Feature Article
Mark Pribish
FBI Scammers Impersonating the FBI Are Now a Leading Online Threat
By Mark Pribish
Vice President and ID Theft Practice Leader

I recently had the honor of being nominated to attend, and graduated from the FBI Citizens Academy 8-week program. The program brings together community leaders to experience firsthand some of the inner workings of the FBI. During the program I learned how the FBI investigates crimes and national security threats, the various tools and tactics they employ to keep our nation safe and secure and even went through two hands-on firearm and swat exercises, and a CSI type forensic investigation.

In addition, I learned about the numerous federal and state law enforcement organizations including the Internet Crime Complaint Center (IC3).

On May 10, 2012, the Internet Crime Complaint Center released its 2011 Internet Crime Report (please see 2011 IC3 Internet Crime Report (pdf) - which is a summary of the latest online criminal data and trends.

According to the report, 2011 marked the third year in a row that the IC3 received more than 300,000 complaints. Specifically, there were a total of 314,246 Internet complaints representing a 3.4 percent increase over 2010 with a reported dollar loss of $485.3 million.

The IC3 said the top five online crimes included:

  • FBI-related Scams - scams in which a criminal poses as the FBI to defraud victims.
  • Identity Theft - unauthorized use of a victim's personal identifying information to commit fraud or other crimes.
  • Advance Fee Fraud - criminals convince victims to pay a fee to receive something of value, but do not deliver anything of value to the victim.
  • Non-Auction/Non-Delivery of Merchandise - purchaser does not receive items purchased.
  • Overpayment Fraud - an incident in which the complainant receives an invalid monetary instrument with instructions to deposit it in a bank account and send excess funds or a percentage of the deposited money back to the sender.

For example, the IC3 said the names of various government agencies and high-ranking government officials have been used in spam attacks in an attempt to defraud consumers. Consumers need to know that government agencies do not send unsolicited emails.

That said, complaints related to spam emails supposedly sent from the FBI continued to be reported with high frequency to IC3. In 2011, IC3 received about 39 complaints per day with an average reported loss of approximately $245 per complaint with victims reported losing more than $9,600 to this scam every day.

The 2011 IC3 report also found that the IC3 received and processed more than 26,000 complaints per month and that the top five worst complaint states were California (34,169), Florida (20,034), Texas (18,477), New York (15,056) and Ohio (12,661). Victims in California reported the highest dollar losses with a total of $70.5 million. For victims reporting financial losses, the average was $4,187.

For those of you unfamiliar with the IC3, it was started in 2000 and is a partnership between the Federal Bureau of Investigation (FBI), the National White Collar Crime Center (NW3C), and the Bureau of Justice Assistance (BJA).

Since its start in 2000, IC3 has become a mainstay for victims reporting Internet crime and a way for law enforcement to be alerted of such crimes. IC3's service to the law enforcement community includes federal, state, tribal, local, and international agencies that are combating Internet crime.

In addition, IC3 receives, develops, and refers criminal complaints of cybercrime. IC3 gives victims a convenient and easy-to-use reporting mechanism that alerts authorities of suspected criminal or civil violations. For law enforcement and regulatory agencies at the local, state, federal, and international levels, IC3 provides a central referral mechanism for complaints involving online crime.

The IC3 believes - that the more Internet crime is reported - the better it can assist law enforcement in the apprehension and prosecution of those responsible for perpetrating Internet crime.

According to Acting Assistant Director of the FBI's Cyber Division - Michael Welch, "Internet crime is a growing problem that affects computer users around the world and causes significant financial losses. The IC3 is an efficient mechanism for the public to report suspicious e-mail activity, fraudulent websites, and Internet crimes. These reports help law enforcement make connections between cases and identify criminals."

To conclude, if you believe you are a victim of an internet crime, you can go to the Internet Crime Complaint Center (please see here) to read the terms and conditions and to complete the Complaint Referral Form.

To learn more about these threats and how to protect yourself and your family from Identity Theft, you can read my past newsletters at the Merchants Identity Theft Educational Website at www.idtheftedu.com.


Scam Central

Hotels, Laptops and Malware

When people travel, it is not uncommon for them to take their laptops or other wireless devices with them. Whether they may be travelling for business purposes or for a family vacation, they may want to receive email, stream media, or work on presentations. Most of these activities require some sort of connection to the Internet. For those with smartphones, the connection is already in place. But for many others, a laptop or iPad is really the preferred tool, and connecting to the hotel's free wireless Internet connection is their best option, as to not use up precious data minutes through their wireless provider.

Whenever a computer or other wireless device connects to the Internet, many of the software applications installed on the device search their "homebase" for updates. In fact, most applications are programmed to do so. When an application finds an available update, it prompts the user to install the update. In general, software updates are desirable. Updates provide critical patches for security vulnerabilities and bug fixes for other glitches, all in an effort to provide the user with a safer, more secure, and better user experience.

Recently, some hotel guests are finding that simple updates via hotel wireless networks are leading to big headaches, and that is because the updates are not from the software provider; they are from criminals!

How It Works:

While staying at a hotel, a user connects to the hotel wireless Internet and soon gets a popup for a popularly installed application claiming it is out of date and that there is an update available. The user decides to go ahead and install the update, but instead, what they are really installing is malicious software that criminals use to steal their Personally Identifiable Information (PII) and commit fraud.

Criminals have cleverly infiltrated the hotel's wireless Internet connection and routinely scan for newly connected devices. Once they find one, they will display a popup window for a piece of software commonly found on all computers or devices in hopes to entrap the user. If the user proceeds with the update, the malicious software now places them at risk for identity theft.

Your Defense:

Whether you find yourself travelling a great deal or only occasionally, you can defend yourself against this type of attack. When you receive a popup prompting you to update software, check the certificate to see if it is registered to the actual software vendor. If it is not, do not install the update. You can also visit the software vendor's website to see what the latest software version is. Does it match what the popup claims? If not, don't trust it.

If at possible, you should always wait until you return home or to work where you will have a trusted and safe Internet connection by which you can download and install the update. In addition, if your home's wireless network is not secure, you should make every effort to secure it before you proceed any further. By not having a safe and secure network you open yourself up to these types of attacks. For some helpful hints on how to secure your wireless network at home, please refer to a previous article on wireless network security.

Another way to protect yourself is to update your system before you travel on vacation. This will allow you to know that your system is already up-to-date and that the popup you see is probably bogus.

Whichever route you take, be sure to stay alert. It is rather easy to fall victim to this type attack, especially if you like to keep your system or device(s) up-to-date. When in doubt, ask yourself if you could survive without the update until you return home. Chances are, you probably can.

If you believe your identity has been stolen, call 866.SMART68 today.