Cybercriminals often use publicly available phone directories, so they might know your name and other personal information when they call you. They might even guess what operating system you're using. Once they've gained your trust, they might ask for your user name and password or ask you to go to a legitimate website to install software that will let them access your computer to fix it. Once you do this, your computer and your personal information are vulnerable. Do not trust unsolicited calls. Do not provide any personal information. If someone calls you and is claiming to be tech support do not purchase any software or services from them. Never give control of your computer to a third party unless you can confirm that it is a legitimate representative of a computer support team with whom you are already a customer. Never provide your credit card or financial information to someone claiming to be from tech support.
E-mail Account Compromise (EAC) is a sophisticated scam that targets the general public and professionals associated with, but not limited to, financial and lending institutions, real estate companies, and law firms. In EAC scams, criminal actors use social engineering or computer intrusion techniques to compromise the e-mail accounts of unsuspecting victims. In many cases, a criminal actor first gains access to a victim’s legitimate e-mail address for reconnaissance purposes. The criminal actor then creates a spoofed e-mail account that closely resembles the legitimate account, but is slightly altered by adding, changing, or deleting a character. The spoofed e-mail address is designed to mimic the legitimate e-mail in a way that is not readily apparent to the targeted individual. The criminal actor then uses either the victim’s legitimate e-mail or the spoofed e-mail address to initiate unauthorized wire transfers. To help protect yourself, do not open e-mail messages or attachments from unknown individuals and be aware of small changes in e-mail addresses that mimic legitimate e-mail addresses.
While it is very popular to purchase, spend, and give others gift cards, the FBI would like to warn consumers of the potential for fraud. The online presence of the Secondary Gift Card Market has grown significantly in recent years. The Secondary Gift Card Market provides a venue for consumers to resell unwanted gift cards. However, criminal activity has been identified through sites facilitating such exchanges. Consumers can take several steps to protect themselves when buying and selling gift cards in the Secondary Gift Card Market by checking website reviews and only buying from or selling to reputable dealers. When purchasing gift cards online, be leery of auction sites selling gift cards at a discount or in bulk. When purchasing gift cards in a store, examine the protective scratch-off area on the back of the card for any evidence of tampering.
Verizon Online has been made aware of a new phishing scam targeting Verizon customers. This scam attempts to lure customers to a fraudulent web site to input personal information and/or download virus infected programs. The fake e-mail will ask you to confirm your account information or be marked urgent and if not attended to then your account will be inactivated. Verizon will never ask for personal or account information by e-mail. Do not respond to the e-mail in any way. Do not click any links or attachments and do not provide your personal data to any web sites included within the e-mail.
Many phishers actively target Gmail users and attempt to steal their credentials. Phishers will often say that you need to update your Gmail account information or your account will be suspended. The link provided in the email will appear to be https://accounts.google.com, but in reality the link will take the user to a site controlled by the phisher. Beware of these types of emails, and always double check that the URL in the address is what you expect before entering personal information or passwords. If you have Gmail, consider turning on two-step verification to add an extra layer of security to your Google Account.
Dorkbot is a botnet used to steal online payment, participate in distributed denial-of-service (DDoS) attacks, and deliver other types of malware to victims’ computers. According to Microsoft, the family of malware used in this botnet “has infected more than one million personal computers in over 190 countries over the course of the past year.” Dorkbot-infected systems are used by cyber criminals to steal sensitive information (such as user account credentials), launch denial-of-service (DoS) attacks, disable security protection, and distribute several malware variants to victims’ computers. Dorkbot is commonly spread via malicious links sent through social networks instant message programs or through infected USB devices. To protect yourself you should use and maintain anti-virus software. You should also change your passwords often.
The United State Computer Emergency Readiness Team (US-CERT) warns users to remain vigilant for malicious cyber activity seeking to capitalize on interest in Hurricane Matthew. Users are advised to exercise caution in handling any email with subject line, attachments, or hyperlinks related to Hurricane Matthew, even if it appears to originate from a trusted source. Fraudulent emails will often contain links or attachments that direct users to phishing or malware-infected websites. Emails requesting donations from deceptive charitable organizations commonly appear after major natural disasters.
US-CERT encourages users and administrators to use caution when encountering these types of email messages and take the following preventative measures to protect themselves from phishing scams and malware campaigns: