 |
|
|
|
|
|
|
|
 |
 |
 |
 |
 |
|
||
 |
 |
|
|||||
 |
 |
|
|||||
Alerts
 |
|
|
|
 |
 |
 |
|
FTC Warns Consumers About Potential Charity Scams
New Phishing Campaign Identified
ATM Card Skimming and PIN Capturing Awareness Guide *
Foreclosure Rescue Scams: How to Avoid Becoming a Victim *
FDIC Warns of Fraudulent E-Mail
Tax Rebate is Lure for Identity Theft
Security Freezes Are Now Available Nationwide
An Update on the Do Not Call List
TOP
In the Wake of Japan's Massive Earthquake, FTC Warns
Consumers About Potential Charity Scams
From an FTC Tips For Consumers article dated 03/14/2011:
After the earthquake that rocked Japan's northeast coast and triggered a widespread tsunami last week, the Federal Trade Commission is urging consumers to be cautious of potential charity scams.
The FTC, the nation's consumer protection agency, warns consumers to carefully consider urgent appeals for aid that they receive in person, by phone or mail, by e-mail, on websites, or on social networking sites.
The agency's Charity Checklist advises consumers about donating wisely to charities. If you are asked to contribute to a charity, the FTC recommends that you:
For more information about how you can help disaster victims in Japan, visit the U.S. Agency for International Development website.
The FTC works to prevent fraudulent, deceptive and unfair business practices in the marketplace and to provide information to help consumers spot, stop, and avoid them. To file a complaint or get free information on consumer issues, visit ftc.gov or call toll-free, 1-877-FTC-HELP (1-877-382-4357); TTY: 1-866-653-4261. Watch a new video, How to File a Complaint, at ftc.gov/video to learn more. The FTC enters consumer complaints into the Consumer Sentinel Network, a secure online database and investigative tool used by more than 1,800 civil and criminal law enforcement agencies in the U.S. and abroad.
MEDIA CONTACT:
Office of Public Affairs
202-326-2180
TOP
New Phishing Campaign Identified
From an Epcor Fraud Alert posted here 02/10/2011:
Researchers from AppRiver, an email security vendor, have identified a new phishing campaign that targets merchant accounts from a payment processing vendor called First Data. First Data is an Atlanta-based provider of online and on-site payment solutions which caters to merchants, financial institutions and government agencies.
The emails detected by AppRiver contain "MERCHANT ACCOUNT UPDATE" as the subject line and claim to be from "FIRSTDATA SERVICES." The message within reads: "Dear First Data customer, please update your login. Download the attachment in this e-mail and proceed." The attachment entitled "Update Your Account Information.html," which when opened inside the browser, displays a fraudulent First Data Global Gateway login page which attempts to gather the merchant's store number, user ID, tax ID, phone number and password.
Once the hacker has gained access to the First Data account, he/she most likely has gained control of that specific merchants account.
Source: Softpedia
TOP
FDIC Fraudulent E-Mail Alert
From the FDIC Consumer Alerts dated 01/10/2011:
The Federal Deposit Insurance Corporation (FDIC) has received numerous reports of a fraudulent e-mail that has the appearance of being sent from the FDIC.
The subject line of the e-mails state: "Account Insurance from FDIC" or "FDIC Insurance." The e-mail tells recipients that their "account has been denied insurance from the Federal Deposit Insurance Corporation due to suspected violations of the Patriot Act." The e-mail goes on to ask recipients to "verify through our IDVerify below," stating that ".information will be checked against a federal government database for identity verification." The e-mail says that it is from "Donald E. Powell, Chairman Emeritus FDIC; John D. Hawke, Jr., Comptroller of the Currency; and Michael E. Bartell, Chief Information Officer."
This e-mail and associated Web site are fraudulent. Recipients should consider the intent of this e-mail as an attempt to collect personal or confidential information, or to load malicious software onto end users' computers and should not click on the link provided.
The FDIC does not issue unsolicited e-mails to consumers. Financial institutions and consumers should NOT follow the link in the fraudulent e-mail.
TOP
Counterfeit Cashier's Check
The counterfeit cashier's check scheme targets individuals that use Internet
classified advertisements to sell merchandise. Typically, an interested party
located outside the United States contacts a seller. The seller is told that the
buyer has an associate in the United States that owes him money. As such,
he will have the associate send the seller a cashier's check for the amount
owed to the buyer.
The amount of the cashier's check will be thousands of dollars more than the
price of the merchandise and the seller is told the excess amount will be used
to pay the shipping costs associated with getting the merchandise to his
location. The seller is instructed to deposit the check, and as soon as it
clears, to wire the excess funds back to the buyer or to another associate
identified as a shipping agent. In most instances, the money is sent to
locations in West Africa (Nigeria).
Because a cashier's check is used, a bank will typically release the funds
immediately, or after a one or two day hold. Falsely believing the check has
cleared, the seller wires the money as instructed.
In some cases, the buyer is able to convince the seller that some
circumstance has arisen that necessitates the cancellation of the sale, and is
successful in conning the victim into sending the remainder of the money.
Shortly thereafter, the victim's bank notifies him that the check was
fraudulent, and the bank is holding the victim responsible for the full amount
of the check.
If you believe you may have fallen victim to this type of scam and wish to
report it, please file a complaint with Internet Crime Complaint Center http://www.ic3.gov/complaint/default.aspx
Source: Internet Crime Complaint Centerhttp://www.ic3.gov/crimeschemes.aspx#item-3
The Internet Crime Complaint Center (IC3) was established as a partnership between the Federal Bureau of Investisation (FBI) and the National White Collar Crime Center (NW3C) to
serve as a means to receive Internet related criminal complaints and to further research,
develop, and refer the criminal complaints to federal, state, local, or international law
enforcement and/or regulatory agencies for any investigation they deem to be appropriate.
The IC3 was intended, and continues to emphasize, serving the broader law enforcement
community to include federal, as well as state, local, and international agencies, which are
combating Internet crime and, in many cases, participating in Cyber Crime Task Forces.
TOP
FDIC Warns of Fraudulent E-Mail
Received as email from http://www.fdic.gov/:
The Federal Deposit Insurance Corporation (FDIC)
has received numerous notifications from consumers of an e-mail that gives the
appearance of being sent from the FDIC. The "From" line of the e-mail
displays the name "Federal Deposit Insurance Corporation consumer"
and the subject includes the words "Consumer Protection."
Current versions of the fraudulent e-mail state:
"Who is FDIC?
The Federal Deposit Insurance Corporation (FDIC) preserves and promotes public
confidence in the
What can FDIC do for you?
Despite the efforts of law enforcement, Identity theft is becoming more
sophisticated and the number of new victims is growing. In general,consumers
are protected against liability for unauthorized accounts or transactions under federal and state law and by financial industry practices. Identity Theft can
affect consumers in many ways, thats [sic] why FDIC is presenting a new card
insurance which can restore you up to $500 if you are a victim of internet
fraud.
Learn more about Consumer Protection > Card Insurance:
Clicking here will redirect you to a online signup page for this program."
The e-mail requests that recipients click on a
hyperlink that is provided. This directs the recipient to a "spoofed"
Web page requesting the user to enter personal information to receive $500 of
"card insurance." The requested information (name, phone number,
Social Security number, address, card number, bank name, card expiration date,
card verification code, and electronic signature/ATM PIN) could be used to
perpetrate identity theft and gain unauthorized access to bank accounts. Be
aware that the appearance of the fraudulent e-mails can be modified and that
additional variations are possible.
Consumers should NOT access the link provided
within the body of the e-mail and should NOT, under any circumstances, provide
any personal financial information through this media.
Information about counterfeit items, cyber-fraud
incidents and other fraudulent activity may be forwarded to the FDIC's
Cyber-Fraud and Financial Crimes Section,
For your reference, FDIC Special Alerts may be
accessed from the FDIC's website at www.fdic.gov/news/news/SpecialAlert/2008/index.html.
To learn how to automatically receive FDIC Special Alerts through e-mail,
please visit www.fdic.gov/about/subscriptions/index.html.
TOP
Tax Rebate Is Lure for Identity Theft
The IRS has advised taxpayers of several new email and telephone scams for the tax return filing season in a new press release. These scams, including one involving rebates, attempt to trick taxpayers into revealing sensitive information regarding financial accounts which the scammers then use to commit identity theft. The press release, which describes each of these scams and what to do about them, is summarized below.
Rebates are advance payments made available under the new government economic stimulus package. They are already being used as lures to get consumers to give up personal information which can then be used by the scamsters to steal from the victim's bank account. This identity theft starts with a phone call from someone impersonating an IRS employee. The target of the phone call is told that in order to receive a rebate, the caller must be given sensitive bank account information. This phone call is a scam. The IRS does not gather information by telephone.
The IRS is also warning of bogus email that claims to have a link to a tax refund claim form. Clicking the link opens a fake form in which the victim enters bank account or credit card information. The IRS does not send unsolicited email about tax account matters to taxpayers.
Another new email scam may be especially deceptive. It contains a salutation using an actual name and a notification that an audit is being made on the recipient's tax return. Other email scams have been typically based on spamming techniques in which names are not used. Not only is the use of an individual's name unusual, the scam is unique in that it involves the audit notification. The IRS has not seen such a scam before this one appeared.
The IRS press release also describes a bogus tax law email wherein the recipient is instructed to click on a link that will download for them information on tax law changes. In reality, clicking the link could introduce malware that gives remote access to the victim's computer.
The final new IRS alert involves another phone scam. Here, a target of a phony telephone call is advised that a check from the IRS has not been cashed and that the individual's bank account number must be supplied. Again, the IRS does not contact taxpayers over the phone for personal information. In this case, if a taxpayer is expecting a direct electronic deposit of a refund, it is up to the individual to supply the IRS with the bank routing and account numbers on the tax return.
Forward questionable email to the IRS mailbox, phishing@irs.gov, using instructions contained in the article "How to Protect Yourself from Suspicious E-Mails or Phishing Schemes." This mailbox may also be used to notify the IRS of scams involving telephone calls.
TOP
Security Freezes Are Now Available Nationwide
Received as email from http://www.privacyrights.org/:
As of November 2007, the three credit bureaus -- Equifax, Experian
and TransUnion - began offering security freezes nationwide. A
security freeze is stronger and more effective than placing a fraud
alert on your credit report, because it prevents anyone from accessing
your credit file for any reason unless you instruct the credit bureaus
to unfreeze your report. Most businesses will not issue credit without
first reviewing the applicant's credit report or credit score. If an
individual's credit report is frozen and a fraudster applies for credit
in that individual's name, a creditor would deny the application,
preventing an instance of identity theft.
The procedures and costs for placing a security freeze vary from
state to state (in some states, security freezes are free for identity
theft victims). Non-victims who want to activate the security freeze
must pay a fee in most states. When applying for credit, the consumer
can lift the freeze so that legitimate applications for credit or
services can be processed.
For state-by-state information on security freezes, visit this
Consumers Union Web page:
http://www.consumersunion.org/campaigns/
learn_more/003484indiv.html
For additional tips on avoiding identity theft, see our fact sheet
"Reducing the Risk of Identity Theft" at
http://www.privacyrights.org/fs/fs17-it.htm.
TOP
An Update on the Do Not Call List
Received as email from http://www.privacyrights.org/:
Registrations on the Federal Trade Commission's (FTC) popular Do Not
Call list were set to expire in 5 years. For individuals that registered
at the list's inception, the 5 year expiration would have occurred in
2008. The FTC has now decided that it will not drop any telephone
numbers from its Do Not Call Registry based upon the five-year
expiration period pending further action to make registration permanent.
When the Do Not Call list was developed, the FTC adopted a five-year
re-registration mechanism and said that the list - which now contains
more than 145 million phone numbers - would be periodically purged of
disconnected or reassigned numbers. This was done to ensure that the
Registry was as accurate as possible. The Registry now includes a
scrubbing program that removes disconnected and reassigned numbers
each month.
The FTC has pledged to continue its efforts to maintain the
Registry's accuracy and ensure the continued success of the Do Not
Call program. It recently levied substantial penalties against
several companies alleged to call individuals on the Do Not Call
list. Bedmaker Craftmatic has agreed to pay $4.4 million to settle
claims that it called consumers at home despite their inclusion on
the Do Not Call registry. The Craftmatic penalty is the second-largest
to date behind DirecTV's $5.3 million fine in 2005.
TOP
IRS Warns Taxpayers of New E-mail Scams
The Internal Revenue Service has "alerted taxpayers to the latest versions of an e-mail scam intended to fool people into believing they are under investigation by the agency’s Criminal Investigation division" according to an IRS press release.
"The e-mail purporting to be from IRS Criminal Investigation falsely states that the person is under a criminal probe for submitting a false tax return to the California Franchise Tax Board. The e-mail seeks to entice people to click on a link or open an attachment to learn more information about the complaint against them." Clicking the link or opening the attachment enables someone to gain remote access to the victim's computer, endangering files on the hard disk. This type of attack, notes the article, is known as a Trojan Horse, a destructive program that pretends to be benign or even helpful.
The IRS press release goes on to state that the IRS does not send out unsolicited e-mails or ask for detailed personal and financial information including PIN numbers or passwords. "The IRS also sees other e-mail scams that involve tricking victims into revealing private personal and financial information over the Internet, a practice that is known as 'phishing' for information."
If you are a recipient of questionable e-mail claiming to come from the IRS, do not open any attachments or click on any links. Instead, forward the e-mail to phishing@irs.gov and follow the instructions.
Updates to the IRS press release describe other scams. One involves e-mail claiming to be an "investigation form" from the IRS "Fraud Department" but is in reality believed to be another Trojan Horse. Another phishing scam attempts to get recipients of a bogus IRS e-mail to fill out an online customer satisfaction survey and receive $80 in the process. The most recent e-mail scam reported by the IRS tells recipients that they are eligible to receive a tax refund. This e-mail makes use of a fraudulent web page that looks just like the IRS' legitimate "Where's My Refund?" web page. Recipents are either sent to the bogus page or it is sent to them as e-mail. Like other phishing schemes, this scam attempts to get the recipients to enter personal data such as SSNs, filing status and credit card account numbers. The IRS does not advise taxpayers of refunds via e-mail. Nor does it use e-mail to request financial information or initiate contact with taxpayers.
TOP
Beware the Card Trap!
The Card Trap is a very simple and easy way to capture cards in an ATM. The criminal begins the process by inserting a thin piece of folded plastic into the throat of the card reader. This plastic will “trap” the next inserted card and prevent it from fully entering the card reader of the ATM. A parasite devise can also be attached to read a card’s number. PIN data is also collected by means of a hidden camera or signs attached to the ATM directing the customer to perform any number of tasks that will allow the PIN to be ascertained. Often the criminal will pose as a fellow customer in line and offer help to the customer having difficulty. Customers who have their ATM card captured should immediately call into the Bank to report the incident, have their lost card blocked, and request a new card.
TOP
Scams to look out for:
