Posts Tagged ‘Internet Crime Complaint Center’

Beware of bogus delivery notices as holidays approach

CONSUMER FORUM

Posted Nov. 21, 2016, at 9:56 a.m.
This is the graphic sent out with this Fed Ex email scam.

This is the graphic sent out with this Fed Ex email scam.

A consumer from Hancock County was surprised recently to read an email saying that a package he had ordered could not be delivered.

Suspicious because he had not ordered anything, the man read more closely. The generic greeting, “Dear customer,” was followed by an urging that he click on the attachment that contained a “shipping label.”

“Something about it just didn’t strike me right,” the consumer told us, so he ignored the email, allegedly from “Fedex International Ground.” Eight days later, he received another message and attachment, this time from “Fedex International Next Flight.” The next day, an email came from “Fedex 2Day.” A fourth message came three days after that. All carried different senders’ names.

Similar messages arrive in consumers’ email inboxes every day. And every one is a hoax, designed to prompt you to click a link or open an attachment containing malicious software or malware. The virus, Trojan or other nasty code might lock your computer and hold it for ransom, steal your personal information or be used for other illegal purposes.

These attempts to spread malware are constant, but they spike near holidays, when online shopping increases. Variations of the message might include instructions to click the attached “invoice copy,” print it and take it to “the nearest office” to pick up your nonexistent package. Other messages demand payment of a bogus debt before that mystery package can be delivered.

United Parcel Service, FedEx and the U.S. Postal Service will never send email notices about missing packages. UPS has guidance on its website ( ups.com and search “scam”). FedEx offers similar advice at fedex.com/mx_english/fraud/email_alert.html.

The recent news that UPS aircraft mechanics have authorized a strike may spark more fraud attempts. Crooks seize such news items to lend credibility to their stories that “packages have been delayed” or “the strike diverted your package to another service.”

Our consumer in Hancock County admitted that, if he had ordered something, he might have clicked on a malicious link when the first email arrived. Still, he said the lack of a phone number or company logo in the message made him suspicious enough to refrain.

In 2015, 782 Maine residents reported to the U.S. Justice Department that they had been the victims of internet crime. Their losses totaled more than $1 million. Don’t join their ranks. If you receive a notice that you think might be legitimate, look up the phone number of a local office and call — don’t click on or call a number that criminals may have spoofed to make it appear real.

To file a complaint with the FBI’s Internet Crime Complaint Center, visit ic3.gov online. If you’re threatened over the internet via email, chat room, website or other means, call 911 or contact your local police agency.

Consumer Forum is a collaboration of the Bangor Daily News and Northeast CONTACT, Maine’s all-volunteer, nonprofit consumer organization. For assistance with consumer-related issues, including consumer fraud and identity theft, or for information, write Consumer Forum, P.O. Box 486, Brewer 04412, visit https://necontact.wordpress.com or email contacexdir@live.com.

Consumer complaints helped bust bogus call center with 700 employees

Posted Oct. 31, 2016, at 6:54 a.m.
FMI check press release, October 27th

FMI check press release, October 27th

You are likely one of the thousands of Maine consumers who have received phone calls from someone wanting a “delinquent tax payment.” We’ve written over the years about crooks posing as Internal Revenue Service agents or other officials who try to coerce people into paying money they don’t owe.

These days, you might hang up quickly and dismiss the attempted ripoff without another thought. However, you might help slow the scammers by taking the time to report the attempt.

Consider the action by police in Mumbai, India, a few weeks ago. Raids on nine call centers resulted in 70 arrests. Investigators allege that employees were trained to speak with American accents as they pressured people to pay phony debts by wiring money that couldn’t be recovered. Each call center raked in an estimated $150,000 per day, usually from retirees and other older Americans.

The Indian Express reports that authorities are still questioning some of the 700 employees of the fake call centers. They’re also hunting for the alleged mastermind of the scheme, who apparently fled a lavish lifestyle in India for a new home in Dubai.

Back in the U.S., people who keep an eye on such things think the raids were made possible by reports from people the scammers attempted to target. Since March 2015, the Better Business Bureau has maintained a “scam tracker” website that consumers can use to file complaints about the IRS scam and other ripoff attempts. BBB officials say that following the raids in India complaints to that website dropped by 95 percent.

The sharp dip in complaints “validates our belief in the importance of using reports from the public to better understand the scam landscape,” program manager Emma Fletcher told the Washington Post. The Treasury Department welcomes information about these impersonation scams. File a report online at treasury.gov/tigta/contact_report_scam.shtml.

The Internet Crime Complaint Center also accepts reports at IC3.gov.

Maine Attorney General Janet Mills warned consumers back in August about the IRS impostor scam maine.gov/ag/news/article.shtml?id=703353.

At the time, Mills said, “The IRS scam and others like it are consistently the top complaint we receive.” She urged consumers not to engage callers and not to divulge personal information.

The Internal Revenue Service will not call suddenly to ask for a payment, won’t demand a specific kind of payment (hoaxers specify paying by wire or gift card) and the IRS won’t threaten legal action if you don’t pay immediately.

If you do owe money, you’ll get a letter first, and there’s usually a period of time in which you can settle your debt.

The IRS has a rundown of recent hoaxes and steps consumers can take to avoid being scammed at irs.gov/uac/tax-scams-consumer-alerts.

Scammers sometimes send emails to back up their phone call threats. They may have personal information about consumers, including the last four digits of their Social Security numbers. They may also spoof the number a caller ID shows to mimic a real IRS office. Don’t be fooled. If you have any doubts, look up the number of your nearest IRS office yourself, call that number and inquire.

A lot of scams originate overseas; in fact, posing as a government official ranked second on a list compiled by the International Consumer Protection and Enforcement Network, a joint effort by 35 organizations worldwide. Visit its site at econsumer.gov/#crnt.

Consumer Forum is a collaboration of the Bangor Daily News and Northeast CONTACT, Maine’s all-volunteer, nonprofit consumer organization. For assistance with consumer-related issues, including consumer fraud and identity theft, or for information, write Consumer Forum, P.O. Box 486, Brewer , ME04412, visit https://necontact.wordpress.com or email contacexdir@live.com.

Don’t open emails to ‘confirm’ online shopping orders you didn’t make

CONSUMER FORUM

Posted Dec. 07, 2014, at 11:09 a.m.

Click image to file

Pay close attention: If you receive an email that appears to be from Home Depot, Costco, Target or Wal-Mart about an order you don’t recall placing, you might hear a faint “ho, ho, ho.”

That sound would be the laughter of the scammers, hoping you’ll click on the nasty link included in their message. That link will download malicious software that could steal your passwords or other sensitive data or do other damage to your computer.

The scheme surfaced around Black Friday, the most frenzied of shopping days when visions of bargains may have shoved most consumers’ reality checks aside. That’s what the scammers count on.

If you received a phony email and deleted it without clicking on anything, there should be no adverse effects. If you did enter a credit card number or other personal details to “confirm the order,” notify your bank or the issuer of your card right away. Tell them you were the victim of a phishing scam so they can keep an eye on your account for fraudulent purchases and issue you a new card if necessary.

The fake emails show a new level of savvy on the part of the scammers. They have copied company logos and key wording to make the email appear real — though the phony Home Depot message urges the recipient to “sing up” for supposed savings when we assume they meant “sign up.”

Wal-Mart used social media to alert consumers to the scam, posting a picture of the phony message, which included the following bungled grammar: “This letter is to advise you about the order we have which is addressed to you. You have 4 days to pick it in any Local Store of Walmart.”

Then comes the instruction to “follow this link” for more information. However, clicking there will certainly spell trouble. Wal-Mart advises customers who have placed orders to delete the bogus emails and instead log into their website at walmart.com to check the status of orders and delivery details.

As always, keep virus software up to date on all computers.

“Crooks understand it’s easier to catch victims off-guard during the holidays,” security guru Brian Krebs writes on his website, krebsonsecurity.com.

Cyber junkies will want to know the malware is called Asprox. Krebs describes it as a “nasty Trojan that harvests email credentials and other passwords from infected machines, turns the host into a zombie for relaying junk email … and perpetuates additional Asprox malware attacks.”

Krebs wrote recently that Malcovery — a company that studies email attacks — has identified several basic tipoffs in the subject line of fake messages.

“Acknowledgement of order,” “Order Status,” “Order Confirmation,” “Thank you for buying from [company name]” and “Thank you for your order” are among the subjects most often used by spammers.

If you’re the victim of such a scheme, you can file a report with the Internet Crime Complaint Center. The center is a collaboration of the FBI and the National White Collar Crime Center. You should also file a report with your local law enforcement agency.

You can read PC World’s article on safer online shopping at pcworld.com/article/2018995/safe-online-shopping-10-tips-to-avoid-getting-burned.html.

Consumer Forum is a collaboration of the Bangor Daily News and Northeast CONTACT, Maine’s all-volunteer, nonprofit consumer organization. For assistance with consumer-related issues, including consumer fraud and identity theft, or for information, write Consumer Forum, P.O. Box 486, Brewer, ME 04412, visit https://necontact.wordpress.com or email contacexdir@live.com.

WABI appearance

Look out for phony charities

CONSUMER FORUM

By Russ Van Arsdale, Executive Director, Northeast CONTACT
Posted Dec. 30, 2012, at 8:11 p.m.

As the end of the year approaches, many of us are thinking about charitable donations. Let’s face facts: Many donations are tax deductible, and many of us need all the deductions we can get.

Of course, the real reason to give is to support a cause that really needs your help. So, make sure when you give, that your money is going where you intend it to go.

That means staying away from nonprofits that may exist more for the benefit of professional fundraisers or overpaid executives than for people that really need help. Unfortunately, there are far too many of these types of “charities” around.

Some are created in response to natural disasters. “Storm chasers,” as they have become known, create websites even before a major storm strikes. The sites contain key words, like “relief,” to attract web searches. They have varying records in their effectiveness in providing real help to those in need after a storm.

The IRS issued reminders earlier this month, after more than 1,000 “relief” websites popped up following Hurricane Sandy:

  1. Give to recognized charities, and beware of sound-alike names (visit the IRS website, www.irs.gov, to find bona fide charities to which contributions are deductible).
  1. Don’t give out your financial or personal information, if you can’t be sure that data won’t be misused.
  1. Don’t give cash. Make donations by check, credit card or some other way that can be documented. And never make out a check in the name of the solicitor.

Scammers may claim to be affiliated with known organizations; sometimes they even use the official logo of a government or relief organization to gain a target’s trust.

Do your own research to be sure you know where your money is going. Keep your scam radar on high: Refuse solicitors who won’t answer questions about their cause; don’t give in to high pressure pitches; and if it’s a telephone solicitation, ask if the caller is a paid solicitor and, if so, what percent of money raised actually goes to the cause. You can always ask that your name be removed from a call list.

Scammers work other angles, too. Some file claims for storm damage that never occurred. Others claim to be doctors and ask for funds “to pay medical bills of injured people.” Once you give in to a phony solicitor, you can bet your name will be shared with other scammers.

Check websites like Charity Navigator and Guidestar that rate the effectiveness of charities. The Better Business Bureau’s Wise Giving Alliance is another resource.

In Maine, check with the Charitable Solicitations Program, part of the state’s Department of Professional and Financial Regulation; call 624-8525 with questions about licensed solicitors or to file a complaint.

If you suspect someone’s perpetrating disaster fraud, notify the U.S. Department of Justice’s National Center for Disaster Fraud (toll-free, 866-720-5721). For charity fraud on the web, notify the Internet Crime Complaint Center ( www.ic3.gov), a partnership of the FBI and the National White Collar Crime Center.

Consumer Forum is a collaboration of the Bangor Daily News and Northeast CONTACT, Maine’s all-volunteer, nonprofit consumer organization. For assistance with consumer-related issues, including consumer fraud and identity theft, or for information, write Consumer Forum, P.O. Box 486, Brewer 04412, visit https://necontact.wordpress.com or email contacexdir@live.com.

 

FBI warns of Internet malware that locks computers, demands money – Bangor Daily News

 

By Dawn Gagnon, BDN Staff
Posted Aug. 16, 2012, at 6:12 p.m.

‘Ransomware’ locks computers, demands payment

The Federal Bureau of Investigation’s Boston Division issued a warning Thursday about a new Internet virus that locks computers and carries a fake message purportedly from the FBI requesting payment to unlock the computer.

In the alert, the FBI’s Boston Division — which covers Rhode Island, Maine, New Hampshire and Massachusetts — said it has received an increasing number of reports from individuals who have fallen victim to the scam.

Though she declined to provide numbers, FBI spokeswoman Katherine Gulotta said that about 15 percent of all of the computer complaint calls the FBI has received in the Boston Division have been attributed to the Reveton virus. Of those, 10 percent came from Maine, she said.

Reveton has been identified as “drive-by” malicious software, or malware, because unlike many viruses, which activate when users open a file or attachment, this one can install itself when users simply click on a compromised website.

Once infected, the victim’s computer immediately locks and the monitor displays a screen stating that there has been a violation of federal law.

The fraudulent message goes on to say the user’s Internet address has been identified by the FBI or the Department of Justice’s Computer Crime and Intellectual Property Section as having visited child pornography sites and other illegal content, Gulotta said Thursday.

To unlock their machines, users are told to pay a fine to the U.S. Department of Justice using a prepaid money card service. Gulotta said that the amounts demanded vary but are in the $200 range.

In addition to the “ransomware,” the FBI said, the malware continues to operate on the compromised computer and can be used to commit online banking and credit card fraud.

“In the last week alone, we have seen a large increase in the number of people who have called our office to report the virus infected their computer,” said Kevin Swindon, an assistant special agent in charge of computer crimes in the Boston Division.

“Because your computer can be infected by simply clicking on an infected website, the best prevention is to keep anti-virus software and computer operating systems updated,” Swindon said.

“The FBI will never ask you for money and, more generally, whenever someone asks for money via the Internet, users should always be concerned about the legitimacy of the request because the commonality in nearly all Internet scams is a request for money,” he said.

Those who believe they have been a victim of the scam are advised to file a complaint with the Internet Crime Complaint Center, or IC3, at www.ic3.gov, where updates about the Reveton virus can be found.

IC3 was established in 2000 as a partnership between the FBI and the National White Collar Crime Center to provide victims an easy way to report cyber crimes and provide law enforcement and regulatory agencies with a central referral system for complaints.

To hear a podcast about the virus, visit the FBI’s website atwww.fbi.gov/news/podcasts/thisweek/reveton-ransomware/view.

%d bloggers like this: