This week, it's IT administrators that are specifically targeted with a phishing attack. The bad guys know very well that the most powerful weapons are administrator's credentials, as those really are the keys to the kingdom. So, what they are using is the instantly famous report that Mandiant wrote about the Chinese military hacking into 141 mostly U.S. businesses. An infected PDF version of the original report, titled "APT1: Exposing One of China's Cyber Espionage Units, is now being used as spear phishing bait to get IT people to open it up using two fake names: Mandiant.pdf and Mandiant_APT2_Report.pdf The infected document leverages a just-patched hole in Adobe Reader and was first spotted in Asia. Keep your eyes peeled for it hitting your own inbox. In the meantime, the actual report is fascinating reading, and you can find it here at the Mandiant website: http://intelreport.mandiant.com/.

Source: Cyberheist News,  www.knowbe4.com

Note: links to third party sites are provided for your convenience.  Bank of Ann Arbor does not control their content.

Kimberly Lankford of Kiplinger's Personal Finance has put together a very informative article, Protecting Yourself from New Year's Scams, warning of common scams that appear around the beginning of the new year.  

(Note: links to third party sites are provided for your convenience. Bank of Ann Arbor does not control their content.)

Washington – The Department of Justice, the FBI and the National Center for Disaster Fraud (NCDF) remind the public there is a potential for disaster fraud in the aftermath of a natural disaster. Suspected fraudulent activity pertaining to relief efforts associated with the recent series of tornadoes in the Midwest and South should be reported to the NCDF hotline at 866-720-5721. The hotline is staffed by a live operator 24 hours a day, seven days a week, for the purpose of reporting suspected scams being perpetrated by criminals in the aftermath of disasters.

NCDF was originally established in 2005 by the Department of Justice to investigate, prosecute and deter fraud associated with federal disaster relief programs following Hurricanes Katrina, Rita and Wilma. Its mission has expanded to include suspected fraud related to any natural or man-made disaster. More than 20 federal agencies – including the Justice Department’s Criminal Division, U.S. Attorneys’ Offices, Department of Homeland Security, Office of Inspector General and the FBI – participate in the NCDF, allowing the center to act as a centralized clearinghouse of information related to disaster relief fraud.

In the wake of natural disasters, many individuals feel moved to contribute to victim assistance programs and organizations across the country. The Department of Justice and the FBI remind the public to apply a critical eye and do due diligence before giving to anyone soliciting donations on behalf of hurricane victims. Solicitations can originate as emails, websites, door-to-door collections, mailings, telephone calls and similar methods.

Before making a donation of any kind, consumers should adhere to certain guidelines, including the following:

• Do not respond to any unsolicited (spam) incoming emails, including by clicking links contained within those messages, because they may contain computer viruses.
• Be cautious of individuals representing themselves as victims or officials asking for donations via email or social networking sites.
• Beware of organizations with copycat names similar to but not exactly the same as those of reputable charities.
• Rather than following a purported link to a website, verify the existence and legitimacy of non-profit organizations by using Internet-based resources.
• Be cautious of emails that claim to show pictures of the disaster areas in attached files, because those files may contain viruses. Only open attachments from known senders.
• To ensure that contributions are received and used for intended purposes, make donations directly to known organizations rather than relying on others to make the donation on your behalf.
• Do not be pressured into making contributions; reputable charities do not use coercive tactics.
• Do not give your personal or financial information to anyone who solicits contributions. Providing such information may compromise your identity and make you vulnerable to identity theft.
• Avoid cash donations if possible. Pay by debit or credit card, or write a check directly to the charity. Do not make checks payable to individuals.
• Legitimate charities do not normally solicit donations via money transfer services.
• Most legitimate charities maintain websites ending in .org rather than .com.

In addition to raising public awareness, the NCDF is the intake center for all disaster relief fraud. Therefore, if you observe that someone has submitted a fraudulent claim for disaster relief, or observe any other suspected fraudulent activities pertaining to the receipt of government funds as part of disaster relief or clean up, please contact the NCDF.

If you believe that you have been a victim of fraud by a person or organization soliciting relief funds on behalf of hurricane victims, or if you discover fraudulent disaster relief claims submitted by a person or organization, contact the NCDF by phone at (866) 720-5721, fax at (225) 334-4707 or email at http://www.ic3.gov/egress.aspx?u=mailto%3adisaster%40leo.gov&h=4140F8F901080C7FDA8B1827AF951ECF5CBC7A242D8A1F59BF37755CB664DBB0.

You can also report suspicious e-mail solicitations or fraudulent websites to the FBI’s Internet Crime Complaint Center at http://www.ic3.gov/.

Links to third party sites are provided for your convenience. Bank of Ann Arbor does not endorse or control content on these sites.

The Financial Fraud Enforcement Task Force maintains a wide list of resources and information dedicated to helping find and report suspected cases of financial fraud. 

What is the Financial Fraud Enforcement Task Force?

President Obama established the Financial Fraud Enforcement Task Force in November 2009 to hold accountable those who helped bring about the last financial crisis as well as those who would attempt to take advantage of the efforts at economic recovery.

The task force is improving efforts across the government and with state and local partners to investigate and prosecute significant financial crimes, ensure just and effective punishment for those who perpetrate financial crimes, recover proceeds for victims and address financial discrimination in the lending and financial markets.

With more than 20 federal agencies, 94 US Attorneys Offices and state and local partners, it’s the broadest coalition of law enforcement, investigatory and regulatory agencies ever assembled to combat fraud. 

Visit www.stopfraud.gov to learn how to protect yourself and to report fraudulent activities.

(Note: link is to third party site not controlled or monitor by Bank of Ann Arbor.)

New email claims to be from FDIC, threatens users confidential and personal data. A fraudulent e-mail purporting to be from the Federal Deposit Insurance Corporation (FDIC) offering cash in return for survey information could obtain access to personal and confidential information. The FDIC issued a warning to computer users that it has received numerous reports of fraudulent e-mails that have the appearance of having been sent by the FDIC. The e-mail contains a subject line “Survey Code: STJSPNUPUT.” It reads “you have been chosen by the FDIC to take part in our quick and easy 5 question survey. In response, will credit $100 dollars to your account just for your time.” The FDIC is warning consumers not to click on the link provided in the e-mail, as it is intended to obtain personal information or load malicious software onto users’ computers.

Here are some of the latest fraudulent attempts to get malware on your computer or reveal personal information.  The perpetrators can be quite careful to make their emails look authentic to lure you in to taking some action.  Be immediately suspicious of unsolicited emails asking you to click on a link to get a report, statement, or other document. 

 Notice from Federal Trade Commission (FTC) stating that a case is closed and reports accessed via a link.

Warning that the Federal government is considering a 1% tax on all banking transactions.  The information is misleading (yes, a bill was introduced but is extremely unlikely to even get out of committee) and the email often contains a link that could put malware on your computer.

When you get an email that seems out of the norm, that is unsolicited or contains unfamiliar links,  we recommend that you:

• Delete it immediately
• Never open it
• Never click on its links
• Never open its attachments
• Never reply or forward it

The Federal Deposit Insurance Corporation (FDIC) has received numerous reports of fraudulent e-mails that appear to be from the FDIC and contain an infected attachment.

The fraudulent e-mails have addresses such as "no.reply@fdic.gov" or "notify84zma@fdic.gov" on the "From" line. The message appears, with spelling and grammatical errors, as follows:

Subject line: "FDIC notification"

Message body:

"Dear customer,
Your account ACH and WIRE transaction have been temporarily suspended for security reasons due to the expiration of your security version. To download and install the newest installations read the document(pdf) attached below.

As soon as it is setup, you transaction abilities will be fully restored.

Best Regards, Online Security departament, Federal Deposit Insurance Corporation."

The e-mails contain an attachment "FDIC_document.zip" that will likely release malicious software if opened. These e-mails and attachments are fraudulent and were not sent by the FDIC. Recipients should consider these e-mails an attempt to collect personal or confidential information, or to load malicious software onto end users' computers. Recipients should NOT open the attachment.

Financial institutions and consumers should be aware that these fraudulent e-mails may be modified over time with other subject lines, sender names, and narratives. The FDIC does not directly contact consumers, nor does the FDIC request bank customers to install software upgrades.

Information about counterfeit items, cyber-fraud incidents, and other fraudulent activity may be forwarded to the FDIC's Cyber-Fraud and Financial Crimes Section, 3501 North Fairfax Drive, CH-11034, Arlington, Virginia 22226, or transmitted electronically to alert@fdic.gov. Questions related to federal deposit insurance or consumer issues should be submitted to the FDIC using an online form that can be accessed at http://www2.fdic.gov/starsmail/index.asp.

For your reference, FDIC Special Alerts may be accessed from the FDIC's website at www.fdic.gov/news/news/SpecialAlert/2011/index.html. To learn how to automatically receive FDIC Special Alerts through e-mail, please visit www.fdic.gov/about/subscriptions/index.html.

Since February of 2011, NACHA has been the victim of unrelenting and evolving phishing attacks.  Both consumers and businesses have been receiving e-mails referencing ACH (Automatic Clearing House, a.k.a. electronic) transfers, payments or transactions by NACHA.  The e-mail contains links or attachments (also showing up as a PDF files) containing malicious code that will infect your computer.   

These attacks are occurring more frequently and showing increased complexity. Even though the contents of these e-mails vary, more recent examples include a counterfeit NACHA logo and the citation of NACHA’s physical mailing address and phone number.  Perpetrators may also be exploiting email addresses recently stolen from the Epsilon breach. 

Customers should be informed that NACHA does not process, nor touch ACH transactions that flow in between organizations and financial institutions.  NACHA also does not send communications directly to individuals or organizations about ACH transactions that they originate or receive. 

If you receive an email like this, do NOT access the link or attachments provided within it and do not under any circumstances provide any personal information through this media.  NACHA is attempting to identify the source of the e-mails and disrupt the transmission.  Please help them out by reporting any similar e-mail attempts to abuse@nacha.org.

E-mails fraudulently claiming to be from the Federal Deposit Insurance Corporation (FDIC) are attempting to get recipients to click on a link, which may ask them to provide sensitive personal information. These e-mails falsely indicate that FDIC deposit insurance is suspended until the requested customer information is provided.

The fraudulent e-mail informs the recipient that “in cooperation with the Department of Homeland Security, federal, state and local governments…” the FDIC has withdrawn deposit insurance from the recipient’s account “due to account activity that violates the Patriot Act.” It further states that deposit insurance will remain suspended until identity and account information can be verified using a system called “IDVerify.” If consumers go to the link provided in the e-mail, it is suspected they will be asked for personal or confidential information, or malicious software may be loaded onto the recipient’s computer.

If you receive this email do NOT access the link provided within the body of the e-mail and do not under any circumstances provide any personal information through this media. The FDIC is attempting to identify the source of the e-mails and disrupt the transmission. Help them out by reporting any similar attempts to obtain this information by sending information to alert@fdic.gov.

Read the full alert from the FDIC.

The Internet Crime Complaint Center (IC3) continues to receive reports of letters and emails being distributed pursuant to prize sweepstakes or lottery schemes. These schemes use counterfeit checks that bear legitimate-looking logos of various financial institutions to fool victim into sending money to the fraudsters.

Fraudsters tell victims they won a sweepstakes or lottery, but to receive a lump sum payout, they must pay the taxes and processing fees upfront. Fraudsters direct individuals to call a telephone number to initiate a letter of instructions. The letter alleges that the victim may elect to take an advance on the winnings to make the required upfront payment. The letter includes a check in the amount of the alleged taxes and fees, along with processing instructions. Ultimately, victims believe they are using the advance to make the required upfront payment, but in reality they are falling prey to the scheme.

The victim deposits the check into their own bank, which credits the account for the amount of the check before the check clears. The victim immediately withdraws the money and wires it to the fraudsters. Afterwards, the check proves to be counterfeit and the bank pulls the respective funds from the victim's account, leaving the victim liable for the amount of the counterfeit check plus any additional fees the bank
may charge.

Persons may fall victim to this scheme due to the allure of easy money and the apparent legitimacy of the check the fraudsters include in the letter of instruction. The alleged cash prizes and locations of the financial institutions vary.

Tips to avoid being scammed:
- A federal statute prohibits mailing lottery tickets, advertisements, or payments to purchase tickets in a foreign lottery.
- Be leery if you do not remember entering a lottery or sweepstakes.
- Beware of lotteries or sweepstakes that charge a fee prior to delivering your prize.
- Be wary of demands to send additional money as a requirement to be eligible for future winnings.

If you have been a victim of this type of scam or any other cyber crime, you can report it to the IC3 at: www.IC3.gov. The IC3 complaint database links complaints for potential referral to law enforcement for case consideration. Complaint information is also used to identify emerging trends and patterns to alert the public to new criminal schemes.