Archive 9


Fraudulent Telephone Calls Allowing Fraudsters Access to Consumer Financial and Brokerage Accounts

The FBI advise that fraudsters compromised their victim accounts and contacted financial institutions to change the victim profile information [i.e. email addresses, telephone numbers and bank account numbers].

The TDoS attacks used automated dialing programs and multiple accounts to overwhelm victims' cell phones and land lines with thousands of calls. When victims answered the calls they heard dead air [nothing on the other end], an innocuous recorded message, advertisement, or a telephone sex menu. Calls were typically short in duration but so numerous that victims changed their phone numbers to terminate the attack.

These TDoS attacks were used as a diversion to prevent financial and brokerage institutions from verifying victim account changes and transactions. Fraudsters then had adequate time to transfer funds from victim brokerage and financial online accounts.

Protection from TDoS attacks and other types of fraud requires consumers to be vigilant and proactive. In Newark’s Public Service Announcement [PSA], they recommend consumers protect themselves by:

•Implement security measures for all financial accounts by placing fraud alerts with the major credit bureaus if you believe they were targeted by a TDoS attack or other forms of fraud

•Use strong passwords for all financial accounts and change them regularly

•Obtain and review your annual credit report for fraudulent activity

If you were a target of a TDoS attack, immediately contact your financial institutions, notify your telephone provider, and promptly report it to the IC3 website at:

The IC3 complaint database links complaints to assist in referrals to the appropriate law enforcement agency for case consideration. The complaint information is also used to identity emerging trends and patterns.


Facebook Scam

Facebook has been hit yet again by a malware attack.


This time it is disguised as a video that states it is showing 'Distracting Beach Babes'. The malware messages have been appearing on the Walls of a lot of Facebook users. The messages look like they have been posted by friends of the Facebook user. It shows a thumbnail of a woman's bottom in a skimpy bikini and a has link labeled 'Distracting Beach Babes HQ'".

The wording includes the name of the Facebook user followed by 'this is hilarious LOL :P :P :P' If you click on the link hoping to see the hilarious beach babe video, you will actually open a rogue Facebook application. If you give permission for the rogue application to run, you will then be prompted to follow another link to update your Flash video player. However, if you click this 'update' you will actually download and install adware on the your computer.

While this is happening, the application will have automatically posted the same malware message to the Walls of your Facebook friends. To make the message seem more legitimate, the rogue application adds the name of each Facebook friend to the bogus Wall posts.

If you have already become a victim, delete the offending message from your page, scan your computer with an up-to-date anti-virus, change your passwords, and review your Facebook application settings.

It would also pay to advise your friends to do the same.

This attack is believed to be a new incarnation of the earlier 'Candid Camera Prank malware attack, which used similar tactics.


iTunes Gift Certificate

You may receive [or have already received] an email that appears to come from iTunes that advises that you have been given a gift certificate to the value of $50.

It is designed to get you to open the attachment so that a trojan can be downloaded onto your computer that will give hackers access to your computer.

The email is designed to look like an official message from the iTunes Store and states that on the iTunes Gift Certificate is a code that can be used to purchase music and other items from the iTunes store. The gift certificate is supposed to be in a file attached to the email.

The email however is not from iTunes and the $50 gift certificate is bait used to entice you into opening the email's attachment. If you open the attachment, you will launch a malicious application that can install a trojan on your computer. Once it is installed on your computer it can then modify your Windows registry, potentially giving hackers access by connecting your computer to a remote server, and downloading and installing even more malware.

Internet criminals often use the bait of supposedly free gifts, products and services as a means of tricking you into opening malicious attachments. By offering what appears to be an unexpected gift, these criminals hope you will be tempted with the "something for nothing" approach. This has more credibility when the names of legitimate organisations are used.

Remember that iTunes users can buy iTunes Gift Certificates for their friends or family members and send them an email with the details, however the email usually shows it is from someone you know, and the code is not in an attached file.


Business Scams

The number of crimes against businesses is increasing. About 65 per cent of businesses were affected by fraud in 2009, which was up from 57% per cent in a 2006 survey.

The main types of business fraud include anything from bounced checks, forged cash, and fake invoices, as well as online banking fraud, unauthorised direct debits, eBay and PayPal scams, charity calendars, and advertising in publications that don't exist.

An increasingly common business scam is the theft of domain names, which can be bought and used fraudulently, as well as the use of legitimate business e-mail addresses for criminal and fraudulent spam e-mails.

Other common scams include:

*Competitors using another business’s name as a search engine tag and directing potential customers elsewhere

*Trojan viruses being used to steal a business’s IP identity and using it to commit crime

*Scammers impersonating legitimate companies, and then opening an eBay account selling items that don’t exist. The e-mail address is false and the legitimate company then gets the bill

The majority of businesses [85%] have a firewall to protect themselves against fraud and online crime, however only 49% used updates to receive patches to ensure their security software had up-to-date protection.


* Do not click on links contained within spam e-mail

* Be cautious of e-mail claiming to contain pictures in attached files, as the files may contain viruses. Only open attachments from known senders

* To ensure contributions are received and used for intended purposes, make contributions directly to known organizations rather than relying on others to make the donation on your behalf

* Validate the legitimacy of the organization by directly accessing the recognized charity or aid organization's website rather than following an alleged link to the site

* Attempt to verify the legitimacy of the non-profit status of the organization by using various Internet-based resources, which also may assist in confirming the actual existence of the organization

* Do not provide personal or financial information to anyone who solicits contributions as providing such information may compromise your identity and make you vulnerable to identity theft


Alarming Statistics

79% of all email in the US is spam. However the nation is only number 7 in the spam league. Britain comes top with 94%, then China (90%), Hong Kong (89%), Australia (88%), Japan (86%), and Germany (83%). The Netherlands is 8th (78%) followed by
Canada (77%)

The scam ratio for work-at-home jobs posted online is 59:1. which means out of every 60 advertised jobs, only one is genuine

• On average, 3,500 new sites harboring malware are set up every day. Online security experts McAfee believe there are now more than 1.2 million different types of Internet malware

• Almost two-thirds of people incorrectly believe a check is valid if a bank pays out funds on it. (That is incorrect, and if the check subsequently bounces, the account holder is responsible for repaying any money they withdrew)

• A scan of 22 million PCs by security firm Panda Labs in the second quarter of 2009 showed that just short of 12 million of them were infected. If the same proportion applies elsewhere, that means over half of PCs worldwide could be infected with viruses, Trojans, spyware and other malware. The biggest single category of infection is by banking Trojans and password stealers

• Scammers are known to profile their victims -- they know who makes the best target. For instance, a woman aged 70-plus is the most common target for a lottery scam, while a man in the 55-61 age range is the most common investment fraud victim. The age group that attracts the most scams is the 30-39 year olds

• The typical victim of a lottery money scam loses around $3,000, usually for supposed tax, administration or Customs fees, while those who fall for advance fee scams lose on average, up to $4,000. The average identity theft victim gets taken for $5,000

Here are some tips you can use to avoid becoming a victim of cyber fraud:

•Do not respond to unsolicited [spam] e-mail

•Do not click on links contained within an unsolicited e-mail

•Be cautious of e-mail claiming to contain pictures in attached files, as the files may contain viruses. Only open attachments from known senders. Virus scan the attachments if possible

•Avoid filling out forms contained in e-mail messages that ask for personal information

•Always compare the link in the e-mail to the link you are actually directed to and determine if they actually match and will lead you to a legitimate site

•Log on directly to the official Web site for the business identified in the e-mail, instead of "linking" to it from an unsolicited e-mail. If the e-mail appears to be from your bank, credit card issuer, or other company you deal with frequently, your statements or official correspondence from the business will provide the proper contact information

•Contact the actual business that supposedly sent the e-mail to verify if the e-mail is genuine

Return to Scam Alerts