaint information to identify emerging trends and patterns.
 

 

Telephone Collection Scam Related to Delinquent Payday Loans

12/01/2010—The IC3 receives a high volume of complaints from victims of payday loan telephone collection scams. In these scams, a caller claims that the victim is delinquent in a payday loan and must repay the loan to avoid legal consequences. The callers purport to be representatives of the FBI, Federal Legislative Department, various law firms, or other legitimate-sounding agencies. They claim to be collecting debts for companies such as United Cash Advance, U.S. Cash Advance, U.S. Cash Net, and other Internet check cashing services.

One of the most insidious aspects of this scam is that the callers have accurate information about the victims, including Social Security numbers, dates of birth, addresses, employer information, bank account numbers, and names and telephone numbers of relatives and friends. The method by which the fraudsters obtained the personal information is unclear, but victims often relay that they had completed online applications for other loans or credit cards before the calls began.

The fraudsters relentlessly call the victim’s home, cell phone, and place of employment. They refuse to provide to the victims any details of the alleged payday loans and become abusive when questioned. The callers threaten victims with legal actions, arrests, and in some cases physical violence if they refuse to pay. In many cases, the callers even resort to harassment of the victim’s relatives, friends, and employers. 

Some fraudsters instruct victims to fax a statement agreeing to pay a certain dollar amount, on a specific date, via prepaid visa card. The statement further declares that the victim would never dispute the debt. 

These telephone calls are an attempt to obtain payment by instilling fear in the victims. Do not follow the instructions of the caller.

If you receive telephone calls such as these, you should:

  • Contact your banking institutions;
  • Contact the three major credit bureaus and request an alert be put on your file;
  • Contact your local law enforcement agencies if you feel you are in immediate danger;
  • File a complaint at www.IC3.gov.

Fraudulent Notification Deceives Consumers Out of Thousands of Dollars

11/29/2010—The IC3 continues to receive reports of letters and e-mails being distributed pursuant to prize sweepstakes or lottery schemes. These schemes use counterfeit checks that bear legitimate-looking logos of various financial institutions to fool victims into sending money to the fraudsters.
 
Fraudsters tell victims they won a sweepstakes or lottery, but to receive a lump sum payout, they must pay the taxes and processing fees upfront. Fraudsters direct individuals to call a telephone number to initiate a letter of instructions. The letter alleges that the victim may elect to take an advance on the winnings to make the required upfront payment. The letter includes a check in the amount of the alleged taxes and fees, along with processing instructions. Ultimately, victims believe they are using the advance to make the required upfront payment, but in reality they are falling prey to the scheme.

The victim deposits the check into their own bank, which credits the account for the amount of the check before the check clears. The victim immediately withdraws the money and wires it to the fraudsters. Afterwards, the check proves to be counterfeit and the bank pulls the respective funds from the victim’s account, leaving the victim liable for the amount of the counterfeit check plus any additional fees the bank may charge.

Persons may fall victim to this scheme due to the allure of easy money and the apparent legitimacy of the check the fraudsters include in the letter of instruction. The alleged cash prizes and locations of the financial institutions vary.

Tips to avoid being scammed:

  • A federal statute prohibits mailing lottery tickets, advertisements, or payments to purchase tickets in a foreign lottery.
  • Be leery if you do not remember entering a lottery or sweepstakes.
  • Beware of lotteries or sweepstakes that charge a fee prior to delivering your prize.
  • Be wary of demands to send additional money as a requirement to be eligible for future winnings.


If you have been a victim of this type of scam or any other cyber crime, you can report it to the IC3 at www.IC3.gov. The IC3 complaint database links complaints for potential referral to law enforcement for case consideration. Complaint information is also used to identify emerging trends and patterns to alert the public to new criminal schemes.

 


Holiday Shopping Tips

11/15/2010—This holiday season, the FBI reminds shoppers that cyber criminals aggressively create new ways to steal money and personal information. Scammers use many techniques to fool potential victims, including conducting fraudulent auction sales, reshipping merchandise purchased with stolen credit cards, and selling fraudulent or stolen gift cards through auction sites at discounted prices.
 
Fraudulent Classified Ads and Auction Sales
 
Internet criminals post classified ads and auctions for products they do not have and make the scam work by using stolen credit cards. Fraudsters receive an order from a victim, charge the victim’s credit card for the amount of the order, then use a separate, stolen credit card for the actual purchase. They pocket the purchase price obtained from the victim’s credit card and have the merchant ship the item directly to the victim. Consequently, an item purchased from an online auction but received directly from the merchant is a strong indication of fraud. Victims of such a scam not only lose the money paid to the fraudster, but may be liable for receiving stolen goods.
 
Shoppers may help avoid these scams by using caution and not providing financial information directly to the seller, as fraudulent sellers will use this information to purchase items for their schemes. Always use a legitimate payment service to ensure a safe, legitimate purchase.
 
As for product delivery, fraudsters posing as legitimate delivery services offer reduced or free shipping to customers through auction sites. They perpetuate this scam by providing fake shipping labels to the victim. The fraudsters do not pay for delivery of the packages; therefore, delivery service providers intercept the packages for nonpayment and the victim loses the money paid for the purchase of the product.
 
Diligently check each seller’s rating and feedback along with their number of sales and the dates on which feedback was posted. Be wary of a seller with 100 percent positive feedback, with a low total number of feedback postings, or with all feedback posted around the same date and time. 
 
Gift Card Scam
 
Be careful when purchasing gift cards through auction sites or classified ads. It is safest to purchase gift cards directly from the merchant or retail store. If the gift card merchant discovers that your card is fraudulent, the merchant will deactivate the gift card and refuse to honor it for purchases. Victims of this scam lose the money paid for the gift card purchase.
 
Phishing and Smishing Schemes
 
In phishing schemes, a fraudster poses as a legitimate entity and uses e-mail and scam websites to obtain victims’ personal information, such as account numbers, user names, passwords, etc. Smishing is the act of sending fraudulent text messages to bait a victim into revealing personal information.
 
Be leery of e-mails or text messages that indicate a problem or question regarding your financial accounts. In this scam, fraudsters direct victims to follow a link or call a number to update an account or correct a purported problem. The link directs the victim to a fraudulent website or message that appears legitimate. Instead, the site allows the fraudster to steal any personal information the victim provides.
 
Current smishing schemes involve fraudsters calling victims’ cell phones offering to lower the interest rates for credit cards the victims do not even possess. If a victim asserts that they do not own the credit card, the caller hangs up. These fraudsters call from TRAC cell phones that do not have voicemail, or the phone provides a constant busy signal when called, rendering these calls virtually untraceable.
 
Another scam involves fraudsters directing victims, via e-mail, to a spoofed website. A spoofed website is a fake site that misleads the victim into providing personal information, which is routed to the scammer’s computer.
 
Phishing schemes related to deliveries are also rampant. Legitimate delivery service providers neither e-mail shippers regarding scheduled deliveries nor state when a package is intercepted or being temporarily held. Consequently, e-mails informing of such delivery issues are phishing scams that can lead to personal information breaches and financial losses. 
 
Tips
 
Here are some tips you can use to avoid becoming a victim of cyber fraud:

  • Do not respond to unsolicited (spam) e-mail.
  • Do not click on links contained within an unsolicited e-mail.
  • Be cautious of e-mail claiming to contain pictures in attached files, as the files may contain viruses. Only open attachments from known senders. Scan the attachments for viruses if possible.
  • Avoid filling out forms contained in e-mail messages that ask for personal information.
  • Always compare the link in the e-mail with the link to which you are directed and determine if they match and will lead you to a legitimate site.
  • Log directly onto the official website for the business identified in the e-mail, instead of “linking” to it from an unsolicited e-mail. If the e-mail appears to be from your bank, credit card issuer, or other company you deal with frequently, your statements or official correspondence from the business will provide the proper contact information.
  • Contact the actual business that supposedly sent the e-mail to verify if the e-mail is genuine.
  • If you are asked to act quickly, or there is an emergency, it may be a scam. Fraudsters create a sense of urgency to get you to act quickly.
  • Verify any requests for personal information from any business or financial institution by contacting them using the main contact information.
  • Remember if it looks too good to be true, it probably is.


To receive the latest information about cyber scams, sign up for e-mail alerts on this website. If you have received a scam e-mail, please notify the IC3 by filing a complaint at www.ic3.gov.

 

Involvement in Criminal Activity Through Work-From-Home Scams

10/20/10—Consumers continue to lose money from work-from-home scams that assist cyber criminals move stolen funds. Worse yet, due to their deliberate or unknowing participation in the scams, these individuals may face criminal charges. Work-from-home scam victims are often recruited by organized cyber criminals through newspaper ads, online employment services, unsolicited emails or “spam” ,one and social networking sites advertising work-from-home opportunities. Once recruited, however, rather than becoming an employee of a legitimate business, the consumer is actually a “mule” for cyber criminals who use the consumer’s or other victim’s accounts to steal and launder money. In addition, the consumer’s own identity or account may be compromised by the cyber criminals.  More


Cyber Criminals Take Over Corporate Accounts

10/20/10—Cyber criminals are targeting the financial accounts of owners and employees of small and medium sized businesses, resulting in significant business disruption and substantial monetary losses due to fraudulent transfers from these accounts. Often these funds may not be recovered. More


Claims of Being Stranded Swindle Consumers Out of Thousands of Dollars

07/01/10—The IC3 continues to receive reports of individuals’ e-mail or social networking accounts being compromised and used in a social engineering scam to swindle consumers out of thousands of dollars. Portraying to be the victim, the hacker uses the victim’s account to send a notice to their contacts. The notice claims the victim is in immediate need of money due to being robbed of their credit cards, passport, money, and cell phone; leaving them stranded in London or some other location. Some claim they only have a few days to pay their hotel bill and promise to reimburse upon their return home. A sense of urgency to help their friend/contact may cause the recipient to fail to validate the claim, increasing the likelihood of them falling for this scam.

If you receive a similar notice and are not sure it is a scam, you should always verify the information before sending any money.

If you have been a victim of this type of scam or any other Cyber crime, you can report it to the IC3 website at www.IC3.gov. The IC3 complaint database links complaints for potential referral to the appropriate law enforcement agency for case consideration. Complaint information is also used to identity emerging trends and patterns.


Fraudulent Telephone Calls Allow Fraudsters Access to Consumer Financial and Brokerage Accounts

06/21/10—The FBI Newark Division released a warning to consumers concerning a new scheme using telecommunications denial-of-service (TDoS) attacks.

The FBI determined fraudsters compromised victim accounts and contacted financial institutions to change the victim profile information (i.e., e-mail addresses, telephone numbers, and bank account numbers).

The TDoS attacks used automated dialing programs and multiple accounts to overwhelm victims’ cell phones and land lines with thousands of calls. When victims answered the calls they heard dead air (nothing on the other end), an innocuous recorded message, advertisement, or a telephone sex menu. Calls were typically short in duration but so numerous that victims changed their phone numbers to terminate the attack.

These TDoS attacks were used as a diversion to prevent financial and brokerage institutions from verifying victim account changes and transactions. Fraudsters were afforded adequate time to transfer funds from victim brokerage and financial online accounts.

Protection from TDoS attacks and other types of fraud requires consumers to be vigilant and proactive. In Newark’s Public Service Announcement (PSA), they recommend the following guidelines for consumers to protect themselves:

  • Implement security measures for all financial accounts by placing fraud alerts with the major credit bureaus if you believe they were targeted by a TDoS attack or other forms of fraud.
  • Use strong passwords for all financial accounts and change them regularly.
  • Obtain and review your annual credit report for fraudulent activity.

If you were a target of a TDoS attack, immediately contact your financial institutions, notify your telephone provider, and promptly report it to the IC3 website at www.ic3.gov. The IC3 complaint database links complaints to assist in referrals to the appropriate law enforcement agency for case consideration. The complaint information is also used to identity emerging trends and patterns.

Resources:
-
The Latest Phone Scam: Targets Your Bank Account
-
FBI Newark Public Service Announcement


Rental and Real Estate Scams

03/12/10—Individuals need to be cautious when posting rental properties and real estate on-line. The IC3 continues to receive numerous complaints from individuals who have fallen victim to scams involving rentals of apartments and houses, as well as postings of real estate online.

Rental scams occur when the victim has rental property advertised and is contacted by an interested party. Once the rental price is agreed-upon, the scammer forwards a check for the deposit on the rental property to the victim. The check is to cover housing expenses and is, either written in excess of the amount required, with the scammer asking for the remainder to be remitted back, or the check is written for the correct amount, but the scammer backs out of the rental agreement and asks for a refund. Since the banks do not usually place a hold on the funds, the victim has immediate access to them and believes the check has cleared. In the end, the check is found to be counterfeit and the victim is held responsible by the bank for all losses.

Another type of scam involves real estate that is posted via classified advertisement websites. The scammer duplicates postings from legitimate real estate websites and reposts these ads, after altering them. Often, the scammers use the broker’s real name to create a fake e-mail, which gives the fraud more legitimacy. When the victim sends an e-mail through the classified advertisement website inquiring about the home, they receive a response from someone claiming to be the owner. The “owner” claims he and his wife are currently on missionary work in a foreign country. Therefore, he needs someone to rent their home while they are away. If the victim is interested in renting the home, they are asked to send money to the owner in the foreign country.

If you have been a victim of Internet crime, please file a complaint at http://www.IC3.gov/.

 

New Twist on Counterfeit Check Schemes Targeting U.S. Law Firms

01/21/10—The FBI continues to receive reports of counterfeit check schemes targeting U.S. law firms. As previously reported, scammers send e-mails to lawyers, claiming to be overseas and seeking legal representation to collect delinquent payments from third parties in the U.S. The law firm receives a retainer agreement, invoices reflecting the amount owed, and a check payable to the law firm. The firm is instructed to extract the retainer fee, including any other fees associated with the transaction, and wire the remaining funds to banks in Korea, China, Ireland, or Canada. By the time the check is determined to be counterfeit, the funds have already been wired overseas.

In a new twist, the fraudulent client seeking legal representation is an ex-wife “on assignment” in an Asian country, and she claims to be pursuing a collection of divorce settlement monies from her ex-husband in the U.S. The law firm agrees to represent the ex-wife, sends an e-mail to the ex-husband, and receives a “certified” check for the settlement via delivery service. The ex-wife instructs the firm to wire the funds, less the retainer fee, to an overseas bank account. When the scam is executed successfully, the law firm wires the money before discovering the check is counterfeit.

All Internet users need to be cautious when they receive unsolicited e-mails. Law firms are advised to conduct as much due diligence as possible before engaging in transactions with parties who are handling their business solely via e-mail, particularly those parties claiming to reside overseas.

Please view an additional public service announcement posted to the IC3 website regarding a similar Asian extortion scheme. Individuals who receive information pertaining to counterfeit check schemes are encouraged to file a complaint at www.IC3.gov.


Mystery/Secret Shopper Schemes

01/20/10—The IC3 has been alerted to an increase in employment schemes pertaining to mystery/secret shopper positions. Many retail and service corporations hire evaluators to perform secret or random checks on themselves or their competitors, and fraudsters are capitalizing on this employment opportunity.

Victims have reported to the IC3 they were contacted via e-mail and U.S. mail to apply to be a mystery shopper. Applicants are asked to send a resume and are purportedly subject to an extensive background check before being accepted as a mystery shopper. The employees are sent a check with instructions to shop at a specified retailer for a specific length of time and spend a specific amount on merchandise from the store. The employees receive instructions to take note of the store’s environment, color, payment procedures, gift items, and shopping/carrier bags and report back to the employer. The second evaluation is the ease and accuracy of wiring money from the retail location. The money to be wired is also included in the check sent to the employee. The remaining balance is the employee’s payment for the completion of the assignment. After merchandise is purchased and money is wired, the employees are advised by the bank the check cashed was counterfeit, and they are responsible for the money lost in addition to bank fees incurred.

In other versions of the scheme, applicants are requested to provide bank account information to have money directly deposited into their accounts. The fraudster then has acquired access to these victims’ accounts and can withdraw money, which makes the applicant a victim of identity theft.

Tips

Here are some tips you can use to avoid becoming a victim of employment schemes associated with mystery/secret shopping:

  • Do not respond to unsolicited (spam) e-mail.
  • Do not click on links contained within an unsolicited e-mail.
  • Be cautious of e-mail claiming to contain pictures in attached files, as the files may contain viruses. Only open attachments from known senders. Virus scan all attachments, if possible.
  • Avoid filling out forms contained in e-mail messages that ask for personal information.
  • Always compare the link in the e-mail to the link you are actually directed to and determine if they match and will lead you to a legitimate site.
  • There are legitimate mystery/secret shopper programs available. Research the legitimacy on companies hiring mystery shoppers. Legitimate companies will not charge an application fee and will accept applications online.
  • No legitimate mystery/secret shopper program will send payment in advance and ask the employee to send a portion of it back.

Individuals who believe they have information pertaining to mystery/secret shopper schemes are encouraged to file a complaint at www.IC3.gov.


Haitian Earthquake Relief Fraud Alert

01/13/10—The FBI today reminds Internet users who receive appeals to donate money in the aftermath of Tuesday’s earthquake in Haiti to apply a critical eye and do their due diligence before responding to those requests. Past tragedies and natural disasters have prompted individuals with criminal intent to solicit contributions purportedly for a charitable organization and/or a good cause.

Therefore, before making a donation of any kind, consumers should adhere to certain guidelines, to include the following:

  • Do not respond to any unsolicited (spam) incoming e-mails, including clicking links contained within those messages.
  • Be skeptical of individuals representing themselves as surviving victims or officials asking for donations via e-mail or social networking sites.
  • Verify the legitimacy of nonprofit organizations by utilizing various Internet-based resources that may assist in confirming the group’s existence and its nonprofit status rather than following a purported link to the site.
  • Be cautious of e-mails that claim to show pictures of the disaster areas in attached files because the files may contain viruses. Only open attachments from known senders.
  • Make contributions directly to known organizations rather than relying on others to make the donation on your behalf to ensure contributions are received and used for intended purposes.
  • Do not give your personal or financial information to anyone who solicits contributions: Providing such information may compromise your identity and make you vulnerable to identity theft.

Anyone who has received an e-mail referencing the above information or anyone who may have been a victim of this or a similar incident should notify the IC3 via www.ic3.gov.

 

www.fbi.gov     Common Fraud Schemes

The following are some of the most common scams that the FBI investigates and tips to help prevent you from being victimized. Visit our White-Collar Crime and Cyber webpages for more fraud schemes.

To report cases of fraud, use our online tips form or contact your nearest FBI office or overseas office.

Telemarketing Fraud

When you send money to people you do not know personally or give personal or financial information to unknown callers, you increase your chances of becoming a victim of telemarketing fraud.

Here are some warning signs of telemarketing fraud—what a caller may tell you:

  • “You must act ‘now’ or the offer won’t be good.”
  • “You’ve won a ‘free’ gift, vacation, or prize.” But you have to pay for “postage and handling” or other charges.
  • “You must send money, give a credit card or bank account number, or have a check picked up by courier.” You may hear this before you have had a chance to consider the offer carefully.
  • “You don’t need to check out the company with anyone.” The callers say you do not need to speak to anyone including your family, lawyer, accountant, local Better Business Bureau, or consumer protection agency.
  • “You don’t need any written information about their company or their references.”
  • “You can’t afford to miss this ‘high-profit, no-risk’ offer.”

If you hear these or similar “lines” from a telephone salesperson, just say “no thank you” and hang up the telephone.

Tips for Avoiding Telemarketing Fraud:

It’s very difficult to get your money back if you’ve been cheated over the telephone. Before you buy anything by telephone, remember:

  • Don’t buy from an unfamiliar company. Legitimate businesses understand that you want more information about their company and are happy to comply.
  • Always ask for and wait until you receive written material about any offer or charity. If you get brochures about costly investments, ask someone whose financial advice you trust to review them. But, unfortunately, beware—not everything written down is true.
  • Always check out unfamiliar companies with your local consumer protection agency, Better Business Bureau, state attorney general, the National Fraud Information Center, or other watchdog groups. Unfortunately, not all bad businesses can be identified through these organizations.
  • Obtain a salesperson’s name, business identity, telephone number, street address, mailing address, and business license number before you transact business. Some con artists give out false names, telephone numbers, addresses, and business license numbers. Verify the accuracy of these items.
  • Before you give money to a charity or make an investment, find out what percentage of the money is paid in commissions and what percentage actually goes to the charity or investment.
  • Before you send money, ask yourself a simple question. “What guarantee do I really have that this solicitor will use my money in the manner we agreed upon?”
  • Don’t pay in advance for services. Pay services only after they are delivered.
  • Be wary of companies that want to send a messenger to your home to pick up money, claiming it is part of their service to you. In reality, they are taking your money without leaving any trace of who they are or where they can be reached.
  • Always take your time making a decision. Legitimate companies won’t pressure you to make a snap decision.
  • Don’t pay for a “free prize.” If a caller tells you the payment is for taxes, he or she is violating federal law.
  • Before you receive your next sales pitch, decide what your limits are—the kinds of financial information you will and won’t give out on the telephone.
  • Be sure to talk over big investments offered by telephone salespeople with a trusted friend, family member, or financial advisor. It’s never rude to wait and think about an offer.
  • Never respond to an offer you don’t understand thoroughly.
  • Never send money or give out personal information such as credit card numbers and expiration dates, bank account numbers, dates of birth, or social security numbers to unfamiliar companies or unknown persons.
  • Be aware that your personal information is often brokered to telemarketers through third parties.
  • If you have been victimized once, be wary of persons who call offering to help you recover your losses for a fee paid in advance.
  • If you have information about a fraud, report it to state, local, or federal law enforcement agencies.

For More information:
- Telemarketing Fraud Targeting Seniors

Nigerian Letter or “419” Fraud

Nigerian letter frauds combine the threat of impersonation fraud with a variation of an advance fee scheme in which a letter mailed from Nigeria offers the recipient the “opportunity” to share in a percentage of millions of dollars that the author—a self-proclaimed government official—is trying to transfer illegally out of Nigeria. The recipient is encouraged to send information to the author, such as blank letterhead stationery, bank name and account numbers, and other identifying information using a fax number provided in the letter. Some of these letters have also been received via e-mail through the Internet. The scheme relies on convincing a willing victim, who has demonstrated a “propensity for larceny” by responding to the invitation, to send money to the author of the letter in Nigeria in several installments of increasing amounts for a variety of reasons.

Payment of taxes, bribes to government officials, and legal fees are often described in great detail with the promise that all expenses will be reimbursed as soon as the funds are spirited out of Nigeria. In actuality, the millions of dollars do not exist, and the victim eventually ends up with nothing but loss. Once the victim stops sending money, the perpetrators have been known to use the personal information and checks that they received to impersonate the victim, draining bank accounts and credit card balances. While such an invitation impresses most law-abiding citizens as a laughable hoax, millions of dollars in losses are caused by these schemes annually. Some victims have been lured to Nigeria, where they have been imprisoned against their will along with losing large sums of money. The Nigerian government is not sympathetic to victims of these schemes, since the victim actually conspires to remove funds from Nigeria in a manner that is contrary to Nigerian law. The schemes themselves violate section 419 of the Nigerian criminal code, hence the label “419 fraud.”

Tips for Avoiding Nigerian Letter or “419” Fraud:

  • If you receive a letter from Nigeria asking you to send personal or banking information, do not reply in any manner. Send the letter to the U.S. Secret Service, your local FBI office, or the U.S. Postal Inspection Service. You can also register a complaint with the Federal Trade Commission’s Complaint Assistant.
  • If you know someone who is corresponding in one of these schemes, encourage that person to contact the FBI or the U.S. Secret Service as soon as possible.
  • Be skeptical of individuals representing themselves as Nigerian or foreign government officials asking for your help in placing large sums of money in overseas bank accounts.
  • Do not believe the promise of large sums of money for your cooperation.
  • Guard your account information carefully.

For More information:
- Related Online Rental Ads Scheme
- Related Spanish Lottery Scam

Identity Theft

Identity theft occurs when someone assumes your identity to perform a fraud or other criminal act. Criminals can get the information they need to assume your identity from a variety of sources, including by stealing your wallet, rifling through your trash, or by compromising your credit or bank information. They may approach you in person, by telephone, or on the Internet and ask you for the information.

The sources of information about you are so numerous that you cannot prevent the theft of your identity. But you can minimize your risk of loss by following a few simple hints.

Tips for Avoiding Identity Theft:

  • Never throw away ATM receipts, credit statements, credit cards, or bank statements in a usable form.
  • Never give your credit card number over the telephone unless you make the call.
  • Reconcile your bank account monthly, and notify your bank of discrepancies immediately.
  • Keep a list of telephone numbers to call to report the loss or theft of your wallet, credit cards, etc.
  • Report unauthorized financial transactions to your bank, credit card company, and the police as soon as you detect them.
  • Review a copy of your credit report at least once each year. Notify the credit bureau in writing of any questionable entries and follow through until they are explained or removed.
  • If your identity has been assumed, ask the credit bureau to print a statement to that effect in your credit report.
  • If you know of anyone who receives mail from credit card companies or banks in the names of others, report it to local or federal law enforcement authorities.

For more information:
- Identity Theft webpage

Advance Fee Schemes

An advance fee scheme occurs when the victim pays money to someone in anticipation of receiving something of greater value—such as a loan, contract, investment, or gift—and then receives little or nothing in return.

The variety of advance fee schemes is limited only by the imagination of the con artists who offer them. They may involve the sale of products or services, the offering of investments, lottery winnings, “found money,” or many other “opportunities.” Clever con artists will offer to find financing arrangements for their clients who pay a “finder’s fee” in advance. They require their clients to sign contracts in which they agree to pay the fee when they are introduced to the financing source. Victims often learn that they are ineligible for financing only after they have paid the “finder” according to the contract. Such agreements may be legal unless it can be shown that the “finder” never had the intention or the ability to provide financing for the victims.

Tips for Avoiding Advanced Fee Schemes:

If the offer of an “opportunity” appears too good to be true, it probably is. Follow common business practice. For example, legitimate business is rarely conducted in cash on a street corner.

  • Know who you are dealing with. If you have not heard of a person or company that you intend to do business with, learn more about them. Depending on the amount of money that you plan on spending, you may want to visit the business location, check with the Better Business Bureau, or consult with your bank, an attorney, or the police.
  • Make sure you fully understand any business agreement that you enter into. If the terms are complex, have them reviewed by a competent attorney.
  • Be wary of businesses that operate out of post office boxes or mail drops and do not have a street address. Also be suspicious when dealing with persons who do not have a direct telephone line and who are never in when you call, but always return your call later.
  • Be wary of business deals that require you to sign nondisclosure or non-circumvention agreements that are designed to prevent you from independently verifying the bona fides of the people with whom you intend to do business. Con artists often use non-circumvention agreements to threaten their victims with civil suit if they report their losses to law enforcement.

For more information:
- Work-at-Home Advance Fee Scheme
- Cancer Research Advance Fee Scheme

Health Care Fraud or Health Insurance Fraud

Medical Equipment Fraud:

Equipment manufacturers offer “free” products to individuals. Insurers are then charged for products that were not needed and/or may not have been delivered.

“Rolling Lab” Schemes:

Unnecessary and sometimes fake tests are given to individuals at health clubs, retirement homes, or shopping malls and billed to insurance companies or Medicare.

Services Not Performed:

Customers or providers bill insurers for services never rendered by changing bills or submitting fake ones.

Medicare Fraud:

Medicare fraud can take the form of any of the health insurance frauds described above. Senior citizens are frequent targets of Medicare schemes, especially by medical equipment manufacturers who offer seniors free medical products in exchange for their Medicare numbers. Because a physician has to sign a form certifying that equipment or testing is needed before Medicare pays for it, con artists fake signatures or bribe corrupt doctors to sign the forms. Once a signature is in place, the manufacturers bill Medicare for merchandise or service that was not needed or was not ordered.

Tips for Avoiding Health Care Fraud or Health Insurance Fraud:

  • Never sign blank insurance claim forms.
  • Never give blanket authorization to a medical provider to bill for services rendered.
  • Ask your medical providers what they will charge and what you will be expected to pay out-of-pocket.
  • Carefully review your insurer’s explanation of the benefits statement. Call your insurer and provider if you have questions.
  • Do not do business with door-to-door or telephone salespeople who tell you that services of medical equipment are free.
  • Give your insurance/Medicare identification only to those who have provided you with medical services.
  • Keep accurate records of all health care appointments.
  • Know if your physician ordered equipment for you.

For more information:
- Heath Care Fraud webpage

Redemption / Strawman / Bond Fraud

Proponents of this scheme claim that the U.S. government or the Treasury Department control bank accounts—often referred to as “U.S. Treasury Direct Accounts”—for all U.S. citizens that can be accessed by submitting paperwork with state and federal authorities. Individuals promoting this scam frequently cite various discredited legal theories and may refer to the scheme as “Redemption,” “Strawman,” or “Acceptance for Value.” Trainers and websites will often charge large fees for “kits” that teach individuals how to perpetrate this scheme. They will often imply that others have had great success in discharging debt and purchasing merchandise such as cars and homes. Failures to implement the scheme successfully are attributed to individuals not following instructions in a specific order or not filing paperwork at correct times.

This scheme predominately uses fraudulent financial documents that appear to be legitimate. These documents are frequently referred to as “bills of exchange,” “promissory bonds,” “indemnity bonds,” “offset bonds,” “sight drafts,” or “comptrollers warrants.” In addition, other official documents are used outside of their intended purpose, like IRS forms 1099, 1099-OID, and 8300. This scheme frequently intermingles legal and pseudo legal terminology in order to appear lawful. Notaries may be used in an attempt to make the fraud appear legitimate. Often, victims of the scheme are instructed to address their paperwork to the U.S. Secretary of the Treasury.

Tips for Avoiding Redemption/Strawman/Bond Fraud:

  • Be wary of individuals or groups selling kits that they claim will inform you on to access secret bank accounts.
  • Be wary of individuals or groups proclaiming that paying federal and/or state income tax is not necessary.
  • Do not believe that the U.S. Treasury controls bank accounts for all citizens.
  • Be skeptical of individuals advocating that speeding tickets, summons, bills, tax notifications, or similar documents can be resolved by writing “acceptance for value” on them.
  • If you know of anyone advocating the use of property liens to coerce acceptance of this scheme, contact your local FBI office.

For more information:
- Sovereign Citizen Movement
- Treasury Inspector General for Tax Administration: Fact Sheet on Sovereign Citizen Movement

Investment-Related Scams

Letter of Credit Fraud

Legitimate letters of credit are never sold or offered as investments. They are issued by banks to ensure payment for goods shipped in connection with international trade. Payment on a letter of credit generally requires that the paying bank receive documentation certifying that the goods ordered have been shipped and are en route to their intended destination. Letters of credit frauds are often attempted against banks by providing false documentation to show that goods were shipped when, in fact, no goods or inferior goods were shipped.

Other letter of credit frauds occur when con artists offer a “letter of credit” or “bank guarantee” as an investment wherein the investor is promised huge interest rates on the order of 100 to 300 percent annually. Such investment “opportunities” simply do not exist. (See Prime Bank Notes for additional information.)

Tips for Avoiding Letter of Credit Fraud:

  • If an “opportunity” appears too good to be true, it probably is.
  • Do not invest in anything unless you understand the deal. Con artists rely on complex transactions and faulty logic to “explain” fraudulent investment schemes.
  • Do not invest or attempt to “purchase” a “letter of credit.” Such investments simply do not exist.
  • Be wary of any investment that offers the promise of extremely high yields.
  • Independently verify the terms of any investment that you intend to make, including the parties involved and the nature of the investment.

Prime Bank Note Fraud

International fraud artists have invented an investment scheme that supposedly offers extremely high yields in a relatively short period of time. In this scheme, they claim to have access to “bank guarantees” that they can buy at a discount and sell at a premium. By reselling the “bank guarantees” several times, they claim to be able to produce exceptional returns on investment. For example, if $10 million worth of “bank guarantees” can be sold at a two percent profit on 10 separate occasions—or “traunches”—the seller would receive a 20 percent profit. Such a scheme is often referred to as a “roll program.”

To make their schemes more enticing, con artists often refer to the “guarantees” as being issued by the world’s “prime banks,” hence the term “prime bank guarantees.” Other official sounding terms are also used, such as “prime bank notes” and “prime bank debentures.” Legal documents associated with such schemes often require the victim to enter into non-disclosure and non-circumvention agreements, offer returns on investment in “a year and a day”, and claim to use forms required by the International Chamber of Commerce (ICC). In fact, the ICC has issued a warning to all potential investors that no such investments exist.

The purpose of these frauds is generally to encourage the victim to send money to a foreign bank, where it is eventually transferred to an off-shore account in the control of the con artist. From there, the victim’s money is used for the perpetrator’s personal expenses or is laundered in an effort to make it disappear.

While foreign banks use instruments called “bank guarantees” in the same manner that U.S. banks use letters of credit to insure payment for goods in international trade, such bank guarantees are never traded or sold on any kind of market.

Tips for Avoiding Prime Bank Note Fraud:

  • Think before you invest in anything. Be wary of an investment in any scheme, referred to as a “roll program,” that offers unusually high yields by buying and selling anything issued by “prime banks.”
  • As with any investment, perform due diligence. Independently verify the identity of the people involved, the veracity of the deal, and the existence of the security in which you plan to invest.
  • Be wary of business deals that require non-disclosure or non-circumvention agreements that are designed to prevent you from independently verifying information about the investment.

“Ponzi’ Schemes

“Ponzi” schemes promise high financial returns or dividends not available through traditional investments. Instead of investing the funds of victims, however, the con artist pays “dividends” to initial investors using the funds of subsequent investors. The scheme generally falls apart when the operator flees with all of the proceeds or when a sufficient number of new investors cannot be found to allow the continued payment of “dividends.”

This type of fraud is named after its creator—Charles Ponzi of Boston, Massachusetts. In the early 1900s, Ponzi launched a scheme that guaranteed investors a 50 percent return on their investment in postal coupons. Although he was able to pay his initial backers, the scheme dissolved when he was unable to pay later investors.

Tips for Avoiding Ponzi Schemes:

  • Be careful of any investment opportunity that makes exaggerated earnings claims.
  • Exercise due diligence in selecting investments and the people with whom you invest—in other words, do your homework.
  • Consult an unbiased third party—like an unconnected broker or licensed financial advisor—before investing.

For more information:
- Bernie Madoff Case
- Stanford Case
- Wholesale Grocery Distribution Ponzi Scheme
- ATM Ponzi Scheme
- Victims Turn Tables with Ponzi Scheme

Pyramid Schemes

As in Ponzi schemes, the money collected from newer victims of the fraud is paid to earlier victims to provide a veneer of legitimacy. In pyramid schemes, however, the victims themselves are induced to recruit further victims through the payment of recruitment commissions.

More specifically, pyramid schemes—also referred to as franchise fraud or chain referral schemes—are marketing and investment frauds in which an individual is offered a distributorship or franchise to market a particular product. The real profit is earned, not by the sale of the product, but by the sale of new distributorships. Emphasis on selling franchises rather than the product eventually leads to a point where the supply of potential investors is exhausted and the pyramid collapses. At the heart of each pyramid scheme is typically a representation that new participants can recoup their original investments by inducing two or more prospects to make the same investment. Promoters fail to tell prospective participants that this is mathematically impossible for everyone to do, since some participants drop out, while others recoup their original investments and then drop out.

Tips for Avoiding Pyramid Schemes:

  • Be wary of “opportunities” to invest your money in franchises or investments that require you to bring in subsequent investors to increase your profit or recoup your initial investment.
  • Independently verify the legitimacy of any franchise or investment before you invest.

Market Manipulation or “Pump and Dump” Fraud

This scheme—commonly referred to as a “pump and dump”—creates artificial buying pressure for a targeted security, generally a low-trading volume issuer in the over-the-counter securities market largely controlled by the fraud perpetrators. This artificially increased trading volume has the effect of artificially increasing the price of the targeted security (i.e., the “pump”), which is rapidly sold off into the inflated market for the security by the fraud perpetrators (i.e., the “dump”); resulting in illicit gains to the perpetrators and losses to innocent third party investors. Typically, the increased trading volume is generated by inducing unwitting investors to purchase shares of the targeted security through false or deceptive sales practices and/or public information releases.

A modern variation on this scheme involves largely foreign-based computer criminals gaining unauthorized access to the online brokerage accounts of unsuspecting victims in the United States. These victim accounts are then utilized to engage in coordinated online purchases of the targeted security to affect the pump portion of a manipulation, while the fraud perpetrators sell their pre-existing holdings in the targeted security into the inflated market to complete the dump.

Tips for Avoiding Market Manipulation Fraud:

  • Don’t believe the hype.
  • Find out where the stock trades.
  • Independently verify claims.
  • Research the opportunity.
  • Beware of high-pressure pitches.
  • Always be skeptical.

For more information:
- Operation Shore Shells investigation

 

 

© copyright 2015 Flickertronics , All rights reserved

www.flickertronics.com