Posts Tagged ‘Malware’

If robots call to say you owe back taxes, don’t believe them

Posted Jan. 16, 2017, at 6:19 a.m.

Which of the following is a scam?

— You get a phone call saying you owe money to the Internal Revenue Service and should pay by way of an iTunes card.

— A caller says she is an IRS official demanding immediate payment of overdue taxes, and the number on your caller ID appears to be from the local IRS office.

— A caller identifies himself as a law enforcement officer and says you face immediate arrest if you don’t wire money for overdue taxes.

— An email bearing an official-looking IRS logo asks you to “update your IRS e-file immediately.” The email mentions IRSgov — without a dot separating “IRS” and “gov.”

If you answered that all of the above are scams, you are correct.

The investigative arm of the IRS says that 1.8 million people have reported receiving impostor calls. More than 9,600 victims have been scammed out of more than $50 million.

Phishing and malware incidents rose roughly 400 percent during the 2016 tax filing season. Despite officials’ best efforts to curb the increase, it’s expected that the numbers of tax-related scam attempts will continue to grow.

Increasingly popular with scammers is the robo-call. The crooks leave urgent call-back requests, demanding payment of “back taxes” with gift cards. IRS officials say such demands are clear signs of a scam.

Other callers may ask for payment of a nonexistent “federal student tax.” People they call are told to wire money — another sure sign of a scam — with threats of legal action unless payment comes at once.

Another scheme involves a call saying the IRS “just needs a few details” to speed up the processing of your refund. The scammer tries to get personal information such as Social Security numbers, bank routing numbers or other sensitive data such as credit card numbers.

Human resources and payroll professionals have been targeted as well, through requests for information about employees. A scammer posing as the company’s CEO requests personal and financial information, including Social Security numbers.

In an effort to catch scammers and identity thieves, the IRS is delaying refunds this year for anyone claiming the earned income tax credit (EITC) or the additional child tax credit (ACTC). That move is expected to give the IRS added time to weed out more sophisticated fraudulent returns. It may also hurt lower income taxpayers who file early and likely will be waiting at least until late February for refunds. Offers to “help speed up your refund” may be more scams.

Sen. Susan Collins, R-Maine, chairs the Senate’s Special Committee on Aging, which has published a guidebook on avoiding scams. Read it online at aging.senate.gov/imo/media/doc/217925%20Fraud%20Book%20Final.pdf. You also can call the committee’s fraud hotline (1-855-303-9470) for information or to report fraud attempts.

The IRS offers a summary of our legal protections in the Taxpayer Bill of Rights at irs.gov/taxpayer-bill-of-rights.

Consumer Forum is a collaboration of the Bangor Daily News and Northeast CONTACT, Maine’s all-volunteer, nonprofit consumer organization. For assistance with consumer-related issues, including consumer fraud and identity theft, or for information, write Consumer Forum, P.O. Box 486, Brewer, ME 04412, visit https://necontact.wordpress.com or email contacexdir@live.com.

Advertisements

Tax season brings out worst phone scammers

CONSUMER FORUM

Posted March 21, 2016, at 9:35 a.m.

“Hi, I’m calling from the Internal Revenue Service to verify some information on your income tax filing. Just to be sure I have it right, could you tell me…”

The caller may give you a phony name and badge number and may have spoofed the phone number to make it appear you really were getting a call from an IRS office. But it was just one of the nearly 900,000 phone scam attempts reported to the Treasury Inspector General for Tax Administration since October 2013. The agency says it knows of more than 5,000 victims who have been tricked out of more than $26.5 million in such scams.

The tricksters are successful because they play on our fears. We might fear being sent to prison, being deported or having our credit score lowered. Scammers have no power or legal authority to do any of those things, but the threats still concern us.

They concern seniors and students, especially. Seniors are frequent targets because they’re generally home, they answer the phone and they tend to be a bit more trusting than younger people.

Crooks target students with phony IRS threats and with offers to help “fix” their student loan situations. Don’t pay an upfront fee for something you can probably do for free.

Once the offer or threat is made, the punch line amounts to “pay up or else.” Do so by wire transfer or prepaid debit card — untraceable and not recoverable. Several scammers might call to make you think their story is real. Once you send the money away, it’s gone, straight into the pockets of the crooks.

The IRS estimates that phishing schemes have gone up 400 percent just this year. The agency — indeed, all legitimate businesses and government entities — do not do business by calling first. If they call at all, a real business or agency will leave a message, giving you a chance to verify the correct phone number to call.

That last point is important, of course, because of scammers’ ability to spoof phone numbers, fooling caller ID systems that may display a genuine business or government number. The crooks are really calling from disposable cellphones, but only they know that’s the case.

Impostors use our emotions in other ways, too. Concern for family or friends kicks in when we get a call that someone has been in an accident or was jailed while in a foreign country. A call to someone close to the supposed victim can determine the truth. Wiring money based on a single phone call usually ends up benefitting only a scam artist.

One last major group of impostors pretends to be from “Microsoft technical services” and says your computer needs fixing. They’re not, and it doesn’t.

They’re looking to have you press the combination of keys that turns control of your computer over to them, so they can download viruses or other malware and hold your computer for ransom. When they call, just hang up.

Today’s scammers might also use old-fashioned trickery. Some impersonate municipal workers, “checking water lines” or using other ruses to get inside your home. If you did not call for the service being offered, don’t open the door. If the scammer refuses to leave or pressures you, call 911.

Consumer Forum is a collaboration of the Bangor Daily News and Northeast CONTACT, Maine’s all-volunteer, nonprofit consumer organization. For assistance with consumer-related issues, including consumer fraud and identity theft, or for information, write Consumer Forum, P.O. Box 486, Brewer, ME 04412, visit https://necontact.wordpress.com or email contacexdir@live.com.

Think it’s E-Z? – FTC Scam Alert

Love breezing through tollbooths with your E-Z Pass? A new scam is taking advantage of that.

Here’s how it works: You get an email that appears to be from E-Z Pass. It has the E-Z Pass logo, and says you owe money for driving on a toll road. It also provides a link to click for your invoice.

Guess what? The email isn’t from E-Z Pass. If you click on the link, the crooks running this scam may put malware on your machine. And if you respond to the email with your personal information, they’re likely to steal your identity.

This E-Z Pass email is the latest in a long line of phishing scams, where fraudsters pretend to be legitimate businesses as a way to get access to people’s personal information. But adopting a few online security habits can help you avoid phishing scams:

  • Never click on links in emails unless you’re sure who sent you the message.
  • Don’t respond to any emails that ask for personal or financial information. Email isn’t a secure way to send that information.
  • Type an organization’s URL yourself, and don’t send personal or financial information unless the URL begins with https (the “s” stands for secure).
  • If an email looks like it is from E-Z Pass, contact E-Z Pass customer service to confirm that it is really from them.
  • Keep your computer security software current.

If you might have been tricked by a phishing email:

  • Forward it to spam@uce.gov and to the company impersonated in the email.
  • File a complaint with the Federal Trade Commission at ftc.gov/complaint.
  • Visit the FTC’s Identity Theft website at ftc.gov/idtheft. Victims of phishing could become victims of identity theft, but there are steps to take to reduce your risk.

OnGuardOnline.gov has more information about phishing scams.

“Pending FTC complaint” emails are fakes – FTC

FTC Warns Small Businesses: Don’t Open Email Falsely Claiming to be From FTC‏

“Pending FTC complaint” emails are fakes | Consumer Information.

Have you gotten an email with the subject line “Pending consumer complaint” that looks like it came from the FTC? The email warns that a complaint against you has been filed with the FTC. It asks you to click on a link or attachment for more information or to contact the FTC.

These emails pull out all the stops to look official: They have an FTC seal, references to the “Consumer Credit Protection Act (CCPA)” and a “formal investigation,” and what look like real FTC links. The truth is that they’re fakes.

We’ve heard from many people that emails like this are making the rounds. If you get one, don’t open it. Don’t click on the links. If you click on the link, it may install malware on your computer. Malware can cause your device to crash and can be used to monitor and control your online activity, steal your personal information, send spam, and commit fraud. You can forward the email to spam@uce.gov, but then delete as soon as you do.

Malware mischief: Protect yourself from cybercrime

CONSUMER FORUM

By Russ Van Arsdale, Executive Director Northeast CONTACT
Posted Oct. 27, 2013, at 9:09 a.m.

An estimated 250,000 new viruses have appeared on the Internet. Since yesterday.

That number comes from Justin Kittredge, special agent with the Maine State Police computer crimes division.

They don’t all succeed making computer programs go sideways. But Kittredge said he’s seen estimates that 30,000 websites are infected with malicious software, or malware, every day.

That’s possible, he said, because the bad guys help one another by testing viruses before they’re released, in a process they likely call getting the bugs out of the bugs.

“They even have technical support for viruses,” Kittredge told me.

One of the most common ploys for cyber criminals is finding weaknesses within websites. Click the wrong thing, and you can be connected to some phony malware that says “you’ve been infected … click here to fix it.” Click again, and an executable (.exe) file is launched; it might rummage through your system, looking for passwords or financial information. It might plant other programs to run later, causing more mischief. Or it might simply lock up your computer.

To get it unlocked, you might become a victim of extortion: Send us money or watch us destroy your computer. The original come-on might be made to appear as a message from a law enforcement agency, demanding money to head off serving a warrant, filing a lawsuit or other bogus threat. This “ransomware,” as it has become known, is a multi-billion dollar problem worldwide. One recent news report put India at the top of the victims’ list, with some $4 billion lost to such scams in that country alone.

A growing portion of those losses are incurred by people who use handheld devices instead of desktop computers. The blending of work and social use on the devices makes them tempting targets.

The cyber criminals are adept at creating variations on old themes. The Nigerian, grandparent, “sweetheart” and similar schemes were fourth on the Top Ten list of consumer complaints announced recently by Maine Attorney General Janet Mills. Such schemes ranked ninth a year earlier.

The anonymous nature of cybercrime makes recovery of losses difficult at best. Justin Kittredge joins other computer experts in saying that the best offense is a good defense:

— Use secure connections (not public wi-fi) for sensitive transactions.

— Use strong passwords containing letters, numbers and symbols.

— Use name-brand virus protection software, and install computer updates regularly.

— Don’t store passwords in your computer or keep lists of them nearby.

— Don’t give smartphones to children.

— Be careful about downloading “free” apps.

— Be discreet on social networks.

The last point is critical. Cyber crooks find gold mines of personal information on social sites; once on the web, such data are difficult, if not impossible, to make private again. Smart consumers don’t hand over information about themselves to complete strangers, and they’re careful about which friends they trust with sensitive information. One more sobering statistic: 60 percent of the photos posted online contain GPS coordinates.

Cyber criminals make many of their big scores using social engineering: gaining people’s trust so that they’ll share the secrets that end up costing them dollars, reputations and more.

“It all comes down to the basics,” Kittredge said.

Try the tech media site www.cnet.com and search “safety” for lots more info.

Consumer Forum is a collaboration of the Bangor Daily News and Northeast CONTACT, Maine’s all-volunteer, nonprofit consumer organization. For assistance with consumer-related issues, including consumer fraud and identity theft, or for information, write Consumer Forum, P.O. Box 486, Brewer 04412, visit https://necontact.wordpress.com or email contacexdir@live.com.

**************************************************

Channel 5 Video Russ and Wayne discuss computer malware.

Malware attack tied to fake Romney victory post

The political season is prime time for internet scammers. While it seems every politician on earth is reaching out to you, the major news networks are not doing so.

Chester Wisniewski, Senior Security Advisor at Sophos Canada, provides advice and insight into the latest threats for security and IT professionals with the goal of providing clear guidance on complex topics. On October 11th his post on nakedsecurity warned of the danger in opening an email with the subject line  “CNN Breaking News – Mitt Romney Almost President”.

If you are curious about how malware works with your computer, visit the post. Here’s an excerpt:

Even if you decide news about the presidential election isn’t your cup of tea, all of the other tantalizing stories promoted in this email link to the same content, but not content on CNN.com.

The links all follow the standard Blackhole exploit kit formula. The link in the email takes you to a page that directs you to some nasty JavaScript found on other sites controlled by the attackers…

Scammers never pass up an opportunity to con people when there is enough public interest in a news topic. If you want the latest dirt on what the campaigns are up to, stick with the “usual suspects” and go directly to their websites.

While it may seem like the news is coming to you via email, Twitter, Facebook and other push technologies, more often than not it is just another scam.

Mr. Wisniewski’s post details ways you can avoid this and other scams. When in doubt, don’t open unsolicited emails and never click on the links they contain.

FBI warns of Internet malware that locks computers, demands money – Bangor Daily News

 

By Dawn Gagnon, BDN Staff
Posted Aug. 16, 2012, at 6:12 p.m.

‘Ransomware’ locks computers, demands payment

The Federal Bureau of Investigation’s Boston Division issued a warning Thursday about a new Internet virus that locks computers and carries a fake message purportedly from the FBI requesting payment to unlock the computer.

In the alert, the FBI’s Boston Division — which covers Rhode Island, Maine, New Hampshire and Massachusetts — said it has received an increasing number of reports from individuals who have fallen victim to the scam.

Though she declined to provide numbers, FBI spokeswoman Katherine Gulotta said that about 15 percent of all of the computer complaint calls the FBI has received in the Boston Division have been attributed to the Reveton virus. Of those, 10 percent came from Maine, she said.

Reveton has been identified as “drive-by” malicious software, or malware, because unlike many viruses, which activate when users open a file or attachment, this one can install itself when users simply click on a compromised website.

Once infected, the victim’s computer immediately locks and the monitor displays a screen stating that there has been a violation of federal law.

The fraudulent message goes on to say the user’s Internet address has been identified by the FBI or the Department of Justice’s Computer Crime and Intellectual Property Section as having visited child pornography sites and other illegal content, Gulotta said Thursday.

To unlock their machines, users are told to pay a fine to the U.S. Department of Justice using a prepaid money card service. Gulotta said that the amounts demanded vary but are in the $200 range.

In addition to the “ransomware,” the FBI said, the malware continues to operate on the compromised computer and can be used to commit online banking and credit card fraud.

“In the last week alone, we have seen a large increase in the number of people who have called our office to report the virus infected their computer,” said Kevin Swindon, an assistant special agent in charge of computer crimes in the Boston Division.

“Because your computer can be infected by simply clicking on an infected website, the best prevention is to keep anti-virus software and computer operating systems updated,” Swindon said.

“The FBI will never ask you for money and, more generally, whenever someone asks for money via the Internet, users should always be concerned about the legitimacy of the request because the commonality in nearly all Internet scams is a request for money,” he said.

Those who believe they have been a victim of the scam are advised to file a complaint with the Internet Crime Complaint Center, or IC3, at www.ic3.gov, where updates about the Reveton virus can be found.

IC3 was established in 2000 as a partnership between the FBI and the National White Collar Crime Center to provide victims an easy way to report cyber crimes and provide law enforcement and regulatory agencies with a central referral system for complaints.

To hear a podcast about the virus, visit the FBI’s website atwww.fbi.gov/news/podcasts/thisweek/reveton-ransomware/view.

%d bloggers like this: