Ramanisblog

Tag: Internet Crime Complaint Center

  • BE Careful Browsing At Hotels’ Internet

     

    The FBI sent an advisory on the fact that Professional Scammers are using Hotel Internet connection to infect your Laptops and Mobiles.

     

    Better to have your own portable connectivity.

     

    Story:

     

    Wi-Fi Alliance logo
    Wi-Fi Alliance logo (Photo credit: Wikipedia)

     

    Recent analysis from the FBI and other government agencies demonstrates that malicious actors are targeting travelers abroad through pop-up windows while establishing an Internet connection in their hotel rooms.

     

    Recently, there have been instances of travelers’ laptops being infected with malicious software while using hotel Internet connections. In these instances, the traveler was attempting to setup the hotel room Internet connection and was presented with a pop-up window notifying the user to update a widely-used software product. If the user clicked to accept and install the update, malicious software was installed on the laptop. The pop-up window appeared to be offering a routine update to a legitimate software product for which updates are frequently available.

     

    The FBI recommends that all government, private industry, and academic personnel who travel abroad take extra caution before updating software products on their hotel Internet connection. Checking the author or digital certificate of any prompted update to see if it corresponds to the software vendor may reveal an attempted attack. The FBI also recommends that travelers perform software updates on laptops immediately before traveling, and that they download software updates directly from the software vendor’s Web site if updates are necessary while abroad.

     

    Anyone who believes they have been a target of this type of attack should immediately contact their local FBI office, and promptly report it to the IC3’s website atwww.IC3.gov. The IC3’s complaint database links complaints together to refer them to the appropriate law enforcement agency for case consideration. The complaint information is also used to identify emerging trends and patterns.

     

    http://www.ic3.gov/media/2012/120508.aspx

     

    What can travelers do about these potential hotel Wi-Fi drive-by attacks? Focus on these nine information security essentials:

     

    1. Update Before Leaving Despite the inevitable last-minute rush to get the bags packed, don’t forget to install the latest application and operating system security updates onto your laptop, smartphone, and tablet before heading out. Also ensure that antivirus software is running on the device, and is likewise fully updated.

     

    [ Everybody is worried about security. Read Security Top Concern Of Federal CIOs. ]

     

    2. Block Pop-Ups Never, ever click on a pop-up window. “No major, reputable site requires a pop-up to work or function,” said Kapil Raina, director of product marketing at Zscaler, via email. Preferably, configure your browser to block all pop-ups, so that no one using your computer–such as family members–can click on one.

     

    3. Handle Free Wi-Fi With Caution The FBI advisory highlights the need to treat all free hotspots with caution. The problem, however, is that people often throw caution to the wind when presented with free stuff, such as USB keys or wireless access, and even if they’re likely to be security-aware types attending a conference in the heart of Amsterdam filled with known hackers. That’s what Steve Lord, a director at information security consultancy Mandalorian, discovered at this year’s Black Hat Europe conference, when he installed a free Wi-Fi hotspot with the name “LEGITFREEWIFI.” Sounds trustworthy, right? At least some of the attendees, who should have known better, used the hotspot with abandon.

     

    4. Read Hotel Wi-Fi Directions Avoid connecting to fake hotspots by verifying which network actually belongs to the hotel. “If you must connect to a hotel Wi-Fi network, verify with the front desk the exact procedure (SSID name, process for payment, etc.),” said Zscaler’s Raina. “You do not want to connect to a fake access point. Some hotels have direct connections (physical cables) you may opt for. In some cases, consider using your phone via 3G/4G as the connection point rather than Wi-Fi.”

     

    5. VPN Tunneling Secures Free Wi-Fi But Mandalorian’s Lord, who deleted all data intercepted by his “weaponized hotspot,” emphasized that he could have given his hotspot the same name as the hotel’s hotspot, though didn’t do so because he feared it would break the law. Of course, criminals would likely have no such compunctions. On that note, the best way to easily block such attacks is to use VPN tunneling. In fact, it’s always a good idea–whether at home or abroad–to use a VPN whenever connecting to free Wi-Fi, since such hotspots, by their nature, aren’t secure. Indeed, anyone can easily sniff wireless non-SSL traffic, unless it’s routed via a VPN. Free, reputable VPN software is widely available for both PC and Mac (and in some cases, Linux), including Hotspot Shield from AnchorFree, the open source OpenVPN (Windows/Mac/Linux, Free), and Shrew Soft’s VPN Client, as well as built-in VPN tools in both Apple OS X and Windows.

     

    6. Download Software Updates Directly From Vendors While surfing the Web via hotel Wi-Fi, ignore all unsolicited software-update offers. “Download software updates directly from the software vendor’s Web site if updates are necessary while abroad,” according to the IC3 advisory. Anything else may be a scam. Also don’t be afraid to verify security warnings by using another computer.

     

    7. Beware Wired Hotel Connections Hotel hotspots aren’t the only types of connections that can be compromised. According to news reports, systems at iBAHN–one of the world’s largest providers of Internet services for hotels–were compromised last year. Although the company denied it had been hacked, any attacker who could successfully hack into that type of network would be able to serve up malware to anyone using a hotel network, even if they were connected via Ethernet cable.

     

    8. Consider Using A “Burner” Laptop When traveling, one of the best ways to stay secure is simply to stay off the grid. If that’s not an option, consider using a temporary, or “burner,” laptop, such as an old laptop (personal) or extra machine (work). “Some companies now have policies where employees who travel abroad travel with a disposable laptop to ensure that no [intellectual property] or secrets available on their machines are stolen,” said Rob Rachwald, director of security strategy at Imperva, in a blog post.

     

    9. Don’t Be Afraid To Hibernate Finally, if your computer has signs of infection, put it to sleep. “If you believe that you were hit, put your computer in hibernate or sleep mode until you can get expert help in repairing or restoring the system,” said Raina at Zscaler. “Taking the system offline as fast as possible can prevent further data [exfiltration] and damage.”

     

    http://www.informationweek.com/news/security/mobile/240000211

     

  • New E-Scams and Warnings-FBI.

    The FBI Seal where the circle of stars represe...
    Image via Wikipedia

    E-Mails Containing Malware Sent to Businesses Concerning Their Online Job Postings

    01/19/2011—Recent FBI analysis reveals that cyber criminals engaging in ACH/wire transfer fraud have targeted businesses by responding via e-mail to employment opportunities posted online.

    Recently, more than $150,000 was stolen from a U.S. business via unauthorized wire transfer as a result of an e-mail the business received that contained malware. The malware was embedded in an e-mail response to a job posting the business placed on an employment website and allowed the attacker to obtain the online banking credentials of the person who was authorized to conduct financial transactions within the company. The malicious actor changed the account settings to allow the sending of wire transfers, one to the Ukraine and two to domestic accounts. The malware was identified as a Bredolab variant, svrwsc.exe. This malware was connected to the ZeuS/Zbot Trojan, which is commonly used by cyber criminals to defraud U.S. businesses.

    The FBI recommends that potential employers remain vigilant in opening the e-mails of prospective employees. Running a virus scan prior to opening any e-mail attachments may provide an added layer of security against this type of attack. The FBI also recommends that businesses use separate computer systems to conduct financial transactions.

    For more information on this type of fraud and prevention tips, please refer to previous public service announcements at the links below:

    Anyone who believes they have been a target this type of attack should immediately contact their financial institutions and local FBI office and promptly report it to the IC3’s website at www.ic3.gov. The IC3’s complaint database links complaints together to refer them to the appropriate law enforcement agency for case consideration. The IC3 also uses complaint information to identify emerging trends and patterns.

    Telephone Collection Scam Related to Delinquent Payday Loans

    12/01/2010—The IC3 receives a high volume of complaints from victims of payday loan telephone collection scams. In these scams, a caller claims that the victim is delinquent in a payday loan and must repay the loan to avoid legal consequences. The callers purport to be representatives of the FBI, Federal Legislative Department, various law firms, or other legitimate-sounding agencies. They claim to be collecting debts for companies such as United Cash Advance, U.S. Cash Advance, U.S. Cash Net, and other Internet check cashing services.

    One of the most insidious aspects of this scam is that the callers have accurate information about the victims, including Social Security numbers, dates of birth, addresses, employer information, bank account numbers, and names and telephone numbers of relatives and friends. The method by which the fraudsters obtained the personal information is unclear, but victims often relay that they had completed online applications for other loans or credit cards before the calls began.

    The fraudsters relentlessly call the victim’s home, cell phone, and place of employment. They refuse to provide to the victims any details of the alleged payday loans and become abusive when questioned. The callers threaten victims with legal actions, arrests, and in some cases physical violence if they refuse to pay. In many cases, the callers even resort to harassment of the victim’s relatives, friends, and employers.

    Some fraudsters instruct victims to fax a statement agreeing to pay a certain dollar amount, on a specific date, via prepaid visa card. The statement further declares that the victim would never dispute the debt.

    These telephone calls are an attempt to obtain payment by instilling fear in the victims. Do not follow the instructions of the caller.

    If you receive telephone calls such as these, you should:

    • Contact your banking institutions;
    • Contact the three major credit bureaus and request an alert be put on your file;
    • Contact your local law enforcement agencies if you feel you are in immediate danger;
    • File a complaint at www.IC3.gov.

    Fraudulent Notification Deceives Consumers Out of Thousands of Dollars

    11/29/2010—The IC3 continues to receive reports of letters and e-mails being distributed pursuant to prize sweepstakes or lottery schemes. These schemes use counterfeit checks that bear legitimate-looking logos of various financial institutions to fool victims into sending money to the fraudsters.

    Fraudsters tell victims they won a sweepstakes or lottery, but to receive a lump sum payout, they must pay the taxes and processing fees upfront. Fraudsters direct individuals to call a telephone number to initiate a letter of instructions. The letter alleges that the victim may elect to take an advance on the winnings to make the required upfront payment. The letter includes a check in the amount of the alleged taxes and fees, along with processing instructions. Ultimately, victims believe they are using the advance to make the required upfront payment, but in reality they are falling prey to the scheme.

    The victim deposits the check into their own bank, which credits the account for the amount of the check before the check clears. The victim immediately withdraws the money and wires it to the fraudsters. Afterwards, the check proves to be counterfeit and the bank pulls the respective funds from the victim’s account, leaving the victim liable for the amount of the counterfeit check plus any additional fees the bank may charge.

    Persons may fall victim to this scheme due to the allure of easy money and the apparent legitimacy of the check the fraudsters include in the letter of instruction. The alleged cash prizes and locations of the financial institutions vary.

    Tips to avoid being scammed:

    • A federal statute prohibits mailing lottery tickets, advertisements, or payments to purchase tickets in a foreign lottery.
    • Be leery if you do not remember entering a lottery or sweepstakes.
    • Beware of lotteries or sweepstakes that charge a fee prior to delivering your prize.
    • Be wary of demands to send additional money as a requirement to be eligible for future winnings.

    If you have been a victim of this type of scam or any other cyber crime, you can report it to the IC3 at http://www.IC3.gov. The IC3 complaint database links complaints for potential referral to law enforcement for case consideration. Complaint information is also used to identify emerging trends and patterns to alert the public to new criminal schemes.

    http://www.fbi.gov/scams-safety/e-scams

    Related.

    Imagine getting an e-mail from the FBI. What would you do? Chances are you’d respond to find out what’s up. And bad guys who pretend to be FBI agents are counting on that.

    Sierra Smith, who lives in the Seattle area, says it was very scary when she got an e-mail from “Special Agent John Edward.” The message said two trunks containing $4.1 million were confiscated at JFK airport and a document inside had her name it.

      1. Consumer Man with Herb Weisbaum

        ConsumerMan is on FacebookStay up to date with the latest consumer news

    The e-mail went on to threaten arrest.

    Smith replied and asked to see credentials. The follow-up e-mail had an attachment with an FBI badge and a picture ID.  In a follow-up e-mail she was asked for $850 to resolve the matter.

    Smith didn’t send the money. Instead, she did something very smart. She contacted the FBI office in Seattle and was told about the scam.

    This is what’s known as an imposter scam. The Federal Trade Commission says a growing number of scams now involve some sort of impersonation. In fact, imposter scams are now No. 6 on the FTC’s list of Top Ten Complaints for 2010. The commission received more than 60,000 complaints about imposter scams last year.

    http://www.msnbc.msn.com/id/42347772/ns/business-consumer_news/