Thieves are coming up with more and more devious ways to try and
trick you into giving them personal or financial information. We
hope these alerts will help you stay up-to-date on the latest
scams, so you can avoid becoming a victim.
Latest News
April 23
Boston Marathon Bombing Used to Disseminate Malware and
Conduct Financial Fraud
An advisory released by the Governors Homeland Security Council
and the Center for Internet Security warns that the recent bombing
during the Boston Marathon could be used as a means to disseminate
malware through malicious links or websites. In addition, multiple
fake charities were reported to have been created minutes after the
explosions.
Please click here to see the advisory for
details regarding the threats and recommended actions consumers can
take to avoid becoming a victim to these frauds.
---------------------------------------------------------------------------------------------
April 23
FTC Report: Consumer Fraud in the United
States
The Federal Trade Commission (FTC) has released their report,
Consumer Fraud in the United States, 2011. This report discusses
the findings of the third survey commissioned by the FTC and
conducted in late 2011 and early 2012 to examine consumer
experiences involving fraud.
Two of the most frequently reported frauds by survey
participants were fraudulent prize promotions and fraudulent
work-at-home programs. According to the report, approximately 2.4
million people spent money on a fraudulent prize promotion in which
they paid fees for prizes never received. An estimated 1.8 million
people paid for programs that made earnings claims for home-based
businesses, but the work-at-home programs produced less than half
the earnings promised. Because many buyers tried more than one
program, work-at-home businesses accounted for an estimated 2.8
million incidents of fraud. For more information, click here to read the report.
---------------------------------------------------------------------------------------------
April 19
Secure Your ID Day: Shred Paperwork You No Longer Need
Identity theft is an enormous
problem, but there are a number of steps you can take to secure
your personal information.
Over half of identity theft
victims can trace the theft to something that was stolen from their
possession. So here's the first rule: If you don't need it, shred
it - responsibly. Better Business Bureau is urging businesses and
consumers alike to take advantage of BBB's Secure Your ID Day
featuring free, on-site shredding on April 20, 2013. Read more.
---------------------------------------------------------------------------------------------
April 8
8 in 10 Companies Suffered Web-borne Attacks
March 29, Help Net Security
A survey conducted by Webroot found that 80 percent of
companies experienced at least one variety of Web-borne attacks in
2012, and that phishing was the most common attack, among other
findings. Read more.
---------------------------------------------------------------------------------------------
March 27
IRS Releases the Dirty Dozen Tax Scams for 2013
IR-2013-33, March 26, 2013
WASHINGTON - The Internal Revenue Service today issued its
annual "Dirty Dozen" list of tax scams, reminding taxpayers to use
caution during tax season to protect themselves against a wide
range of schemes ranging from identity theft to return preparer
fraud. Read more.
---------------------------------------------------------------------------------------------
March 13
US Postal Service warns of foreign lottery scams
KABC Los Angeles
A letter you receive in the mail informs you that you've just won
several million dollars in a foreign lottery. But now you've got to
send them money for processing or taxes. It sounds like an obvious
scam to most of us, but many seniors are falling for it every day.
A Monday news conference kicked off Consumer Protection Week.
Postal inspectors said foreign lottery scams have bilked thousands
of Americans out of millions of dollars. Seniors are usually the
victims. Regina Faulkerson, assistant postal inspector, said the
past three years have seen over $42 million stolen from victims,
though most of the crimes go unreported. Read more.
---------------------------------------------------------------------------------------------
February 25
Beware of Bogus IRS E-Mails
The IRS has issued a warning to taxpayers who receive emails
claiming to be from the agency. "Scammers use the IRS name or logo
to make the message appear authentic so you will respond to it,"
the warning reads, adding that the tactic is actually "phishing" --
attempting to trick recipients into revealing personal and
financial information, which can lead to ID theft. Read more.
---------------------------------------------------------------------------------------------
February 13
Global malicious websites increase by 600%
Help Net Security
A Websense Security Labs report detailed several findings
regarding Web-based cyberattacks, including that legitimate hosting
services hosted 85 percent of malicious sites. Read more.
---------------------------------------------------------------------------------------------
January 30
E-mail Claiming to Be From the FDIC
The Federal Deposit Insurance Corporation (FDIC) has
received numerous reports of fraudulent e-mails that have the
appearance of being sent from the FDIC.
While the e-mails exhibit variations in the "From" and
"Subject" lines, the messages are similar.
The fraudulent e-mails are addressed to the attention of
the "Accounting Department" and meant to notify recipients that
that that "ACH and WIRE transactions" are being blocked until "a
special security software" is installed.
They then instruct recipients to go to a Web site for
instructions on how to download the necessary files by clicking on
a hyper-link provided (Note: the Web site addresses (URL) vary
widely).
This e-mail and link are fraudulent. Recipients should
consider the intent of this e-mail as an attempt to collect
personal or confidential information, or to load malicious software
onto end users' computers. Recipients should not click on the link
provided.
The FDIC does not issue unsolicited e-mails to consumers
or business account holders.
For more Consumer Alerts visit: http://fdic.gov/consumers/consumer/alerts/?source=govdelivery
---------------------------------------------------------------------------------------------
December 7, American Banker
Skimming, trapping threatened ATMs in 2012:
Survey
Fraud and physical attacks against ATMs rose globally in
2012, according to a survey of 225 respondents worldwide released
December 6 by the ATM Industry Association. According to the
survey, the swiping of details embedded in the magnetic stripes of
debit and credit cards inserted into ATMs remains the top threat to
ATM security, followed by the deployment of devices that trap cash
or cards and prevent them from being dispensed to customers. The
use of gas and explosives to destroy ATMs increased in the past six
months as well, according to the survey. Forty-five percent of
those surveyed said criminal attacks on ATMs in their country or
region rose since the second quarter, while 53 percent said fraud
and attacks on ATMs have added costs to their businesses. Roughly
54 percent of respondents said they invested more in security
technology compared with six months ago, while 42 percent report no
change in their investment. Read more.
----------------------------------------------------------------------------------------------
November 23, Silicon Republic
Fake Apple invoices in your inbox could lead to empty bank
accounts
Fake Apple invoices are appearing in inboxes that contain a
Blackhole exploit kit and a trojan that is designed to log users'
keystrokes and ultimately compromise bank accounts, Silicon
Republic reported November 23. The multi-pronged approach was
discovered by a Sophos researcher who reported it in the Naked
Security blog. The online criminals who circulated the fake
invoices are using a form of social engineering where users think
they are being billed for an expensive product they never
bought. Read more.
----------------------------------------------------------------------------------------------
November 12, Help Net Security
One in four users at risk due to outdated browsers
Nearly a quarter of users do not use the latest browser
versions, and those using Mozilla Firefox are the slowest when it
comes to updating, which leaves them open to Web-based attacks,
Kaspersky Lab warns. The research differentiates between older (but
still supported) versions of the browsers and the outdated ones,
but still point out that 23 percent of the users have not opted for
the latest versions and the security improvement they bring.
Read
more
----------------------------------------------------------------------------------------------
November 6, Help Net Security
"USPS delivery problem" spam leads to malware
Help Net Security reported November 6 that fake emails
seemingly coming from U.S. Postal Service (USPS) telling customers
that they have failed to deliver packages on time actually contain
a downloader trojan. Hoax-Slayer warned that the USPS logo,
delivery bar code, and shipping numbers make the spoofed
notification look rather legitimate. However, the link that
supposedly takes users to a printable shipping label with
instructions to take it to the nearest "UPS" office will actually
lead users to a compromised Web site that will automatically
download a file named Shipping_Label_USPS.zip. At the time when the
spam campaign was first spotted the Trojan had an extremely low
detection rate. Read more
----------------------------------------------------------------------------------------------
November 2, The Register
One in seven North American home
networks full of malware
One in seven home networks in
North America are infected with malware, a recent study reveals.
Half the threats detected during the third quarter of 2012 were
made up of spam-distributing zombies or banking trojans, while the
remainder were mostly adware and other lesser threats, according to
the study by Kindsight Security Labs. The study was based on data
gathered from the security firm's service provider customers.
Consumers most commonly get infected with malware after visiting
Web sites contaminated with exploit kits via drive-by attacks.
Kindsight names the ZeroAccess botnet as among the worst menaces to
Internet safety. ZeroAccess was the most active botnet in the third
quarter, with more than 2 million infected users worldwide with
685,000 in the United States alone. Read
more
----------------------------------------------------------------------------------------------
IRS warns of sophisticated phishing scheme using fake IRS
website
AL.com
A sophisticated phishing scheme that uses an official-looking but
fake Internal Revenue Service (IRS) Web site has been netting
victims, the IRS said November 1. The scam uses a Web site that
mimics the IRS e-Services registration page to collect personal
information. The official page provides products for tax preparers,
not the general public. "The phony Web page looks almost identical
to the real one," the IRS said in a prepared statement. "Criminals
use these sites to lure people into providing personal and
financial information that may be used to steal the victim's money
or identity." Read more
----------------------------------------------------------------------------------------------
November 2
Cybercriminals Take Advantage of Disaster to Spread Malware
Users are reminded to
be on the lookout for emails or postings pleading for donations or
offering exclusive video following Sandy which, in fact, contain
malware, spyware, Trojans, or viruses. For example, Verizon
recently discovered a new link delivering a Sykipot variant in a
file called Disaster_Relief_Info.ZIP, which contains
Disaster_Relief_Info.scr. Based upon the information available,
Verizon believes this lure is likely being used in targeted attacks
and is likely retrieved by clicking on a link in a phishing email.
Previous Sykipot campaigns have heavily targeted the DIB and other
government organizations at the state and federal levels. For full
details please, see Verizon Business Security
Blog
----------------------------------------------------------------------------------------------
October 25
Advanced malware allows cybercriminals to empty a bank
account in one go
Softpedia
Security firm AVG released its Community Powered Threat
Report for the third quarter of 2012. The study focuses on the 2.0
version of the Blackhole exploit kit, the evolution of malware and
other threats that marked the past quarter. According to AVG, the
Blackhole exploit kit leads both the toolkit and the malware
markets with a share of almost 76 percent, respectively 63 percent.
Considering that the crimekit's authors launched the 2.0 version,
experts say its market share will grow even further and the attacks
it utilizes in will become even more "aggressive" because of the
advanced evasion techniques recently integrated into it.
Read more
----------------------------------------------------------------------------------------------
October 24
ATMs may be top targets for crime: Verizon report
American Banker
More than half of intrusions in the financial industry in a
recent study led by Verizon involved tampering with ATMs, the
company said in a report published October 24. Overall, 61 percent
of security threats involved physical tampering, including the
installation of skimming and camera devices on ATMs. Roughly one in
four threats involved malware that captures user names and
passwords. Another 22 percent involved hacking. According to the
study, 56 percent of data breaches compromised ATMs. Another 21
percent of attacks compromised database servers, while 13 percent
involved Web servers. Overall, 96 percent of threats to banks
originated externally and emanated mostly from professional
criminal organizations in Eastern Europe and elsewhere, according
to the study. Still, 9 percent of breaches involved employees of
the target company, one of the highest rates of internal breaches
among industries the group examined. Insiders were people who
typically handled financial transactions, such as bank tellers and
loan officers, the study found. Read more
----------------------------------------------------------------------------------------------
October 17
Bank Systems and Technology
One in four customers are card fraud victims, study finds
A new study looking at the
behavior and concerns of customers worldwide concerning card fraud
was released October 17 by payments solutions provider ACI
Worldwide and the Aite Group, a research firm. The 2012 fraud
report, titled "Global Consumers React to Fraud: Beware Back of
Wallet," found that 27 percent of global consumers had been hit by
credit card fraud over the past 5 years. The study asked more than
5,200 customers in more than 17 countries around the globe if they
had experienced card fraud and how that had changed their consumer
behavior. Read
more
----------------------------------------------------------------------------------------------
October 15
Next-generation malware: Changing
the game in security's operations center
Dark Reading
Sophisticated, automated malware
attacks are spurring enterprises to shift their security technology
and staffing strategies. In many new cases, augmentations to
malware involves no human author, rather, it is being created by an
automated program that continually tweaks known attacks in new
ways, so that it will not be recognized by antivirus or intrusion
prevention systems. Read
more
----------------------------------------------------------------------------------------------
October 14
New scam pilfers social security checks at
banks
Associated Press
A new scam is diverting Social Security checks
from seniors by re-routing the checks using direct deposit systems
at banks, the Associated Press reported October 14. Scammers
typically gain the name and bank account number of victims through
phony lottery and sweepstakes schemes. Then the scammers call the
Social Security Administration (SSA) posing as the victims and
re-route the checks to an account the scam artists can tap. The SSA
has found more than 19,000 unauthorized attempts to change direct
deposit accounts and receives another 50 each day. Read
more
----------------------------------------------------------------------------------------------
October 4
Bogus Skype password change notifications lead to
phishing
Help Net Security
Bogus emails supposedly sent by Skype are targeting users
of the popular VoIP service, saying their Skype password was
―successfully changed.‖ Users who have not recently initiated the
password change themselves are in danger of believing their account
is being hijacked and following the offered links. Those that do
will be faced with a spoofed Skype login page that sends the
entered login credentials to the scammers behind the phishing
attempt. Users are advised to always log into the legitimate online
services only via the official login page. Read more
----------------------------------------------------------------------------------------------
Fake Visa/Mastercard 'Security incident'
notifications doing rounds
Help Net
Security
Bogus emails purportedly sent by the
Visa/Mastercard "Identity Theft Department" are targeting the
cards' users by trying to convince them that a "security incident"
has put their online banking and credit card credentials at risk,
Help Net Security reported September 27. Unfortunately for those
users who click a link included in the emails, the destination page
is a phishing page. "Although the fake form is not hosted on a
secure (https) site as all genuine online financial transactions
would be, the scammers have made an attempt to make the process
seem more authentic by providing a typical image based security
code field," Hoax-Slayer reported. Users who enter the requested
details will then be taken to further fake pages that request more
financial and personal details. All information submitted on the
bogus form will be sent to online criminals and used to make
fraudulent transactions in the victim's name. Read more
----------------------------------------------------------------------------------------------
October 3
Fraudulent E-mails Claiming to Be From the FDIC
This message is to notify you of fraudulent e-mails
in circulation claiming to be from the FDIC. Please consider
both to be fraudulent.
The Federal Deposit Insurance Corporation (FDIC) has
received numerous reports of fraudulent e-mails that have the
appearance of being sent from the FDIC.
While the e-mails exhibit variations in the "Subject" lines,
the messages are similar. They all make reference to the
suspension of recipient's ability to conduct transfers via ACH
and/or wire transfer. The e-mails then encourage recipients
to install a software update by clicking on a link provided.
They then say that functionality will be restored once the software
update is installed.
These e-mails and the link provided are fraudulent.
Recipients should consider the intent of these e-mails to load
malicious software on the recipient's computer, or to collect
personal or confidential information. Recipients should not
click on the link provided.
The FDIC does not send unsolicited e-mails to consumers or
business account holders.
----------------------------------------------------------------------------------------------
September 19
Victims of phishing attacks unaware their websites are
compromised, APWG finds
Softpedia
A study by the Anti-Phishing Working Group (APWG) reveals
many Web site owners whose domains have been compromised by
phishers are unaware that they are victims of a cybercriminal
operation. In order to ensure their phishing campaigns do not get
interrupted by security solutions providers, cybercriminals often
take over legitimate hosts on which they plant their malicious Web
pages. The results of the study show attackers are still mostly
targeting environments that rely on Linux, Apache, MySQL, andPHP.
The biggest concern is that in 80 percent of the cases, the site's
owners are unaware they are part of a criminal operation until a
third party notifies them. Read more
----------------------------------------------------------------------------------------------
September 12
Skimming threatens debit card users, while fraud strikes 1
percent of credit card transactions.
CardRatings.com
Twice as many credit card fraud cases involve phone or
online transactions than retail sales, according to new data from
FICO, CardRatings.com reported September 12. However, researchers
found that sophisticated counterfeit rings have raised the stakes
for merchants over the most recent 20-month survey period.
Researchers reported an increase in skimming. ATMs, grocery stores,
and automated fuel pumps topped the list of places where criminals
use stolen or cloned debit cards. According to a company spokesman,
fraud rings usually test stolen cards with smaller online
transactions. In a statement to reporters, he described online
tests as a "relatively safe" way for thieves to learn whether
victims notice extra purchases on their monthly statements. The
theory rings true with researchers at J.D. Power and Associates,
where the results of an annual customer satisfaction survey showed
that nearly a quarter of reported credit card problems involved
fraudulent transactions. Read more
----------------------------------------------------------------------------------------------
September 13, 2012
Fraudulent E-mails in Circulation
This message is to notify you of two fraudulent e-mails in
circulation claiming to be from the FDIC. Please consider
both to be fraudulent.
The first fraudulent email includes statements pertaining to the
Bankruptcy Reform Act of 1978 and the Investor Protection Law under
the Securities Act of 1933. The contact information claims to
be [email protected], and the area code of (646) is used is
for the Washington Office. The FDIC does not have email addresses
@execs.com and (202) is the area code for the Washington Office. A
form, which is attached to the cover letter, purports to be an
"FDIC Claimant Verification" form. It too is fraudulent.
The second fraudulent email claims to originate
at [email protected] and pertains to ACH transactions. The
recipient is told that an ACH transaction has not been delivered;
the recipient is requested to download the update via a link.
These e-mails are fraudulent and were not sent by the FDIC.
Recipients should consider these e-mails as an attempt to steal
money or obtain personal or confidential information from the
recipient. Recipients should NOT, under any circumstances, send
funds as requested or provide any personal financial information.
Also, please do not click on the links provided in the fraudulent
emails, as this may load malicious software onto end users'
computers. As a reminder, the FDIC does not send unsolicited emails
to consumers or business account holders.
-----------------------------------------------------------------------------------------------
September 12
CONSUMER ALERT: "Ransomware" Scam Tying Up Personal
Computers
Wisconsin Department of Agriculture, Trade and Consumer
Protection
If your computer locks up and a screen appears telling
you that you owe a fine for accessing illegal material on the
internet, you are the victim of Reveton "ransomware." "The
FBI has issued a warning about ransomware, and now we're hearing
from Wisconsin consumers who are victims," says Sandy Chalmers,
Administrator of Trade and Consumer Protection. "Use caution
when online, and don't pay money to unlock your computer."
Unlike a traditional virus which infects computers when the
user opens a file or attachment, Reveton infects a computer when
the user clicks on a compromised website. Read More
---------------------------------------------------------------------------------------------
September
4
Fake AmEx 'security verification' phishing emails doing
rounds
Help Net Security
Malicious spam emails impersonating American Express (AmEx)
have been hitting inboxes in the last few days, trying to make
recipients open an attached HTML file to gather personal
information, Help Net Security reported September 4. The email
purports to be a notification about a "Membership Security
Verification," and warns the users that a "slight error" has been
detected in their AmEx accounts. To make it right - and not lose
access to their accounts in the next 48 hours - the victims are
urged to download the attached HTML file and open it in a browser.
The phishers are looking for every bit of personal and financial
data they can get, including the users' name, address, home and
work telephone numbers, Social Security number, mother's maiden
name and date of birth, users' date of birth, AmEx credit card
number, expiration date, card security code, ATM PIN, email
address, and the password for it. All of the information submitted
on the fake form will be sent to online criminals and subsequently
used to steal the identities of victims as well as use their credit
card details to conduct fraudulent transactions, according to
Hoax-Slayer. Read
more
-----------------------------------------------------------------------------------------------
August 31
Curbing card fraud at the pump
BankInfoSecurity
Card fraud linked to pay-at-the-pump gas terminals is
growing, and that trend will continue until more fraudster
convictions are publicized, some security experts say, according to
BankInfoSecurity August 31. Meanwhile, in an effort to help prevent
fraud, one trade association is testing a system designed to help
alert convenience stores and others about potential skimming
threats. A fraud expert at Aite said that many card issuers
speculate that the increases are linked to crime rings that want to
exploit the card data they have in-hand before the U.S. payments
infrastructure migrates to chip-card technology, part of a movement
to comply with the global Europay, MasterCard, Visa standard. To
help combat skimming, the Petroleum Convenience Alliance for
Technology Standards (PCATS) is beta-testing a skimming database
that logs reports of pay-at-the-pump skimming incidents. PCATS is
working with about 10 retail and petroleum brands to collect data
that can be used to identify common targets. Once regions or
certain terminal brands have been identified as being hit by
skimming most often, PCATS notifies other convenience stores and
gas stations that are likely to be the next victims. Read
more
-----------------------------------------------------------------------------------------------
August 29, 2012
Intuit security tool spam campaign making the rounds once
again
Softpedia
Malicious emails
claiming to originate from Intuit are attempting to convince
recipients they need to install a piece of software to access their
QuickBooks accounts, giving them a deadline to comply. The email
looks the same as an older variant that made rounds over a year
ago. It seems this spam campaign has been reinitialized to steal
sensitive data from Intuit customers. The message reads: "You will
not be able to access your Intuit QuickBooks account without Intuit
Security Tool (IST) after 31th of August, 2012. You can download
Intuit Security Tool here." The links from the email currently lead
to a compromised Web site from Denmark on which the cybercriminals
planted a phishing Web page. The company has warned users to avoid
such emails ever since the campaign started. They highlight the
fact that legitimate emails will never contain "software update" or
"software download" attachments. Read more
-----------------------------------------------------------------------------------------------
August 24, 2012
Poor passwords cracked in seconds
PC Magazine
A Sophos researcher who reported on the initial hack of
Phillips Electronics recently, noted the plaintext password
collection contained some extremely simple choices. He also
conducted an experiment cracking those password hashes. He
downloaded the free open-source tool John the Ripper to a basic
laptop and input the list of hashed passwords into the cracking
tool. It cracked a quarter of the passwords in 3 seconds or less,
and fully half of them in 50 minutes. When the researcher ended the
test at 2 hours, John the Ripper had cracked 53 percent of the
hashed passwords. Read more
-----------------------------------------------------------------------------------------------
August 17, 2012
'MS Cyber-Crime Department' warnings lead to phishing
Help Net Security
Emails purportedly sent by the Microsoft Cyber-Crime Department
warning all Internet users their email account may be deleted from
the world email server has been hitting inboxes around the world.
The phishers used the official logo of the Microsoft Digital Crimes
Unit to lend the email an aura of legitimacy. Following the
embedded email will take the victims to a page where they are
asked to supply their email address, username, and password. The
inputted information is sent directly to the phishers. Read More.
-----------------------------------------------------------------------------------------------
August 16, 2012
Fraudulent Email Claiming to be from UPS
Circulating
UPS is seeing an increase in fraudulent emails
from unauthorized third parties not associated with the company.
These e-mail messages referred to as "phishing" or "spoofing"
come in many different forms and are becoming more common and may
appear legitimate by incorporating company brands, colors, or other
legal disclaimers. In addition to other fraudulent emails
(see examples below), there are new spoofs currently circulating.
Some of these emails mention a "21 day notice" while others ask you
to "surf" to the Billing Center. These emails point to invalid
Billing Center hyperlinks that are revealed when you hold your
cursor over them. These links may contain malware, which could
potentially corrupt your computer. Read More.
-----------------------------------------------------------------------------------------------
August 15, 2012
Consumers targeted in door-to-door sales scams
Milwaukee Journal Sentinel
The Wisconsin Better Business Bureau has
received 18 complaints this year about door-to-door sales of
magazines and books. The complaints come from across the state,
from Appleton, Superior and Hudson to Pewaukee and Milwaukee. The
national Better Business Bureau warned that it is seeing an
increase in complaints about door-to-door sales of such things as
magazines, meat, cosmetics, cleaning supplies and home repairs. The
BBB has received 1,147 complaints of door-to-door salespeople
nationwide through July of this year compared with 1,300 in all of
2011. The majority of the complaints this year - more than 600
nationally - were about companies selling magazines. Most were from
consumers who paid for magazines they never received. Often, the
salesperson claimed to be working for a local school or charity
fundraiser. Governmental agencies and consumer groups say the most
important rules are not to let salespeople into your home, and to
hold off on purchasing anything until you've researched the
company. Read More.
-----------------------------------------------------------------------------------------------
July 30, 2012
Fake Groupon discount emails carry malware
Cybercriminals have spammed
out malware, attached to emails claiming to be related to discounts
for offers on Groupon. The emails, which have the poorly spelt
subject line of "Groupon dicount gifts" (in itself something which
should ring alarm bells), pretend to come from Groupon, and claim
that one of your friends has found a deal on the website. Read More.
-----------------------------------------------------------------------------------------------
June 19, 2012 --IDG News Service
Fake Android antivirus app
likely linked to Zeus banking Trojan, researchers say
A recently discovered fake Android security
application is most likely a mobile component of the Zeus banking
malware, security researchers from antivirus firm Kaspersky Lab
said June 18. Called Android Security Suite Premium, the rogue app
is capable of stealing SMS messages and uploading them to a remote
server. When launched, the app displays a shield image that long
associated with Windows fake antivirus programs. However, this
might not be a mobile scareware app, but a new variant of ZitMo -
Zeus in the Mobile, a Kaspersky Lab senior malware analyst
said.
Read More.
-----------------------------------------------------------------------------------------------
June 11, 2012
A human firewall? Tips to keep information
secure
As we've discussed on Portals and Rails in the
past, PIN cardholder verification offered by ATM and debit
cards has proven superior in preventing fraudulent transactions
compared to signature cardholder verification. And while a PIN is a
solid fraud deterrent, it is by no means 100 percent effective in
reducing fraud. As we are in the midst of ATM and Debit Card Safety
Awareness Month, it is important for consumers to understand their
responsibility in the fight against cardholder fraud. Read
more.
-----------------------------------------------------------------------------------------------
June 6, 2012 -- Bank Info Security
LinkedIn: Hashed Passwords Breached
LinkedIn has confirmed that a breach of its network compromised
hashed passwords associated with accounts. While LinkedIn has not
yet confirmed how many passwords were affected, some reports
estimate nearly 6.5 million could have been compromised. In a
blog LinkedIn posted and updated
June 6, the social network, which has about 150
million users, says it is continuing to investigate the hack and is
notifying affected LinkedIn members about the next steps they
should take to ensure their accounts' security. Read more.
-----------------------------------------------------------------------------------------------
May 22, 2012 -- IDG News Service
Banking malware spies on victims by hijacking webcams,
microphones, researchers say
A new variant of SpyEye malware allows cybercriminals
to monitor potential bank fraud victims by hijacking their Web cams
and microphones, according to security researchers from Kaspersky
Lab May 21. SpyEye is a computer trojan that specifically targets
online banking users. Like its older cousin, Zeus, SpyEye is no
longer being developed by its original author but is still widely
used by cybercriminals. SpyEye's plug-in-based architecture allows
third-party malware developers to extend its original
functionality, a Kaspersky Lab malware researcher said. Read More.
-----------------------------------------------------------------------------------------------
May 8, 2012-- Green Bay Press Gazette
Wire-transfer scams hitting Wisconsin
consumers
The Wisconsin Department of Agriculture, Trade and Consumer
Protection received a rash of complaints in April from victims of
wire fraud, with scammers taking between $2,500 and $16,000 from
the victims. In three cases, the consumers were victims of the
"grandparents scam." The other two consumers were victims of a
"Nigerian scam" and a check-cashing scam. These scam victims were
often elderly and were from all around the state. "Scammers love
wire transfers because once they have convinced you to send money
through these means, it's nearly impossible to get the money back,"
said Sandy Chalmers, division administrator for Trade and Consumer
Protection. Read more.
-----------------------------------------------------------------------------------------------
April 30, 2012
Processor Warns of Hacking Trend
Smaller Merchants Especially Vulnerable to POS
Attacks
Over the past year, First Data, the largest payments
processor in the U.S., has seen an uptick in "trolling" - hackers
sniffing networks for remote access into point-of-sale systems that
are open or loosely protected. Read more.
-----------------------------------------------------------------------------------------------
April 24, 2012 -- Help Net Security
Phishing and malware meet check
fraud
Trusteer recently uncovered a scam in an underground
forum that shows how data obtained through phishing and malware
attacks can be used to make one of the oldest forms of fraud -
check forging - even harder to prevent. The scam involves a
criminal selling pre-printed checks linked to corporate bank
accounts in the United States, the United Kingdom, and China. The
criminal is selling falsified bank checks made with specialized
printing equipment, ink, and paper. For $5 each, they will supply
checks that use stolen data provided by the buyer. Read More.
-----------------------------------------------------------------------------------------------
April 2, 2012 -- CNNMoney
1.5 million card numbers at risk from
hack
A data breach at a payments processing firm
potentially compromised up to 1.5 million credit and debit card
numbers from all of major card brands. Global Payments, a company
that processes card transactions, confirmed March 30 that "card
data may have been accessed." It said it discovered the intrusion
in early March and "promptly" notified others in the industry.
Global Payments released a statement April 1 with more
details.
Read More.
-----------------------------------------------------------------------------------------------
March 28, 2012 -- U.S. Federal Trade
Commission
FTC takes action against bogus precious metals investment
scheme
The U.S. Federal Trade Commission (FTC) has taken action to halt a
telemarketing operation that allegedly took millions of dollars
from senior citizens by conning them into buying precious metals on
credit without clearly disclosing significant costs and risks,
including the likelihood that consumers would subsequently have to
pay more money or lose their investment, according to a March 28
press release. Read More.
-----------------------------------------------------------------------------------------------
March 26, 2012--
MSNBC
Hackers turn credit report websites against
consumers
The most important tool consumers have to fight
against identity theft has been turned against them by hackers,
MSNBC reported March 26. Web sites that offer consumers a chance to
see credit reports are being brazenly used by hackers to steal
information. The prices of the reports rise and fall depending on
the credit score of the victim. For consumers with credit scores in
the 750s, report data might fetch $80; reports from victims with
scores in the low 600s sell for about half that, according to "for
sale" pages viewed by MSNBC. Read More.
-----------------------------------------------------------------------------------------------
March 15, 2012 -- Milwaukee Journal Sentinel
Phony debt collectors scamming victims into
paying loans
Wisconsin's financial regulator is warning of a scam in which
crooks pose as debt collectors and pressure people into sending
them money, in some cases to pay for loans the consumers never even
took out. Sometimes the fake debt collectors call with personal
information they've somehow acquired, such as a bank account
number, which makes them sound more legitimate, said Peter
Bildsten, secretary of the Wisconsin Department of Financial
Institutions. The most common threat: The person will be put into
jail if payment isn't made. The state financial regulator is aware
of only 10 times in which people in Wisconsin fell for the scheme,
losing an average of $400. Often the fake collectors will demand
money related to payday loans, but that is not the only type of
loans they've cited while trying to confuse potential victims. Milwaukee Journal Sentinel
-----------------------------------------------------------------------------------------------
March 13, 2012 -- IDG News
Cybercriminals bypass e-banking protections with
fraudulent SIM cards, says Trusteer
Cybercriminals are impersonating victims to obtain
replacement SIM cards from mobile carriers, which they then use to
defeat phone-based Internet banking protections, security vendor
Trusteer said in a March 13 blog post. Trusteer researchers have
recently seen variants of the Gozi online banking trojan injecting
rogue Web forms into online banking sessions to trick victims into
exposing their phone's international mobile equipment identity
number, in addition to other personal and security
data.
Read More.
----------------------------------------------------------------------------------------------
March 8, 2012 -- If you receive an email from
www.harlandclarkes.com (with an 's') OR if it is
forwarded to you:
- DELETE IT IMMEDIATELY; and
- DO NOT CLICK THE LINK PROVIDED; it contains a
malicious link. Opening it could risk you downloading a virus.
SITUATION:
On Wednesday, March 7, the Corporate Security Group of
Harland Clarke Holdings Corp. became aware that multiple Harland
Clarke and Harland Financial Solutions clients had received an
email from a sender FRAUDULENTLY claiming to be the
iReports Data Warehouse.
TO REITERATE:
This fraudulent email is NOT originating from any Harland
Clarke Holdings business. It appears to be part of a malicious and
isolated phishing spam attack.
ACTIONS UNDERWAY:
HCHC's Corporate Security Group is actively working with IT
and business resources within Harland Clarke and Harland Financial
Solutions to control and mitigate this attack. This is an isolated
incident and has no bearing on your organization's relationship
with any HCHC entity.
----------------------------------------------------------------------------------------------
March 2, 2012 -- Help Net Security
Bogus US SEC notification leads to
malware
Notifications purportedly sent by the U.S. Securities and Exchange
Commission have been hitting in-boxes and trying to trick users
into following a malicious link, GFI warned March 2. Those who open
the link included in the e-mail will be redirected through a number
of sites and will finally end at one that hosts the Blackhole
exploit kit, which is able to take advantage of many Adobe Reader,
Acrobat and Flash vulnerabilities, as well as some in Java and
Windows Media Player.
Read More.
----------------------------------------------------------------------------------------------
March 1, 2012 -- USA Today
Phishing scam targets taxpayers who use tax
software
The growing popularity of tax preparation software has led to a
rise in e-mail scams targeted at do-it-yourself taxpayers, USA
Today reported March 1. Intuit, parent of TurboTax and numerous
other tax preparation products, has seen a "marked increase" this
year in reports of fraudulent e-mails that claim to come from it, a
spokeswoman said. Recent examples included one with "Your
Intuit.com order confirmation" in the subject line. Another read:
"QuickBooks Security Notice."
Read More.
----------------------------------------------------------------------------------------------
Feb. 16, 2012 -- The Internal Revenue Service today issued its
annual "Dirty Dozen" ranking of tax scams, reminding
taxpayers to use caution during tax season to protect themselves
against a wide range of schemes ranging from identity theft to
return preparer fraud.