Email Security
Email Scams and virus alerts
For an in-depth look at staying secure online, visit the FTC’s website.
According to the FBI, these are the most recent Internet scams you need to protect against:
- Ransomware
- Tech Support Scams
- Extortion Tied to Data Breaches
- Stolen Identity Refund Fraud
Ransomware
Ransomware is a type of malware installed on a computer or server that encrypts the files, making them inaccessible until a specified ransom is paid. Ransomware is typically installed when a user clicks on a malicious link, opens a file in an email that installs the malware, or through drive-by downloads from a compromised Web site.
New ransomware variants are emerging regularly. Cyber security companies reported that in the first several months of 2016, global ransomware infections were at an all-time high. Within the first weeks of its release, one particular ransomware variant compromised an estimated 100,000 computers a day.
Victims may not report to law enforcement for a number of reasons, including concerns over not knowing where and to whom to report; not feeling their loss warrants law enforcement attention; concerns over privacy, business reputation, or regulatory data breach reporting requirements; or embarrassment. Additionally, those who resolve the issue internally either by paying the ransom or by restoring their files from back-ups may not feel a need to contact law enforcement.
The Ransom
The FBI does not support paying a ransom to the adversary. Paying a ransom does not guarantee the victim will regain access to their data; in fact, some individuals or organizations are never provided with decryption keys after paying a ransom. Paying a ransom emboldens the adversary to target other victims for profit, and could provide incentive for other criminals to engage in similar illicit activities for financial gain. While the FBI does not support paying a ransom, it recognizes executives, when faced with inoperability issues, will evaluate all options to protect their shareholders, employees, and customers.
Defense
The FBI recommends users consider implementing the following prevention and continuity measures to lessen the risk of a successful ransomware attack.
- Regularly back up data and verify the integrity of those backups. Backups are critical in ransomware incidents; if you are infected, backups may be the best way to recover your critical data.
- Secure your backups. Ensure backups are not connected to the computers and networks they are backing up. Examples might include securing backups in the cloud or physically storing them offline. It should be noted, some instances of ransomware have the capability to lock cloud-based backups when systems continuously back up in real-time, also known as persistent synchronization.
- Scrutinize links contained in emails and do not open attachments included in unsolicited emails.
- Only download software – especially free software – from sites you know and trust. When possible, verify the integrity of the software through a digital signature prior to execution.
- Ensure application patches for the operating system, software, and firmware are up to date, including Adobe Flash, Java, Web browsers, etc.
- Ensure anti-virus and anti-malware solutions are set to automatically update and regular scans are conducted.
- Disable macro scripts from files transmitted via email. Consider using Office Viewer software to open Microsoft Office files transmitted via email instead of full Office Suite applications.
- Implement software restrictions or other controls to prevent the execution of programs in common ransomware locations, such as temporary folders supporting popular Internet browsers, or compression/decompression programs, including those located in the AppData/LocalAppData folder.
Tech Support Scam
The Internet Crime Complaint Center is receiving an increase in complaints related to technical support scams, where the subject claims to be an employee (or an affiliate) of a major computer software or security company offering technical support to the victim. Recent complaints indicate some subjects are claiming to be support for cable and Internet companies to offer assistance with digital cable boxes and connections, modems, and routers. The subject claims the company has received notifications of errors, viruses, or security issues from the victim’s internet connection. Subjects are also claiming to work on behalf of government agencies to resolve computer viruses and threats from possible foreign countries or terrorist organizations.
Technical Details
- Initial contact with the victims occurs by different methods. Any electronic device with Internet capabilities can be affected.
- Telephone: This is the traditional contact method. Victims receive a “cold” call from a person who claims the victim’s computer is sending error messages and numerous viruses were detected. Victims report the subjects have strong foreign accents.
- Pop-up message: The victim receives an on-screen pop-up message claiming viruses are attacking the device. The message includes a phone number to call to receive assistance.
- Locked screen on a device (Blue Screen of Death – BSOD): Victims report receiving a frozen, locked screen with a phone number and instructions to contact a (phony) tech support company. Some victims report being redirected to alternate websites before the BSOD occurs. This has been particularly noticed when the victim was accessing social media and financial websites.
- Pop-up messages and locked screens are sometimes accompanied by a recorded, verbal message to contact a phone number for assistance.
Once the phony tech support company/representative makes verbal contact with the victim, the subject tries to convince the victim to provide remote access to their device.
If the device is mobile (a tablet, smart phone, etc.), the subject often instructs the victim to connect the device to a computer to be fixed. Once the subject is remotely connected to the device, they claim to have found multiple viruses, malware, and/or scareware that can be removed for a fee. Fees are collected via a personal debit or credit card, electronic check, wire transfer, or prepaid card. A few instances have occurred in which the victim paid by personal check.
Extortion Email Schemes Tied to Recent High-Profile Data Breaches
The Internet Crime Complaint Center continues to receive reports from individuals who have received extortion attempts via email related to recent high-profile data thefts. The recipients are told that personal information, such as their name, phone number, address, credit card information, and other personal details, will be released to the recipient’s social media contacts, family, and friends if a ransom is not paid. The recipient is instructed to pay in Bitcoin, a virtual currency that provides a high degree of anonymity to the transactions. The recipients are typically given a short deadline. The ransom amount ranges from 2 to 5 bitcoins or approximately $250 to $1,200.
The following are some examples of the extortion emails:
- “Unfortunately your data was leaked in a recent corporate hack and I now have your information. I have also used your user profile to find your social media accounts. Using this I can now message all of your friends and family members.”
- “If you would like to prevent me from sharing this information with your friends and family members (and perhaps even your employers too) then you need to send the specified bitcoin payment to the following address.”
- “If you think this amount is too high, consider how expensive a divorce lawyer is. If you are already divorced then I suggest you think about how this information may impact any ongoing court proceedings. If you are no longer in a committed relationship then think about how this information may affect your social standing amongst family and friends.”
- “We have access to your Facebook page as well. If you would like to prevent me from sharing this dirt with all of your friends, family members, and spouse, then you need to send exactly 5 bitcoins to the following address.”
- “We have some bad news and good news for you. First, the bad news, we have prepared a letter to be mailed to the following address that details all of your activities including your profile information, your login activity, and credit card transactions. Now for the good news, You can easily stop this letter from being mailed by sending 2 bitcoins to the following address.”
Fraudsters quickly use the news release of a high-profile data breach to initiate an extortion campaign. The FBI suspects multiple individuals are involved in these extortion campaigns based on variations in the extortion emails.
Tips to Protect Yourself
- Do not open email or attachments from unknown individuals.
- Monitor your bank account statements regularly, as well and as your credit report at least once a year for any fraudulent activity.
- Do not communicate with the subject.
- Do not store sensitive or embarrassing photos of yourself online or on your mobile devices.
- Use strong passwords and do not use the same password for multiple websites.
- Never provide personal information of any sort via email. Be aware, many emails requesting your personal information appear to be legitimate.
- Ensure security settings for social media accounts are turned on and set at the highest level of protection.
- When providing personally identifiable information, credit card information, or other sensitive information to a website, ensure the transmission is secure by verifying the URL prefix includes https, or the status bar displays a “lock” icon.
Technical Details Stolen Identity Refund Fraud
Stolen Identity Refund Fraud (SIRF) is defined as the fraudulent acquisition and use of the Personally Identifiable Information (PII) of US persons or visa holders to file tax returns. The fraudulent tax returns are sent to bank accounts or pre-paid cards that are held under their control. SIRF is relatively easy to commit and extremely lucrative for criminal actors. While all U.S. taxpayers are susceptible to SIRF, over the past year, criminal actors have targeted specific portions of the population, including: temporary visa holders, the homeless, prisoners, the deceased, low-income individuals, children, senior citizens, and military personnel deployed overseas. This may be due to the perception by criminal actors that these individuals are less likely to be aware of or receive notification that their identity has been stolen.
After criminal actors steal PII, they use corrupt tax preparation companies or online tax software to file fraudulent tax returns with the stolen identity information at the federal and state level. The only legitimate information needed to file a fraudulent tax return is a name and social security number. This information is obtained by criminal actors through a variety of techniques, including computer intrusions, the online purchase of stolen PII, the physical theft of data from individuals or third parties, the impersonation of government officials through both phishing and cold-calling techniques, the exploitation of PII obtained through one’s place of employment, the theft of electronic medical records, and searching multiple publicly available Web sites and social media. After the criminal actors electronically file fraudulent tax returns, they use pre-paid debit cards or bank accounts under their control to route fraudulent returns. The balances on the pre-paid cards and bank accounts are depleted shortly after the tax refund is issued.
Additionally, investigative information shows cyber criminals compromised legitimate online tax software accounts during the 2015 tax season. Cyber criminals modified victims’ online tax software account information, diverting tax refunds to bank accounts or pre-paid cards under their control.
Many victims of SIRF do not know they have been targeted until they try to file their legitimate tax return. Many also receive notifications in the mail that their returns are being audited or are under review before they have even filed their tax returns.
Tips to protect yourself:
- File tax returns as early as possible.
- Monitor your bank account statements regularly, as well and as your credit report at least once a year for any fraudulent activity.
- Report unauthorized transactions to your bank or credit card provider as soon as possible.
- Be cautious of telephone calls or emails that require you to provide your personal information, especially your birth date or social security number. If you are in doubt, do not provide the requested information.
- Do not open email or attachments from unknown individuals. Additionally, do not click on links embedded in emails from unknown individuals.
- Never provide personal information of any sort via email. Be aware, many emails requesting your personal information appear to be legitimate.
- If you use online tax services, ensure your bank account is accurately listed before and after you file your tax return.
- Ensure sensitive information is permanently removed from online tax software accounts that are no longer being used. Allowing online accounts to become dormant can be risky and make you more susceptible to tax fraud schemes.
- If you feel you are a victim, immediately contact the three major credit bureaus to place a fraud alert on your credit records.