Email Scams

E-Mails Containing Malware Sent to Businesses Concerning Their Online Job Postings

01/19/2011—Recent FBI analysis reveals that cyber criminals engaging in ACH/wire transfer fraud have targeted businesses by responding via e-mail to employment opportunities posted online.

Recently, more than $150,000 was stolen from a U.S. business via unauthorized wire transfer as a result of an e-mail the business received that contained malware. The malware was embedded in an e-mail response to a job posting the business placed on an employment website and allowed the attacker to obtain the online banking credentials of the person who was authorized to conduct financial transactions within the company. The malicious actor changed the account settings to allow the sending of wire transfers, one to the Ukraine and two to domestic accounts. The malware was identified as a Bredolab variant, svrwsc.exe. This malware was connected to the ZeuS/Zbot Trojan, which is commonly used by cyber criminals to defraud U.S. businesses.

The FBI recommends that potential employers remain vigilant in opening the e-mails of prospective employees. Running a virus scan prior to opening any e-mail attachments may provide an added layer of security against this type of attack. The FBI also recommends that businesses use separate computer systems to conduct financial transactions.  

Anyone who believes they have been a target this type of attack should immediately contact their financial institutions and local FBI office and promptly report it to the Federal Bureau of Investigation. The IC3’s complaint database links complaints together to refer them to the appropriate law enforcement agency for case consideration. The IC3 also uses complaint information to identify emerging trends and patterns.

HAITIAN EARTHQUAKE RELIEF FRAUD ALERT

01/13/10—The FBI today reminds Internet users who receive appeals to donate money in the aftermath of Tuesday’s earthquake in Haiti to apply a critical eye and do their due diligence before responding to those requests. Past tragedies and natural disasters have prompted individuals with criminal intent to solicit contributions purportedly for a charitable organization and/or a good cause.

Therefore, before making a donation of any kind, consumers should adhere to certain guidelines, to include the following:

  • Do not respond to any unsolicited (spam) incoming e-mails, including clicking links contained within those messages.
  • Be skeptical of individuals representing themselves as surviving victims or officials asking for donations via e-mail or social networking sites.
  • Verify the legitimacy of nonprofit organizations by utilizing various Internet-based resources that may assist in confirming the group’s existence and its nonprofit status rather than following a purported link to the site.
  • Be cautious of e-mails that claim to show pictures of the disaster areas in attached files because the files may contain viruses. Only open attachments from known senders.
  • Make contributions directly to known organizations rather than relying on others to make the donation on your behalf to ensure contributions are received and used for intended purposes.
  • Do not give your personal or financial information to anyone who solicits contributions: Providing such information may compromise your identity and make you vulnerable to identity theft.

Anyone who has received an e-mail referencing the above information or anyone who may have been a victim of this or a similar incident should notify the Federal Bureau of Investigation.  

CIRCULATION OF FRAUDULENT E-MAIL CLAIMING TO BE FROM U.S. CUSTOMS AND BORDER PROTECTION (CBP)

04/27/09—A spam e-mail claiming to be from former CBP Assistant Commissioner Thomas S. Winkowski is currently being circulated. This attempt to defraud is the typical e-mail scam using the name and reputation of a federal government official to create an air of authenticity.

The spam e-mail indicates the CBP has stopped a Diplomat who is carrying a consignment to be delivered to the recipient’s residence. This consignment allegedly contains millions of dollars, which is revealed to be an inheritance for the e-mail recipient.

As with many other scams, this e-mail advises the recipient they will be permitted to access this inheritance once the recipient has given the sender of the e-mail their personal information.

This e-mail is a hoax. Do not respond.

The U.S. CBP does not send unsolicited e-mails. Consumers should not respond to unsolicited e-mails or click on any embedded links, as they may contain viruses or malware.

It is imperative consumers guard their personally identifiable information (PII). Examples of a person’s PII include, but are not limited to: date of birth; social security number; and bank account numbers. Providing your PII will compromise your identity.

If you have received this e-mail, or a similar e-mail, please file a complaint with the Federal Bureau of Investigation.

SCHEME PURPORTEDLY ANNOUNCING A MILLIONAIRE CONTEST

04/07/09—The IC3 has been alerted to the circulation of a fraudulent e-mail, purportedly from The Oprah Winfrey Show, notifying recipients of their nomination for the “Oprah Millionaire Contest Show.” To participate, recipients are requested to mail their contact information such as full name, address, telephone number, and e-mail address; however, no mailing address was provided. Verified contestants are then required to purchase airfare and a ticket to attend The Oprah Winfrey Show, as well as complete a forthcoming contest form containing personal questions. The contestants are then promised a seat for The Oprah Winfrey Show in April and asked to provide their responses to the personal questions for a chance to win a million dollars.

Consumers always need to be alert to unsolicited e-mails. Do not open unsolicited e-mails or click on any embedded links, as they may contain viruses or malware. Providing your personally identifiable information will compromise your identity!

Individuals who receive such e-mails are encouraged to file a complaint with the Federal Bureau of Investigation.

FLURRY OF SPAM TARGETING THE FEDERAL BUREAU OF INVESTIGATION

12/11/08—Consumers continue to be inundated by spam purportedly from the FBI. As with previous spam attacks, the latest versions use the names of several high ranking executives within the FBI and even the IC3 to attempt to defraud consumers.

Many of the spam e-mails currently in circulation claim to be an “official order” from the FBI’s Anti-Terrorist and Monetary Crimes Division, from an alleged FBI unit in Nigeria, confirm an inheritance, or contain a lottery notification, all informing recipients they have been named the beneficiary of millions of dollars. To claim the large sum, recipients are instructed to furnish their personally identifiable information (PII) and are often threatened with some type of penalty, such as prosecution, if they fail to do so. Specific PII information requested includes, but is not limited to, the recipient’s name, banking information, telephone number, and a copy of their passport.

The spam e-mail allegedly from the IC3 states that the recipient has extorted money and will be given a limited amount of time to refund the money or face prosecution.

Do not respond. These e-mails are a hoax.

The FBI does not send unsolicited e-mails of this nature. FBI executives are briefed on numerous investigations but do not personally contact consumers regarding such matters. In addition, the IC3 does not send threatening letters to consumers demanding payments for Internet crimes.

Consumers should not respond to any unsolicited e-mails or click on any embedded links associated with such e-mails, as they may contain viruses or malware.

It is imperative consumers guard their PII. Providing your PII will compromise your identity.

If you have been a victim of Internet crime, please file a complaint with the Federal Bureau of Investigation