ID Protect™ - Identity Theft Protection Service, Powered by ID Protect™
Internet Safety Tips
Tips to avoid Identity Theft!
March 17, 2017
Don't Bank on That Check
Lisa Lake, Consumer Education Specialist, FTC - Scammers know how to design phony checks to make them look legitimate. In fact, the Council of Better Business Bureaus just released a list of the most “risky” scams, based on how likely people are to be targeted, how likely to lose money, and how much money they lost. Fake checks were number two.
Fake checks drive many types of scams – like those involving phony prize wins, fake jobs, mystery shoppers, online classified ad sales, and others. In a fake check scam, someone asks you to deposit a check – sometimes for several thousand dollars – and, when the funds seem to be available, wire the money to a third party. The scammers always have a good story to explain the overpayment – they’re stuck out of the country, they need you to cover taxes or fees, you’ll need to buy supplies, or something else. But when the bank discovers you’ve deposited a bad check, the scammer already has the money, and you’re stuck paying the money back to the bank.
So don’t deposit a check and wire money or send money back in any way. Banks must make funds from deposited checks available within days, but uncovering a fake check can take them weeks. If a check you deposit bounces – even after it seemed to clear – you’re responsible for repaying the bank. Money orders and cashier’s checks can be counterfeited, too.
Want to avoid the latest rip-offs? Sign up for free scam alerts from the FTC at ftc.gov/scams.
February 10, 2016
DHS officials issue warning about scams targeting senior citizens to unknowingly act as international drug smugglers
WASHINGTON – U.S. Immigration and Customs Enforcement (ICE) and U.S. Customs and Border Protection (CBP) officials issued a warning today about a scheme that conned dozens of elderly U.S. citizens into being unwitting drug mules to countries with severe penalties for drug-related charges, like Australia and New Zealand. The announcement was made by A. Scott Brown, Acting Assistant Director of Investigative Programs for ICE’s Homeland Security Investigations (HSI), during a hearing before the Senate Special Committee on Aging.
The average age of the 144 couriers was 59; the oldest of these was 87. The oldest individual conned as a part of this scheme was 97; however, HSI special agents identified him before he left the United States to participate in the endeavor and convinced him to abandon his travel plans because he was likely to be another victim. The victims were recruited via social media, cyber begging and telemarketing fraud. Investigators believe over 30 individuals from the United States remain incarcerated overseas.
“Those who target vulnerable populations, to include our elderly, are among the worst kinds of criminals. Heart breaking does not begin to describe some of these case details,” said ICE Director Sarah R. Saldaña. “It is the job of law enforcement to bring these perpetrators to justice, but it is all of our jobs to teach our own loved ones to be vigilant against these kinds of schemes.”
The ruse entices victims with a promise of an inheritance or business opportunity and the requirement that they fly to various countries to meet with “attorneys” or “business partners,” with all travel and expenses paid by the transnational criminal organization. On the final leg of the trip, the victims are asked to take seemingly harmless items along with them for their business contacts at the next location. Upon arrival and inspection, these innocuous items are found to contain drugs resulting in detention and arrest by local authorities. The drugs are concealed in everything from chocolates, picture frames, tea and markers to canned goods, shampoo bottles, soap and wooden hangers.
To date, HSI and CBP have worked with their foreign counterparts to intercept 144 couriers carrying a total of 272 kilograms of methamphetamine, 209 kilograms of cocaine, 4 kilograms of ecstasy and 11 kilograms of heroin. Fifteen facilitators affiliated with the transnational criminal organization were also arrested.
It should be noted, that while HSI makes efforts to prevent potential elderly couriers from departing the United States, the short window of opportunity and the strong relationship scammers have established with their victims makes this difficult. The recruited individuals are often so engaged with the criminal organization, they do not believe the truth when they are confronted with it because these organizations warn their victims not to believe anyone who approaches them as law enforcement. HSI has warned elderly unwitting couriers concerning their potential role in this scheme, only to have them book travel and be intercepted in another country with narcotics.
While organizations like these will victimize consumers of all ages, backgrounds and income levels, the elderly are disproportionately targeted, according to investigators. Perpetrators take advantage of the fact that elderly Americans may be lonely and not have the Internet savvy to recognize the scam.
February 2, 2015
IRS-Impersonation Telephone Scam
An aggressive and sophisticated phone scam targeting taxpayers, including recent immigrants, has been making the rounds throughout the country. Callers claim to be employees of the IRS, but are not. These con artists can sound convincing when they call. They use fake names and bogus IRS identification badge numbers. They may know a lot about their targets, and they usually alter the caller ID to make it look like the IRS is calling.
Victims are told they owe money to the IRS and it must be paid promptly through a pre-loaded debit card or wire transfer. If the victim refuses to cooperate, they are then threatened with arrest, deportation or suspension of a business or driver’s license. In many cases, the caller becomes hostile and insulting.
Or, victims may be told they have a refund due to try to trick them into sharing private information.
If the phone isn't answered, the scammers often leave an “urgent” callback request.
Note that the IRS will never: 1) call to demand immediate payment, nor will the agency call about taxes owed without first having mailed you a bill; 2) demand that you pay taxes without giving you the opportunity to question or appeal the amount they say you owe; 3) require you to use a specific payment method for your taxes, such as a prepaid debit card; 4) ask for credit or debit card numbers over the phone; or 5) threaten to bring in local police or other law-enforcement groups to have you arrested for not paying.
For more details on this ongoing scam, visit http://www.irs.gov/uac/Tax-Scams-Consumer-Alerts.
Email Phishing Scam: "Update your IRS e-file"
The IRS has been alerted to a new email phishing scam. The emails appear to be from the IRS and include a link to a bogus web site intended to mirror the official IRS web site. These emails contain the direction “you are to update your IRS e-file immediately.” The emails mention USA.gov and IRSgov (without a dot between "IRS" and "gov"), though notably, not IRS.gov (with a dot). Don’t get scammed. These emails are not from the IRS.
Taxpayers who get these messages should not respond to the email or click on the links. Instead, they should forward the scam emails to the IRS at email@example.com. For more information, visit the IRS's Report Phishing web page.
The IRS does not initiate contact with taxpayers by email to request personal or financial information.
December 2, 2014
Data Breaches: What You Need to Know
With so many merchant data breaches in the news, we want you to know that Gerber Federal Credit Union is ready to help if your personal or financial data is ever compromised. We take service to our members seriously and will do everything we can to ensure that action is taken – quickly – to help you avoid becoming a victim of identity or account theft.
Your credit union is subject to strong data security standards established by Congress and federal regulators. While data breaches can happen anywhere, we are ready with a plan designed to ensure the safety and confidentiality of your sensitive data.
Unfortunately, merchants and retailers aren’t subject to these federal requirements. Many of them follow their own data security standards, but the recent rash of data breaches shows that much more needs to be done. When it comes to protecting your personal information, every measure counts.
When your debit or credit card data is breached at a retailer, the cost of card replacement or account reimbursement to you is typically paid not by the merchant where the breach occurred, but by your credit union.
Gerber FCU members benefit from added personal protection and peace of mind with our identity theft protection service, powered by IDProtect™. This service is for our members, their joint account holders, and their eligible family members (Spouse, persons qualifying as domestic partner, and children under 25 years of age and parent(s) who are residents of the same household). It covers identity fraud events anywhere in the world…even if it has nothing to do with your Gerber Federal Credit Union account(s). For information regarding this protection visit www.idprotectme247.com or contact Member Service at (800) 338-3746, option 2.
We want you to know that in the event of any breach affecting your accounts, this credit union will always do what we can to make you whole. In the meantime, credit unions around the country are leading the effort to get Congress to pass legislation ensuring merchants and retailers meet a national standard for protecting any of your financial data they collect when you make a purchase. We hope you will support us in this effort.
While we can’t control what happens at merchants and retailers, we want you to know that Gerber Federal Credit Union will do everything we can to assist you and your family if a breach does occur when you use your debit or credit card. You can always feel free to reach out to Member Service at (800) 338-3746, option 2.
John P. Buckley, Jr.
October 14, 2014
Beware of mystery shopper scams
I confess… I once was a mystery shopper. Decades ago, I shopped at stores to see what they were charging for certain products and visited restaurant chains to evaluate the food and service. I wrote up a report, sent it in, and received a check for my work. Nothing I could make a living from, but it helped fill the gas tank.
Back then, it didn’t occur to me that responding to a mystery or secret shopper ad could set me up for a scam. Now I know – if you’re looking to make extra money as a mystery shopper, it pays to do some homework to make sure the job is real.
Recently, we’ve heard about a scam that begins when you get an email offering “secret shopper” jobs with retailers like Wal-Mart, Kmart, Best Buy or Home Depot. If you click through to the website, it looks like you’re on a retailer’s site – but you’re not. You’re asked to provide some personal information to get started, and told you’ll soon get a cashier’s check for around $1,500. You’re instructed to deposit the check into your account to “activate” your employment, keep $300 of that money as “advance payment” to cover initial expenses, and wire back the rest.
Problem is, the “job” isn’t real and it’s not associated with any actual stores. You’re dealing with a scammer. That check is a fake. If you deposit it, you’re on the hook to pay the bank back.
Following these tips can help you avoid a mystery shopping scam:
Do your research. Most legitimate secret shopper jobs are posted online by reputable marketing research or merchandising companies. A quick internet search can help you verify the company’s reputation, legitimacy, or flag any complaints. Scammers like to use the names of well-known companies like Home Depot or Wal-Mart to gain your trust.
Never wire money to someone you don’t know. Wiring money is the same as sending cash – once you send it, you can’t get it back.
Never agree to deposit a check from someone you don’t know. If the check turns out to be fake, it will eventually bounce. And since you are responsible for any deposited checks to your account, you will owe the bank the money you withdrew.
Never give your personal or financial information out online. Guard your personal information, and treat it as if it were cash. Refrain from entering your Social Security, bank account, or credit card numbers online or by phone to someone who gets in touch with you.
You don’t have to pay to get into the mystery shopper business. We have more advice on finding legitimate mystery shopping jobs. If you suspect a scam, report it to the FTC.
Source: www.consumer.ftc.gov, by Cristina Miranda, Consumer Education Specialist, FTC
June 9, 2014
Risk Alert - Account Activation Text Scam
Location: Various states
Fraudulent text messages are being sent to consumers in an effort to steal personally identifiable information. Financial institutions have reported an increased volume in these attacks since May 22, 2014. Mass text broadcasts are commonly used by fraudsters to reach large audiences of potential victims. This scam is quite common and often operates simultaneously in multiple states.
Automated texts are being broadcast that warn consumers to call certain numbers to reactivate their payment cards.
A recent text example: "Federal Credit Union ALERT: Your CheckCard has been temporarily LOCKED. Please call Card Services line (407) 574-2992".
Text messages do not reference a particular issuing brand but they may vaguely refer to a credit union or bank.
Additional originating text numbers for this recent scam include: 786-300-2335 and 971-208-9936. All numbers referenced in this Alert Bulletin have been disbanded. New originating numbers will most likely be created and used in the future.
Text messages may also originate from Jamaican area code 876 which is easily confused by consumers with a toll free number.
Never call a potentially fraudulent number. Law enforcement and local communication companies may be in the middle of an investigation that will be compromised if the fraudsters become suspicious.
Be aware that a series of numbers are often involved in telephony scams. This scam may not be entirely limited to the number(s) referenced above.
April 8, 2014
Risk Alert - Major new security vulnerability dubbed Heartbleed
Gerber FCU has been tested and IS NOT vulnerable.
How to protect yourself from the 'Heartbleed' bug
A major new security vulnerability dubbed Heartbleed was disclosed Monday night with severe implications for the entire Web. The bug can scrape a server's memory, where sensitive user data is stored, including private data such as usernames, passwords, and credit card numbers.
It's an extremely serious issue, affecting some 500,000 servers, according to Netcraft, an Internet research firm. Here's what you can do to make sure your information is protected, according to security experts contacted by CNET:
Do not log into accounts from afflicted sites until you're sure the company has patched the problem. If the company hasn't been forthcoming -- confirming a fix or keeping you up to date with progress -- reach out to its customer service teams for information, said John Miller, security research manager for TrustWave, a security and compliance firm.
Some Web sites that appeared to have been affected included Yahoo and OKCupid, though the companies have said their sites are all or partly fixed (see below for details). You can check sites on an individual basis here, though caution is still advised even if the site gives you an "all clear" indication. If you're given a red flag, avoid the site for now.
The natural response might be to want to change passwords immediately, but security experts suggest waiting for confirmation of a fix because further activity on a vulnerable site could exacerbate the problem.
Once you've got confirmation of a security patch, change passwords of sensitive accounts like banks and email first. Even if you've implemented two-factor authentication -- which, in addition to a password asks for another piece of identifying information, like a code that's been texted to you -- changing that password is recommended.
Don't be shy about reaching out to small businesses that have your data to make sure they are secure. While the high-profile companies like Yahoo and Imgur certainly know about the problem, small businesses might not even be aware of it, said TrustWave's Miller. Be proactive about making sure your information is safe.
Keep a close eye on financial statements for the next few days. Because attackers can access a server's memory for credit card information, it wouldn't hurt to be on the lookout for unfamiliar charges on your bank statements.
Even after following these guidelines, there is still some riskiness in surfing the Web in the aftermath of the bug. Heartbleed is even said to affect browser cookies, which track users' activity on a site, so even visiting a vulnerable site without logging in could be risky. The Tor Project, which stresses anonymity and privacy, wrote in a blog post that users with those needs "might want to stay away from the Internet entirely for the next few days while things settle."
Yahoo seems to be the most major Web to site have been vulnerable to the bug (preliminary tests for Facebook, Google, and Twitter's Web sites said they appear to be safe). The company said that it has "successfully made appropriate corrections" to the main Yahoo properties: Yahoo Homepage, Search, Mail, Finance, Sports, Food, Tech, Flickr and Tumblr. Still, a Yahoo spokesperson said the company is still working to make the fix across the rest of the Yahoo sites.
"I encourage users to not log in into [Yahoo] and other services that are affected since the credentials could have been leaked if they used the service," said Jaime Blasco, director of AlienVault Labs, a security research firm. "As soon as Yahoo solves the issue, it will be helpful if users change their password just in case."
Yahoo has been stressing authentication of late, so that the company would be able to provide a more personalized experience to users, a drum CEO Marissa Mayer has been beating almost since she took over the company. Yahoo provides services like email and fantasy sports, requiring passwords to get access to the applications.
The company has already had some trouble in the security arena. In January, the company had to reset the passwords of some email users after an attempted attack on a third-party's database. In response to the Heartbleed bug, some users have already expressed their outrage on Twitter. Brandon Oxford, from Royal, Ark., wrote: "After this I'm officially done with Yahoo email. I've now set up a Gmail. They seem to be more on top of stuff than Yahoo."
Other companies that were said to be affected chimed in as well. Imgur, the photo-sharing site popular with Reddit users, said: "[We] invalidated sensitive data such as cookies and session IDs, just to be on the safe side. We're proceeding with caution, since the nature of the attack makes it hard to detect, but we have no reason to believe it has been used against Imgur." OKCupid said, "The fix is now fully live on OKCupid."
The question in the aftermath of something like this is whether Web companies will reform their security practices. There has been a move toward Perfect Forward Secrecy (PFS) by many of the major Web companies, but not all of them have implemented the practice. PFS means essentially that encryption keys get a very short shelf life, and are not used forever. "People should want their communications to be secure as possible. PFS is one thing they can push for in the future," said Miller.
Source: cnet.com, by Richard Nieva
CNET's Seth Rosenblatt contributed to this report.
Update at 12:00 p.m. on Wednesday, April 9, to change Heartbleed site verification to https://lastpass.com/heartbleed/.
March 31, 2014
Risk Alert - TIGTA Warns of "Largest Ever" Phone Fraud Scam Targeting Taxpayers
The Treasury Inspector General for Taxpayer Administration (TIGTA) has issued a warning to taxpayers to beware of phone calls from individuals claiming to represent the Internal Revenue Service (IRS) in an effort to defraud them.
“This is the largest scam of its kind that we have ever seen,” said J. Russell George, the Treasury Inspector General for Tax Administration. George noted that TIGTA has received reports of over 20,000 contacts and has become aware of thousands of victims who have collectively paid over $1 million as a result of the scam, in which individuals make unsolicited calls to taxpayers fraudulently claiming to be IRS officials.
“The increasing number of people receiving these unsolicited calls from individuals who fraudulently claim to represent the IRS is alarming,” he said. “At all times, and particularly during the tax filing season, we want to make sure that innocent taxpayers are alert to this scam so they are not harmed by these criminals,” George said, adding, “Do not become a victim.”
Inspector General George urged taxpayers to heed warnings about the sophisticated phone scam targeting taxpayers, noting that the scam has hit taxpayers in nearly every State in the country. Callers claiming to be from the IRS tell intended victims they owe taxes and must pay using a pre-paid debit card or wire transfer. The scammers threaten those who refuse to pay with arrest, deportation or loss of a business or driver’s license.
The truth is the IRS usually first contacts people by mail – not by phone – about unpaid taxes. And the IRS won’t ask for payment using a pre-paid debit card or wire transfer. The IRS also won’t ask for a credit card number over the phone.
“If someone unexpectedly calls claiming to be from the IRS and uses threatening language if you don’t pay immediately, that is a sign that it really isn’t the IRS calling,” he said.
The callers who commit this fraud often:
Use common names and fake IRS badge numbers.
Know the last four digits of the victim’s Social Security Number.
Make caller ID information appear as if the IRS is calling.
Send bogus IRS e-mails to support their scam.
Call a second time claiming to be the police or department of motor vehicles, and the caller ID again supports their claim.
If you get a call from someone claiming to be with the IRS asking for a payment, here’s what to do:
If you owe Federal taxes, or think you might owe taxes, hang up and call the IRS at 800-829-1040. IRS workers can help you with your payment questions.
If you don’t owe taxes, call and report the incident to TIGTA at 800-366-4484.
You can also file a complaint with the Federal Trade Commission at www.FTC.gov. Add “IRS Telephone Scam" to the comments in your complaint.
TIGTA and the IRS encourage taxpayers to be alert for phone and e-mail scams that use the IRS name. The IRS will never request personal or financial information by e-mail, texting or any social media. You should forward scam e-mails to firstname.lastname@example.org. Don’t open any attachments or click on any links in those e-mails.
Taxpayers should be aware that there are other unrelated scams (such as a lottery sweepstakes winner) and solicitations (such as debt relief) that fraudulently claim to be from the IRS.
Read more about tax scams on the genuine IRS website at www.irs.gov.
Contact: David Barnes (202) 622-3062
Source: Department of the Treasury
February 21, 2014
Risk Alert - You are the First Line of Defense in Reducing Fraud
Be cautious of any company you select to engage in business
When you are contacted by a company or private party through the internet or telephone wanting to do business or sell something, conduct your own independent research. Verify the identity of that company and read over reviews or other information you can find. Make a sound decision on any purchases or dealings with a company who received negative reviews.
Be cautious when asked to wire money
Be extremely cautious if you are asked to wire money to any person or entity you do not know because it’s nearly impossible to reverse the transaction or trace the money. Again, do research and make sure of the identity of the person or company you are doing business.
Review your account statements frequently
Fraudsters may have stolen your identity without your knowledge so check your accounts frequently. Dishonest merchants may also take advantage by billing you for “membership fees” each month or other goods or services without your authorization. Contact your credit union or card processor immediately if you see charges you don’t recognize or didn’t authorize.
Consider giving only to established charities in the event of a disaster
Don’t give to an unrecognized charity following a disaster as they could be collecting money for their own purpose or to finance illegal activity. For additional donating tips, check out ftc.gov/charityfraud.
Investments are never a sure thing
Always conduct your own research if someone contacts you with low-risk, high-return investment opportunities. When you are requested to “act now” to reap the benefits from “these guaranteed big profits,” be extremely cautious and report them at https://www.ftccomplaintassistant.gov/#&panel1-1.
Be cautious when buying products on line
It’s best to do business with online sites you know and trust. If you buy items through an online auction, consider using a payment option that provides protection, such as a credit card. Do not send money or wire funds to someone you don’t know.
Don’t agree to deposit a check and wire money back.
Members are responsible for checks deposited into their account and if a check turns out to be bogus, the Member is responsible for paying it back. Anyone who overpays with a check and requests that a portion of the funds be returned is almost certainly engaging in fraud.
Don’t respond to emails or messages to provide personal or financial information.
Be extremely cautious when opening a link to an email or responding to any question from a telephone call where personal information is requested. Fraudsters are attempting to trick you into revealing sensitive information. If you received such a message and you are concerned about your account status, call your credit union or the number on the reverse side of your credit or debit card.
If you think you may have been scammed:
Notify your credit union to report the incident.
File a complaint with the Federal Trade Commission at http://www.econsumer.gov/
Visit FTC’s site on identity theft - http://www.consumer.ftc.gov/features/feature-0014-identity-theft
File a complaint with the FBI at the Internet Crime Complaint Center at http://www.ic3.gov/default.aspx to report the incident.
If you get what looks like lottery material from a foreign country through the postal mail, notify your local postmaster.
January 3, 2014
Risk Alert - Tips to Members for Stronger Password Security
Here are some tips for making passwords more secure:
Do not use the same password for multiple accounts.
Use unique passwords. Do not use passwords on any common password lists, such as SplashData’s annual list of worst Internet passwords.
Use passwords with a variety of character types (i.e., use passwords that contain upper and lower case letters, numbers and special, non-alphanumeric characters). The more uncommon the combination of letters, numbers and symbols used in a password, the safer it will be.
Use passwords that are at least eight characters long. The longer the password, the stronger it will be.
Use password generators to create random passwords.
Do not use passwords that are based on personal information (e.g., birthday, Social Security number, nicknames, names of family members, etc.).
Do not use single dictionary words for passwords. Such passwords are susceptible to dictionary attacks.
Use pass phrases instead of passwords.
Do not use passwords derived from strings of sequential numbers or letters (e.g., 123456 and qwerty).
Do not use standard number substitutions (e.g., p455word instead of password).
Use multifactor authentication when available. Facebook, Google, Microsoft and Twitter all offer multiple layers of authentication.
Change passwords periodically, especially for major accounts such as those for banking and shopping sites.
Keep computers and browsers patched, updated and malware free.
December 13, 2013
Risk Alert - Avoiding Common Scams this Christmas Season
The Better Business Bureau serving Chicago and Northern Illinois compiled a list of common scams to be aware of this year and “Vigilance is the word” this shopping season, whether you are shopping on line or in stores, according to Steve J. Bernas, President and CEO of this BBB.
Keeping your eyes and ears open will help identify potential scams that are taking place and you may be able to avert a personal loss.
According to the BBS, consumers / members should be wary of the following potential holiday-oriented scams
Dear Santa Websites – Parents should pay close attention to websites their children visit to avoid those that lure children into divulging too much personal information.
Recalled toys –Shoppers should make themselves aware of what toys have been recalled. While they may have been removed from store shelves that may not be the case for online sites.
Hot Holiday Gifts – There are thousands of new items introduced at Christmas, especially electronics. Consumers should be suspicious of any deal that offers merchandise at extremely low prices and should verify the offer with the retailer involved.
Fake FedEx/UPS emails – Be wary of unexpected urgent emails from a shipper that request money or personal and/or financial information for the delivery of a package.
Phony E-Tailers – Finding those treasures online is easy but you must be careful in selecting which site to shop. Fake e-commerce sites lure buyers with great deals, collect credit/debit card and other personal information and no products are every delivered. If you are shopping a site for the first time check other user’s reviews and verify that the phone number and other information provided on the site is legitimate.
Fake Charities – Don’t ever give money to any charity without first verifying their validity. If the organization needs the money today, they will need it tomorrow – legitimate charities have no problem answering your questions and waiting for your donation.
Bogus Gift Cards – Gift cards are easy and for some the perfect gift for many people. Be careful buying gift cards online or from third parties. It is best to make your purchase from the official retailer.
Layaway plans – To avoid feeling scammed by a layaway plan, be sure to closely examine all terms and conditions. In some cases retailers charge up-front fees, and if you fail to make a payment you may lose the fee you paid and be charged a “restocking” fee.
Dangerous e-cards – E-cards are a quick and easy way to say thank you or send a holiday greeting but you need to use caution because some may be malicious and contain spyware or viruses.
Identity Theft – Use caution while shopping online. Look for third party “trust seals” such as the BBB. And make sure you know with whom you are doing business.
The Better Business Bureau urges consumers to follow these rules to help avert losses:
1. Stay suspicious
2. Practice safe surfing
3. Practice safe shopping
4. Use strong passwords
5. Be careful when clicking
6. Educate yourself
7. Update your computers virus protection program
April 30, 2013
Risk Alert - "Wire transfer canceled"? Watch out for spammed-out malware attack
On April 30, 2012, Graham Cluley, a computer security industry veteran who writes for Sophos’s award-winning Naked Security site has reported warned of the new malware attack reprinted below:
“If you've received an email in your inbox telling you that your wire transfer has been cancelled, take care - as it's the latest attempt by online criminals to infect the general public's Windows computers.
Brits (as opposed to Americans) probably won't be as likely to be duped by the spammed-out messages which use the US spelling of "canceled" in the subject line, and claim to come from the Federal Reserve.
The Wire transfer , recently sent from your bank account , was not processed by the FedWire.
Transfer details attached to the letter.
This service is provided to you by the Federal Reserve Board. Visit us on the web at website
To report this message as spam, offensive, or if you feel you have received this in error,
please send e-mail to email address including the entire contents and subject of the message.
It will be reviewed by staff and acted upon appropriately
Attached to the emails is a file called PAYMENT RECEIPT 30-04-2013-GBK-75.zip which Sophos products detect as containing the Troj/Zbot-EVX Trojan horse, designed to hijack your computer and - potentially - plunder your finances and steal private information.
Of course, the danger is that unsuspecting computer users will open the malicious email attachment even if they haven't recently tried to wire some cash.
The social engineering trap used in this attack takes advantage of people's natural curiousity, which - in many cases - will drive them to investigate the file even if alarm bells should be ringing.
Up-to-date anti-virus software and software patches can help protect your computer, but the real lesson that internet users need to learn is to not be so trusting of unsolicited emails that arrive out of the blue in their inbox.“
May 5, 2011
Malicious Software Features Osama Bin Laden Links to Ensnare Unsuspecting Computer Users
According to consumer protection officials, that email you receive purporting to have photos and videos showing Osama Bin Laden’s death could cost you dearly. This email could contain a virus that targets personal information and addresses stored on your computer and opening that information could set in motion malicious software that will attack your computer.
The FBI’s Internet Crime Complaint Center (IC3) urges computer users to not open unsolicited (spam) e-mails, including clicking links contained within those messages. Even if the sender is familiar, the public should exercise due diligence. Computer owners must ensure they have up-to-date firewall and anti-virus software running on their machines to detect and deflect malicious software.
The IC3 recommends the public do the following:
Adjust the privacy settings on social networking sites you frequent to make it more difficult for people you know and do not know to post content to your page. Even a “friend” can unknowingly pass on multimedia that’s actually malicious software.
Do not agree to download software to view videos. These applications can infect your computer.
Read e-mails you receive carefully. Fraudulent messages often feature misspellings, poor grammar, and nonstandard English.
Report e-mails you receive that purport to be from the FBI. Criminals often use the FBI’s name and seal to add legitimacy to their fraudulent schemes. In fact, the FBI does not send unsolicited e-mails to the public. Should you receive unsolicited messages that feature the FBI’s name, seal, or that reference a division or unit within the FBI or an individual employee, report it to the Internet Crime Complaint Center at www.ic3.gov.
By: Jay A. Slagel, Vice President - Risk Management / Claims Cell Phone: 608-213-2816 email@example.com
March 11, 2011
Tips On Avoiding Fraudulent Charitable Contribution Schemes
Recently several natural disasters, including tornadoes, floods, and earthquakes, have devastated lives and property. In the wake of these events that have caused emotional distress and great monetary loss to numerous victims, individuals across the nation often feel a desire to help these victims, frequently through monetary donations.
These disasters prompt individuals with criminal intent to solicit contributions purportedly for a charitable organization or a good cause. Therefore, before making a donation of any kind, consumers should adhere to certain guidelines, to include the following:
- Do not respond to unsolicited (SPAM) e-mail.
- Be skeptical of individuals representing themselves as officials soliciting via e-mail for donations.
- Do not click on links contained within an unsolicited e-mail.
- Be cautious of e-mail claiming to contain pictures in attached files, as the files may contain viruses. Only open attachments from known senders.
- To ensure contributions are received and used for intended purposes, make contributions directly to known organizations rather than relying on others to make the donation on your behalf.
- Validate the legitimacy of the organization by directly accessing the recognized charity or aid organization's website rather than following an alleged link to the site.
- Attempt to verify the legitimacy of the non-profit status of the organization by using various Internet-based resources, which also may assist in confirming the actual existence of the organization.
- Do not provide personal or financial information to anyone who solicits contributions: providing such information may compromise your identity and make you vulnerable to identity theft.
If you believe you have been a victim of a charity related scheme, contact the National Center for Disaster Fraud by telephone at (866) 720-5721, or by fax at (225) 334-4707, or by e-mail at firstname.lastname@example.org You can also report suspicious e-mail solicitations or fraudulent websites to the Internet Crime Complaint Center at www.IC3.gov.
National Center for Disaster Fraud (NCDF) was originally established by the Department of Justice to investigate, prosecute, and deter fraud in the wake of Hurricane Katrina. Its mission has expanded to include suspected fraud from any natural or man-made disaster. More than 20 federal agencies, including the FBI, participate in the NCDF, allowing it to act as a centralized clearinghouse of information related to relief fraud.