Tag Archives: Phishing

How phishing and work-at-home schemes work together

I just read a really eye-opening report from the Internet Crime Complaint Center (IC3) about how phishing emails, fraudulent ACH transactions and work-at-home schemes can be connected.

It starts with a “spear-phishing” message. Spear-phishing is a targeting form of phishing, made to look like it comes from someone you know, possibly a friend or employer. This message, rather than the usual phishing angle (“click this link to verify your account information”) will either contain a malware-infected attachment, or will link to a website that infects the user’s computer with malware.

This malware includes a keylogger program, which sends a record of keystrokes back to whoever originated the scheme. Once the victim logs into one of their financial institution accounts, this information is relayed back to the crooks.

At this point, the crooks will use either wire or ACH transfers to remove money from the victim’s account. However, it doesn’t end here.

The next victims in the process are those who have fallen for some form of work-at-home scheme (usually “processing payments” or similar). The money stolen from the first victim is wired into an account held by the next victim, who then transfers it back to the criminals, thinking they are actually processing a “payment” from the original victim.

So, they’re not just logging keystrokes to steal money from one group, they’re using a second set of victims to launder the money for them.

It would be brilliant if it weren’t so slimy.

This got me thinking about US Surveys, Inc., whom I wrote about a couple months ago. In doing research on this obvious mystery shopper scam, I actually came across a few victims who, at least for their first “assignment,” had actually made around $100. “They wired $900 into my Citibank account, then had me wire $800 back to them.” It was only on their second “assignment,” when they were asked to wire their own money first, that they began to wise up.

I thought that was kind of weird at the time. Were they actually paying you the first time just to earn your trust? It seemed like an awfully big gamble, since people were realizing that it was a scam soon afterwards (not to mention the risk of someone just taking the $900 and running).

Now it makes sense. The initial $900 was probably money stolen from a spear-phishing victim. That $100 these people had made was their payoff for helping someone launder money. They weren’t being ripped off initially, but they were helping a criminal conceal the source of funds.

The second, “Now wire us your money first” assignment was probably just an attempt at an extra payoff on their way out the door; by that point, the original victim (whose money was being laundered in the first transaction) had most likely discovered the fraud and locked the account. Thieves have to move quickly from victim to victim these days.

What all this leads me to is the following:

  1. Keep your virus protection up-to-date
  2. Learn about different types of scams so you’ll know what to watch for
  3. Do not become involved in work-at-home schemes that involve “processing payments” or wire transfers; these are money laundering schemes; the only real ways to legitimately work at home are to start your own business, or to work for a company that allows telecommuting
  4. The multi-level integration of these different types of fraud is terribly sophisticated; this is organized crime
  5. Because of #4 above, your best bet is just to avoid, avoid, avoid. Lose any big ideas you might have about trying to “scam the scammers”
  6. If you are a victim of this type of crime, in addition to the standard credit locks and police reports, file a complaint with the IC3; your information could help federal law enforcement stop this type of crime in the future.

Fraud Alert: FDIC warns of fraudulent emails

The following is the full text of an alert from the Federal Deposit Insurance Corporation (FDIC):

E-mail Claiming to Be From the FDIC – October 26, 2009

The Federal Deposit Insurance Corporation (FDIC) has received numerous reports of a fraudulent e-mail that has the appearance of being sent from the FDIC.

The subject line of the e-mail states: “check your Bank Deposit Insurance Coverage.” The e-mail tells recipients that, “You have received this message because you are a holder of a FDIC-insured bank account. Recently FDIC has officially named the bank you have opened your account with as a failed bank, thus, taking control of its assets.”

The e-mail then asks recipients to “visit the official FDIC website and perform the following steps to check your Deposit Insurance Coverage” (a fraudulent link is provided). It then instructs recipients to “download and open your personal FDIC Insurance File to check your Deposit Insurance Coverage.”

This e-mail and associated Web site are fraudulent. Recipients should consider the intent of this e-mail as an attempt to collect personal or confidential information, some of which may be used to gain unauthorized access to on-line banking services or to conduct identity theft.

The FDIC does not issue unsolicited e-mails to consumers. Financial institutions and consumers should NOT follow the link in the fraudulent e-mail.

Yet another reminder that you should never follow links in unsolicited email messages, especially those telling you to log in to something. Even if you had an account at a failed bank, the FDIC would have no way of knowing your email address.

Not even the FBI Director is above falling for a phishing scam

I spend a lot of time on this site repeating (explicitly or implicitly) these two ideas:

  1. You can take steps to vastly reduce your chances of becoming a victim of fraud or identity theft
  2. That said, nobody is ever 100% safe, and nobody is “too smart” to walk right into a scam

The following is an excerpt from a recent speech by FBI Director Robert S. Mueller, III:

Most of us assume we will not be targets of cyber crime. We are not as careful as we know we should be.  Let me give you an example.

Not long ago, the head one of our nation’s domestic agencies received an e-mail purporting to be from his bank. It looked perfectly legitimate, and asked him to verify some information. He started to follow the instructions, but then realized this might not be such a good idea.

It turned out that he was just a few clicks away from falling into a classic Internet “phishing” scam—“phishing” with a “P-H.” This is someone who spends a good deal of his professional life warning others about the perils of cyber crime. Yet he barely caught himself in time.

He definitely should have known better. I can say this with certainty, because it was me.

After changing all our passwords, I tried to pass the incident off to my wife as a “teachable moment.” To which she replied: “It is not my teachable moment. However, it is our money. No more Internet banking for you!”

If I didn’t dislike vapid clichés like “it really makes you think” so much, I’d probably say that right now. I mean, it would be funny (but not ha-ha funny) enough if someone like myself fell for a phishing email, but the FBI Director?

I think the Soup Nazi-esque “no online banking for you!” response is extreme, although I can see how a high-profile figure like Mueller could have his reasons beyond just his own personal finances for going offline—namely, his very credibility.

For the rest of us, though, online banking and bill payment is still very safe, as long as you’re informed when it comes to the dangers. If you get an email that appears to be from a financial institution, don’t click on any links within that message. Go directly to that bank, credit union or credit card company’s website by typing the URL manually, or by running a search on Google, and log in from there. Of course, if it’s from an institution you don’t even have a relationship with, you’re pretty safe in assuming it’s phony.

The full text of Mueller’s speech is an interesting read, if you have a few minutes, by the way.

Phishing Alert: 07/06/09

Emails and text messages that claim to come from Allegius Credit Union are rampant in Northwest Indiana right now. In fact, several REGIONAL employees have received these over the past two weeks.

Of course, not everyone who gets one of these messages is a member of Allegius, in which case it’s easy to see through the phishing attempt, like a few years ago when I received a phishing message that claimed to be from a credit union in Hawaii. However, Allegius does have a lot of members, and that’s what the criminals are counting on.

For example, let’s say they sent 100,000 emails, and 5,000 of those people are members. If only 1% of those people fall for it, they’ve got 50 account numbers, PINs, and probably some other information as well. That’s more than enough to do some serious damage and drain a lot of money from victim’s accounts.

I’m pasting the text of these email messages below. I don’t have an example of the text message version of this scam, but it essentially said the same thing: “your account has been suspended, please go to this site and log in.”

Your financial institution will never contact you in this way regarding account security. If you receive such messages, delete them immediately. Never click a link inside an email message of this nature, as it will take you to a website designed to appear legitimate, but set up for the sole purpose of stealing your information.

Example #1:

Subject: You have 1 new ALERT message

You have 1 new ALERT message
Please login into your Allegius Credit Union
account !
To Login, please click the link below:

Click Here

Copyright © 1998-2009 Allegius Credit Union All Rights Reserved.

Example #2:

Subject: Important Security Information

Dear Member,

Your It’s Me 247 Online Banking account has been locked temporarily due to many unsuccessful login attempts.

You are kindly advised to Login to It’s Me 247 Online Banking and follow the instructions on your screen.

The data submitted will be transmitted over an SSL encrypted connection (128 bit Secure Socket Layer).

The line about SSL encryption in the second message is a cute touch. Yet another attempt to make the message seem realistic. You might also think the phrase “You are kindly advised” seems a little off. It doesn’t seem like a phrase a financial institution would use, does it? It has a weird, “translated” aroma to it. Since a lot of these scams originate overseas, that’s probably not far from the truth.