Posts Tagged ‘National White Collar Crime Center’

Don’t open emails to ‘confirm’ online shopping orders you didn’t make


Posted Dec. 07, 2014, at 11:09 a.m.

Click image to file

Pay close attention: If you receive an email that appears to be from Home Depot, Costco, Target or Wal-Mart about an order you don’t recall placing, you might hear a faint “ho, ho, ho.”

That sound would be the laughter of the scammers, hoping you’ll click on the nasty link included in their message. That link will download malicious software that could steal your passwords or other sensitive data or do other damage to your computer.

The scheme surfaced around Black Friday, the most frenzied of shopping days when visions of bargains may have shoved most consumers’ reality checks aside. That’s what the scammers count on.

If you received a phony email and deleted it without clicking on anything, there should be no adverse effects. If you did enter a credit card number or other personal details to “confirm the order,” notify your bank or the issuer of your card right away. Tell them you were the victim of a phishing scam so they can keep an eye on your account for fraudulent purchases and issue you a new card if necessary.

The fake emails show a new level of savvy on the part of the scammers. They have copied company logos and key wording to make the email appear real — though the phony Home Depot message urges the recipient to “sing up” for supposed savings when we assume they meant “sign up.”

Wal-Mart used social media to alert consumers to the scam, posting a picture of the phony message, which included the following bungled grammar: “This letter is to advise you about the order we have which is addressed to you. You have 4 days to pick it in any Local Store of Walmart.”

Then comes the instruction to “follow this link” for more information. However, clicking there will certainly spell trouble. Wal-Mart advises customers who have placed orders to delete the bogus emails and instead log into their website at to check the status of orders and delivery details.

As always, keep virus software up to date on all computers.

“Crooks understand it’s easier to catch victims off-guard during the holidays,” security guru Brian Krebs writes on his website,

Cyber junkies will want to know the malware is called Asprox. Krebs describes it as a “nasty Trojan that harvests email credentials and other passwords from infected machines, turns the host into a zombie for relaying junk email … and perpetuates additional Asprox malware attacks.”

Krebs wrote recently that Malcovery — a company that studies email attacks — has identified several basic tipoffs in the subject line of fake messages.

“Acknowledgement of order,” “Order Status,” “Order Confirmation,” “Thank you for buying from [company name]” and “Thank you for your order” are among the subjects most often used by spammers.

If you’re the victim of such a scheme, you can file a report with the Internet Crime Complaint Center. The center is a collaboration of the FBI and the National White Collar Crime Center. You should also file a report with your local law enforcement agency.

You can read PC World’s article on safer online shopping at

Consumer Forum is a collaboration of the Bangor Daily News and Northeast CONTACT, Maine’s all-volunteer, nonprofit consumer organization. For assistance with consumer-related issues, including consumer fraud and identity theft, or for information, write Consumer Forum, P.O. Box 486, Brewer, ME 04412, visit or email

WABI appearance


Look out for phony charities


By Russ Van Arsdale, Executive Director, Northeast CONTACT
Posted Dec. 30, 2012, at 8:11 p.m.

As the end of the year approaches, many of us are thinking about charitable donations. Let’s face facts: Many donations are tax deductible, and many of us need all the deductions we can get.

Of course, the real reason to give is to support a cause that really needs your help. So, make sure when you give, that your money is going where you intend it to go.

That means staying away from nonprofits that may exist more for the benefit of professional fundraisers or overpaid executives than for people that really need help. Unfortunately, there are far too many of these types of “charities” around.

Some are created in response to natural disasters. “Storm chasers,” as they have become known, create websites even before a major storm strikes. The sites contain key words, like “relief,” to attract web searches. They have varying records in their effectiveness in providing real help to those in need after a storm.

The IRS issued reminders earlier this month, after more than 1,000 “relief” websites popped up following Hurricane Sandy:

  1. Give to recognized charities, and beware of sound-alike names (visit the IRS website,, to find bona fide charities to which contributions are deductible).
  1. Don’t give out your financial or personal information, if you can’t be sure that data won’t be misused.
  1. Don’t give cash. Make donations by check, credit card or some other way that can be documented. And never make out a check in the name of the solicitor.

Scammers may claim to be affiliated with known organizations; sometimes they even use the official logo of a government or relief organization to gain a target’s trust.

Do your own research to be sure you know where your money is going. Keep your scam radar on high: Refuse solicitors who won’t answer questions about their cause; don’t give in to high pressure pitches; and if it’s a telephone solicitation, ask if the caller is a paid solicitor and, if so, what percent of money raised actually goes to the cause. You can always ask that your name be removed from a call list.

Scammers work other angles, too. Some file claims for storm damage that never occurred. Others claim to be doctors and ask for funds “to pay medical bills of injured people.” Once you give in to a phony solicitor, you can bet your name will be shared with other scammers.

Check websites like Charity Navigator and Guidestar that rate the effectiveness of charities. The Better Business Bureau’s Wise Giving Alliance is another resource.

In Maine, check with the Charitable Solicitations Program, part of the state’s Department of Professional and Financial Regulation; call 624-8525 with questions about licensed solicitors or to file a complaint.

If you suspect someone’s perpetrating disaster fraud, notify the U.S. Department of Justice’s National Center for Disaster Fraud (toll-free, 866-720-5721). For charity fraud on the web, notify the Internet Crime Complaint Center (, a partnership of the FBI and the National White Collar Crime Center.

Consumer Forum is a collaboration of the Bangor Daily News and Northeast CONTACT, Maine’s all-volunteer, nonprofit consumer organization. For assistance with consumer-related issues, including consumer fraud and identity theft, or for information, write Consumer Forum, P.O. Box 486, Brewer 04412, visit or email


FBI warns of Internet malware that locks computers, demands money – Bangor Daily News


By Dawn Gagnon, BDN Staff
Posted Aug. 16, 2012, at 6:12 p.m.

‘Ransomware’ locks computers, demands payment

The Federal Bureau of Investigation’s Boston Division issued a warning Thursday about a new Internet virus that locks computers and carries a fake message purportedly from the FBI requesting payment to unlock the computer.

In the alert, the FBI’s Boston Division — which covers Rhode Island, Maine, New Hampshire and Massachusetts — said it has received an increasing number of reports from individuals who have fallen victim to the scam.

Though she declined to provide numbers, FBI spokeswoman Katherine Gulotta said that about 15 percent of all of the computer complaint calls the FBI has received in the Boston Division have been attributed to the Reveton virus. Of those, 10 percent came from Maine, she said.

Reveton has been identified as “drive-by” malicious software, or malware, because unlike many viruses, which activate when users open a file or attachment, this one can install itself when users simply click on a compromised website.

Once infected, the victim’s computer immediately locks and the monitor displays a screen stating that there has been a violation of federal law.

The fraudulent message goes on to say the user’s Internet address has been identified by the FBI or the Department of Justice’s Computer Crime and Intellectual Property Section as having visited child pornography sites and other illegal content, Gulotta said Thursday.

To unlock their machines, users are told to pay a fine to the U.S. Department of Justice using a prepaid money card service. Gulotta said that the amounts demanded vary but are in the $200 range.

In addition to the “ransomware,” the FBI said, the malware continues to operate on the compromised computer and can be used to commit online banking and credit card fraud.

“In the last week alone, we have seen a large increase in the number of people who have called our office to report the virus infected their computer,” said Kevin Swindon, an assistant special agent in charge of computer crimes in the Boston Division.

“Because your computer can be infected by simply clicking on an infected website, the best prevention is to keep anti-virus software and computer operating systems updated,” Swindon said.

“The FBI will never ask you for money and, more generally, whenever someone asks for money via the Internet, users should always be concerned about the legitimacy of the request because the commonality in nearly all Internet scams is a request for money,” he said.

Those who believe they have been a victim of the scam are advised to file a complaint with the Internet Crime Complaint Center, or IC3, at, where updates about the Reveton virus can be found.

IC3 was established in 2000 as a partnership between the FBI and the National White Collar Crime Center to provide victims an easy way to report cyber crimes and provide law enforcement and regulatory agencies with a central referral system for complaints.

To hear a podcast about the virus, visit the FBI’s website

%d bloggers like this: