Online Robbery Invitations
Tuesday, February 23, 2010 Social networking has become wildly popular. It seems everyone’s tweeting, Google Buzzing, Foursquaring or Face booking nowadays. It’s all about what you’re doing right now and where you’re doing it.
But this apparently insatiable appetite we’ve developed for information “as it’s happening” carries with it a hidden danger. When you “tweet” a friend or “Foursquare” a business associate that you’re en route to your favorite vacation destination, you’re also sending a message to criminals that you’re not at home and that your place of residence and all of its contents are theirs for the taking. That’s right. Thieves are keeping close tabs on status updates to help them select their targets. It’s been dubbed “Internet shopping for burglars.”
A new website called pleaserobme.com helps to highlight the potential dangers of location-sharing by simply combining publicly shared check-ins. In a hypothetical bid to accommodate would-be burglars and thus, raise awareness of the problem, check-ins are referenced as “recent empty homes” and “new opportunities.” With an estimated 40% of social network users routinely sharing information about their whereabouts, it’s no surprise that criminals regard these platforms as “target rich environments.”
When you share your location via a social network like Google Buzz or Foursquare, you are putting yourself and your family at risk. It’s probably best to skip on the details regarding your whereabouts and always refrain from sharing your address anywhere online. It’s either that or start telling everyone that your cousin- the Navy Seal- is staying at your place while he decompresses from his recent tour of duty in Afghanistan.
From the NW3C Informant
Haitian Earthquake Disaster Email Scams and Search Engine Poisoning Campaigns
Thursday, January 14, 2010 WHPD-CCU would like to warn residents of potential email scams and search engine poisoning campaigns that may circulate regarding the Haitian Earthquake disaster. The scam emails may contain links or attachments which may direct users to phishing or malware-laden websites.
Fraudulent search engine results may return similar malicious web links to phishing and malware websites.
WHPD-CCU encourages users to take the following measures to protect themselves:
Do not follow unsolicited web links or attachments in email messages.
Maintain up-to-date antivirus software.
Refer to the Recognizing and Avoiding Email Scams (pdf) document
Refer to the Avoiding Social Engineering and Phishing Attacks document for more information on social engineering attacks.
Survey Sheds New Light on Sexting Controversy
Monday, December 21, 2009 According to a new survey on “sexting,” nearly one out of every six teenagers who owns a cell phone has received nude or nearly nude images via text message from someone they know. The telephone poll of 800 people conducted by the Pew Internet and American Life Project will likely fuel the debate in some states already considering legislation aimed at stiffening penalties for the practice.
The survey is replete with other disconcerting revelations. For instance, boys are not the only ones sending revealing pictures- girls are doing it too! In fact, the survey found that boys and girls were equally likely to engage in sexting. No less alarming is the fact that some teens believe sexting is acceptable behavior because it’s less intimidating and more convenient than traditional dating.
Some experts believe the sexting phenomenon does not constitute abhorrent behavior on the part of teenagers (“teens will be teens”). Others speculate that the popularity of camera phones has made sexting “trendy.” Whatever the motivation, parents need to make their kids aware of the legal ramifications of sexting because in many jurisdictions, simply receiving a nude or partially nude picture via text message may constitute felony possession of child pornography.
FBI Releases Warning about Scareware
Monday, December 14, 2009 The Federal Bureau of Investigation (FBI) has released a warning to alert users about an ongoing threat involving pop-up security messages that appear on the Internet. These pop-up messages may contain seemingly legitimate antivirus software. Users who click on these pop-up messages to purchase and install the bogus software may become infected with malicious code or to become victims of a phishing attack.
The WHPD-CCU encourages users and administrators to do the following to help mitigate the risks:
Review the FBI Press Release titled Pop-Up Security Warnings Pose Threats
Install antivirus software, and keep the signature files up to date.
Use caution when entering personal and financial information online.
Install software applications from only trusted sources
H1N1 Malware Campaign
Wednesday, December 2, 2009 WHPD-CCU is aware of public reports of a malware campaign circulating.
This campaign is circulating via email messages offering information regarding the H1N1 vaccination. This email messages contain a link to a bogus Centers for Disease Control and Prevention website. Users who click on this link may become infected with malware. Public reports indicate that these email messages are noted as having subject lines such as: "Governmental registration program on the H1N1 vaccination" and "Your personal vaccination profile." Please note that subject lines may change at any time.
WHPD-CCU encourages users to take the following precautions to help mitigate the risks:
Install antivirus software, and keep the signature files up to date.
Do not follow unsolicited links and do not open unsolicited email messages.
Use caution when visiting un-trusted websites.
Refer to the Recognizing and Avoiding Email Scams (pdf) document for more information on avoiding email scams.
Refer to the Avoiding Social Engineering and Phishing Attacks document for more information on avoiding social engineering attacks.
Paying Attention to Your Teen's Secret Text Messages: NALOPKT
Wednesday, November 25, 2009 Teenagers have always had their own lingo while communicating amongst themselves. Considering that teens are more apt to text one another than have an actual conversation, it’s no surprise that yet another “language” has surfaced. “Leetspeak” (or “Leet” for short) as known among the tech-savvy crowd is a heavily abbreviated form of messaging. It has thrived in the Short Message Service (SMS) texting environment where messages are limited to less than 200 characters.
“Leetspeak” has inadvertently become yet another possible communication barrier between parent and child. Parents who take their responsibility seriously and keep up with their youth may feel disadvantaged to browse through their teen’s SMS messages only to see something resembling Egyptian hieroglyphics. Here are some current codes and their meanings:
| Code | Meaning |
| PAW | Parents Are Watching |
| 143 | L Love You |
| 182 | I Hate You |
| KPC | Keeping Parents Clueless |
| LMIRL | Lets Meet In Real Life |
| 420 | Marijuana |
| ADR | Address |
| ASL | Age/Sex/Location |
A couple of techniques for decoding are relatively simple. For instance, most messages, like acronyms, are represented by the first letter of each word in the phrase. Those characters are in turn represented by the numbers associated with them on a telephonic keypad.
Parents now have a great free tool at their disposal. Go to http://www.teenchatdecoder.com/ for more information and to try out your own online decoder.
Federal Deposit Insurance Corporation Warns Public of Fraudulent Email
Tuesday, October 27, 2009 The Federal Deposit Insurance Corporation (FDIC) has released information warning the public about fraudulent email messages purporting to come from the FDIC. These email messages provides a link to a fraudulent FDIC website. Users are then instructed to download their "personal FDIC Insurance File."
More information regarding these messages can be found in the Federal Deposit Insurance Corporation's Consumer Alerts website. Users are encouraged to take the following measures to protect themselves from this type of phishing scam:
Do not follow unsolicited web links received in email messages.
Verify the website by manually typing the URL when attempting to connect to web sites recommended in an email.
Blackberry PhoneSnoop Application Used to Spy on Users
Tuesday, October 27, 2009 A new application that has been released called PhoneSnoop allows an attacker to call a user's BlackBerry and listne to personal conversations. In order to install and setup the PhoneSnoop application, attackers must have physical access to the users device or convince a user to install PhoneSnoop.
BlackBerry users are encouraged to only download Blackberry applications from trusted sources and to password protect and lock BlackBerry devices.
Federal Bureau of Investigation Warns Public of Fradulent Spam Email
Tuesday, October 6, 2009 The Federal Bureau of Investigation (FBI) has released information warning the public about fraudulent email messages purporting to come from the FBI or the Department of Homeland Security. These email messages contain a malicious attachment that claims to provide an intelligence report or bulletin, but in reality attempts to launch malware on the user's system.
More information regarding these messages can be found in the Federal Bureau of Investigation's New E-Scams and Warnings web site.
To help protect against this type of attack, the WHPD recommends that users avoid opening attachments contained in unsolicited email messages.
Scammers Targeting New Census Forms
Thursday, October 1, 2009 There are reports that there is a new phishing scam based on the up coming 2010 Census. The Census Bureau has said some surveys will be delivered by email, by the actual Census will not.
The Census is not the only government document being targeted by fraudsters. Emails asking for tax information and information to influence stimulus funds can also be bogus. What information should you be wary of giving out? Government entities will not ask you for your Social Security Number, passwords, PIN numbers, credit card or bank information. Another tip that will help protect you: when filling out forms, be sure to only put information in the required fields; these fields are generally marked with a star.
If you have any questions about an email that seems to have come from the Census Bureau, you can contact the Census Bureau directly. If you believe a census email is fraudulent, forward it to itso.fraud.reporting@census.gov. Other email scams can be reported to the Internet Crime Complaint Center at www.ic3.gov. With some common sense and fact-checking, you can avoid becoming a victim of identity fraud. Share these tips with your family; especially those that fraudsters consider vulnerable- young children and the elderly.
Malicious Code Spreading via IRS Scam
Monday, September 28, 2009 US-Cert is aware of public reports of malicious code circulating via spam email messages related to the IRS. The attacks arrive via an unsolicited email message and may contain a subject line of "Notice of Underreported Income." These messages may contain a link or attachment. If users click on this link or open the attachment, they may be infected with malicious code, including the Zeus Trojan.
The WHPD CCU along with the US-CERT encourages users to take the following measures to protect themselves:
Do not follow unsolicited web links or attachments in email messages
Maintain up-to-date antivirus software
Refer to Recognizing and Avoiding Email Scams (56KB PDF) for more information on avoiding email scams
Refer to Understanding Social Engineering and Phishing Attacks in our Awareness section
FBI in Charlotte warns of e-mail scam
Tuesday, September 22, 2009 The Charlotte Division of the FBI is warning computer users about an email that looks like it's being sent from the special agent in charge of the Charlotte Division, Owen D. Harris.
The sender is trying to obtain bank records from the recipients, and threatens legal action if the request isn't answered.
An email user who receives the email should delete it immediately, said Amy Thoreson of the FBI Charlotte Division. Anyone who gets the request can also report it to the FBI Internet Crime Complaint Center at IC3.gov.
The FBI never requires victims or subjects of investigations to provide bank account information via email, Thoreson said.
Facebook: Popularity Breeds Opportunity
Tuesday, September 15, 2009 There’s no doubt that Facebook has become the most popular social networking venue on the planet. The Web site boasts 250 million active users. That’s a pretty impressive figure. But if you’re a cyber thief, that number constitutes the main entree on a dinner menu replete with exotic delicacies. Where people gather in significant numbers, the bad guys are sure to follow and you can bet, they’ll be salivating all the way there.
Over the past few years, cyber thieves have hacked their way into Facebook user accounts using a variety of malicious programs. Perhaps the most notorious was the “Koobface” virus; an especially nasty worm that transformed computers into zombies. Some say a new, more sophisticated version is already on the prowl.
To its credit, Facebook is Johnny-on-the-spot when it comes to disabling links to hazardous Web sites and blocking harmful emails. Videos and other items posted directly on the site are transformed to make sure any attending viruses are effectively sterilized. The small number of users who have encountered problems, according to Facebook, do so after being lured away from the site.
Despite an impressive security net, Facebook users need to be constantly aware of seemingly benign messages like “Hey, look at this video! It’s funny!” or “Click here to update the latest version of Flash Player.” Why? Because at least 10% of consumers still click on suspicious links in emails. If you do the math, that translates to about 25 million Facebook users- an impressive figure if you’re a bad guy trolling for victims.
Increasing Number of Americans Falling Prey to Cleverly-Disguised Work At Home Scams
Monday, August 3, 2009 One of the more prevalent scams is sent via email to a recipient alerting the individual that the scammer saw their resume on CareerBuilder.com. The job-seeker is made to believe they will be working as a payment processor, data/clerical administrator, secretary for a billing department or account manager for a foreign company and will receive a percentage as their commission.
Although there will be no background check, no real interview and no verifying of references, the job-seeker will be required to provide the usual employment information. This includes their full name, address, phone number and social security number. In other words, all the information needed for identity theft. After the job-seeker becomes an “employee” of the company, they will start receiving money in the form of checks or wire transfers. The employee may be asked to wire the money to another company, another contractor or a phony customer.
The scammer’s intent is to get the job-seeker to accept funds, deposit the “check” (which happens to be counterfeit) from a person with whom they are not dealing directly and send those funds to someone else before the bank catches on. The “check” will have a legitimate business name and account number and therefore will pass through many bank “holds.”
In some cases, victims of this scam are being arrested and criminally charged for depositing counterfeit checks.
If you have been victimized by this scam, NW3C strongly recommends that you contact the Winthrop Harbor police department and then file a complaint with the Internet Crime Complaint Center (IC3) by visiting www.ic3.gov. IC3 is a partnership between NW3C and the FBI.
Email alerts are received by the Winthrop Harbor Police Department Cyber Crimes Unit from a variety of reliable sources and passed on to you.Such sources include but are not limited to the FBI, NW3C, US-Cert, FTC and others.