This article from NetworkWorld.com highlights 9 classic but clever ways we should all be alert to.  We urge you to remind friends, family members and coworkers to not fall for these scams.

Note: links to third party sites are provided for your convenience only. Bank of Ann Arbor does not control their content.

This week, it's IT administrators that are specifically targeted with a phishing attack. The bad guys know very well that the most powerful weapons are administrator's credentials, as those really are the keys to the kingdom. So, what they are using is the instantly famous report that Mandiant wrote about the Chinese military hacking into 141 mostly U.S. businesses. An infected PDF version of the original report, titled "APT1: Exposing One of China's Cyber Espionage Units, is now being used as spear phishing bait to get IT people to open it up using two fake names: Mandiant.pdf and Mandiant_APT2_Report.pdf The infected document leverages a just-patched hole in Adobe Reader and was first spotted in Asia. Keep your eyes peeled for it hitting your own inbox. In the meantime, the actual report is fascinating reading, and you can find it here at the Mandiant website: http://intelreport.mandiant.com/.

Source: Cyberheist News,  www.knowbe4.com

Note: links to third party sites are provided for your convenience.  Bank of Ann Arbor does not control their content.

Bank of Ann Arbor is aware of a text message phishing scam that may lead you to believe your Debit/ATM card has been deactivated. Please know that we do not send unsolicited text message alerts. The most recent phishing scam is tricky in that it requests you to call a phone number to activate your card and the phone number noted has a 734 exchange leading you to believe it is local. If you believe you are a victim of this scam, in that you have called the number and entered your card information please call 1-800-528-2273 and request that your card be cancelled.

Be wary of those who come bearing gifts. The most recent credit card scam works like this:

A phone call from someone who says that he is from some outfit called: "Express Couriers" asking if someone was going to be home because there is a package, and the caller says that the delivery would arrive at your home in roughly an hour. And sure enough, about an hour later, a delivery man turns up with a beautiful basket of flowers and wine. What a surprise for you (especially if there is no special occasion or holiday), and no-one certainly expects anything like that! Intrigued you ask who the sender is. The deliveryman's reply was, he is only delivering the gift package, but allegedly a card is being sent separately; (the card never arrives). There is also an official looking ‘consignment’ note with the gift. He now goes on to explain that because the gift contains alcohol, there is a $3.50 ‘delivery charge’ as proof that he had actually delivered the package to an adult, and not just left it on the doorstep to just be stolen or taken by anyone. Sounds logical doesn’t it? You offer to pay cash but he tells you that the company requires the payment to be by credit or debit card only, so that no ‘cash’ is exchanged and everything is properly accounted for. You take out your (or your husbands) credit/debit card and the "delivery man" asks you to swipe the card on the small mobile card machine which has a small screen and keypad where you now enter the card's PIN and security number. A receipt is printed out and given to you. 

Next week you will find that money has been charged/withdrawn from your credit/debit account at various ATM machines all over the country. It appears that the "mobile credit card machine" which the deliveryman carried now has all the info necessary to create a "dummy" card with all your card details, after you have swiped the card and entered the requested PIN and security number. 

Please be aware of this most recent scam and share this information with your family, friends, and neighbors. Any suspect description or suspect vehicle information should be reported to your local police agency.

The IC3 (Internet Crime Complaint Center) continues to receive complaints reporting telephone calls from individuals claiming to be with Tech Support from a well-known software company. The callers have very strong accents and use common names such as "Adam" or "Bill." Callers report the user's computer is sending error messages, and a virus has been detected. In order to gain access to the user's computer, the caller claims that only their company can resolve the issue.

The caller convinces the user to grant them the authority to run a program to scan their operating system. Users witness the caller going through their files as the caller claims they are showing how the virus has infected their computer.

Users are told the virus could be removed for a fee and are asked for their credit card details. Those who provide the caller remote access to their computers, whether they paid for the virus to be removed or not, report difficulties with their computer afterwards; either their computers would not turn on or certain programs/files were inaccessible.

Some report taking their computers to local technicians for repair and the technicians confirmed software had been installed. However, no other details were provided.

In a new twist to this scam, it was reported that a user's computer screen turned blue, and eventually black, prior to receiving the call from Tech Support offering to fix their computer. At this time, it has not been determined if this is related to the telephone call or if the user had been experiencing prior computer problems.

Here are the most recent spear-phishing attacks that are currently making the rounds nationwide, and which pose a significant threat to your data- and financial security. Note that some of these attacks are used for years, because they continue to work on uninformed people.

Number 5
The Better Business Bureau Complaint – In this scam, executives will receive an official-looking email that is spoofed to make it appear as if it comes from the Better Business Bureau. The message either details a complaint that a customer has supposedly filed, or claims that the company has been accused of engaging in identity theft. A complaint ID number is provided, and the recipient is asked to click on a link if they wish to contest or respond to the claim. Once the link is clicked, malware is downloaded to the system.

Number 4
The Smartphone 'Security App' – This is a 2-step attack. With minimal research cybercriminals can find the name and email addresses of a company’s CFO and social engineer them to click a link. That link infects the PC of the CFO with a keylogger. This way the hacker obtains bank account data and passwords. In case the bank uses two-factor authentication, the attacker spoofs an email from the bank asking the CFO to install a smartphone security app, which is actually malware giving them access to the phone. And with that, the cybercriminals have full access to the CFO’s bank account login credentials and at the same time control any two-factor text messages sent to or from the CFO authorizing money transfers.

Number 3
The Watering Hole Attack – Hackers do their research on a targeted executive, and find out which websites the executive frequents, sometimes to discuss industry related topics with their peers, or perhaps a hobby site the hackers learned about through the exec's social media postings. Next, the bad guys compromise that website, and inject a zero-day exploit onto public pages of the website that they hope will be visited by their targeted executive. Once the exec does, their PC is infected with a keylogger and the network penetrated.

Number 2
Free Dinner in Return for Feedback – By reviewing an executive’s social media profiles, cybercriminals are able to determine what charities that individual supports or does business with, as well as his or her favorite local restaurants. The scammer will then spoof an email from a representative of that charity, asking the exec to download a Word Doc that supposedly contains details on an upcoming campaign or event, and promises free dinner at their favorite restaurant as an incentive for providing feedback. When the Word doc is downloaded the user's password is stolen – and gives hackers direct access to the network. Here is a short video of Kevin Mitnick showing how this type of exploit works. Take these two minutes, it's worth seeing: http://www.knowbe4.com/video-mitnick/

Number 1
'We're Being Sued' – In this scenario, attackers dig up the email addresses of a company’s executives and also their legal counsel (in-house or external). They will then spoof an email from the legal counsel to the executive team, and attach a PDF that claims to contain information about new or pending litigation. When the recipients download and open the attachment, their system becomes infected and the entire network is compromised.

While savvy Internet users realize they should not click links or download attachments from unknown senders, spoofed emails and official-looking websites trick recipients into letting their guard down. When executives receive a time-sensitive email that appears to be sent by the Better Business Bureau, a fellow exec, their legal counsel or an organization they support, most won’t think twice before clicking because they trust the person they believe is the sender. That’s what cybercriminals are counting on, and why they’re willing to invest the time to create realistic-looking messages from familiar sources. They’ve discovered just how effective these types of spear-phishing scams can be.

Note: links to third party sites are provided for your convenience only. Bank of Ann Arbor does not control or endorse their content.

Washington – The Department of Justice, the FBI and the National Center for Disaster Fraud (NCDF) remind the public there is a potential for disaster fraud in the aftermath of a natural disaster. Suspected fraudulent activity pertaining to relief efforts associated with the recent series of tornadoes in the Midwest and South should be reported to the NCDF hotline at 866-720-5721. The hotline is staffed by a live operator 24 hours a day, seven days a week, for the purpose of reporting suspected scams being perpetrated by criminals in the aftermath of disasters.

NCDF was originally established in 2005 by the Department of Justice to investigate, prosecute and deter fraud associated with federal disaster relief programs following Hurricanes Katrina, Rita and Wilma. Its mission has expanded to include suspected fraud related to any natural or man-made disaster. More than 20 federal agencies – including the Justice Department’s Criminal Division, U.S. Attorneys’ Offices, Department of Homeland Security, Office of Inspector General and the FBI – participate in the NCDF, allowing the center to act as a centralized clearinghouse of information related to disaster relief fraud.

In the wake of natural disasters, many individuals feel moved to contribute to victim assistance programs and organizations across the country. The Department of Justice and the FBI remind the public to apply a critical eye and do due diligence before giving to anyone soliciting donations on behalf of hurricane victims. Solicitations can originate as emails, websites, door-to-door collections, mailings, telephone calls and similar methods.

Before making a donation of any kind, consumers should adhere to certain guidelines, including the following:

• Do not respond to any unsolicited (spam) incoming emails, including by clicking links contained within those messages, because they may contain computer viruses.
• Be cautious of individuals representing themselves as victims or officials asking for donations via email or social networking sites.
• Beware of organizations with copycat names similar to but not exactly the same as those of reputable charities.
• Rather than following a purported link to a website, verify the existence and legitimacy of non-profit organizations by using Internet-based resources.
• Be cautious of emails that claim to show pictures of the disaster areas in attached files, because those files may contain viruses. Only open attachments from known senders.
• To ensure that contributions are received and used for intended purposes, make donations directly to known organizations rather than relying on others to make the donation on your behalf.
• Do not be pressured into making contributions; reputable charities do not use coercive tactics.
• Do not give your personal or financial information to anyone who solicits contributions. Providing such information may compromise your identity and make you vulnerable to identity theft.
• Avoid cash donations if possible. Pay by debit or credit card, or write a check directly to the charity. Do not make checks payable to individuals.
• Legitimate charities do not normally solicit donations via money transfer services.
• Most legitimate charities maintain websites ending in .org rather than .com.

In addition to raising public awareness, the NCDF is the intake center for all disaster relief fraud. Therefore, if you observe that someone has submitted a fraudulent claim for disaster relief, or observe any other suspected fraudulent activities pertaining to the receipt of government funds as part of disaster relief or clean up, please contact the NCDF.

If you believe that you have been a victim of fraud by a person or organization soliciting relief funds on behalf of hurricane victims, or if you discover fraudulent disaster relief claims submitted by a person or organization, contact the NCDF by phone at (866) 720-5721, fax at (225) 334-4707 or email at http://www.ic3.gov/egress.aspx?u=mailto%3adisaster%40leo.gov&h=4140F8F901080C7FDA8B1827AF951ECF5CBC7A242D8A1F59BF37755CB664DBB0.

You can also report suspicious e-mail solicitations or fraudulent websites to the FBI’s Internet Crime Complaint Center at http://www.ic3.gov/.

Links to third party sites are provided for your convenience. Bank of Ann Arbor does not endorse or control content on these sites.

The Internet Crime Complaint Center (IC3) has recently received reports regarding a scam that baits individuals into intimate online conversations and then extorting them for financial gain. The scam was initiated after the victims met someone online, such as on a dating site, and were asked to connect via a specific online social network. Shortly after, the conversations became sexual in nature. Later, victims received text messages, either containing their names, asking if it was them or containing a statement that indicated their names were posted on a particular website. The victims were provided a link to a page on the website that claimed they were a “cheater.” Photos of the victims and their telephone numbers were also posted. There was an option to view and buy the posted conversations for $9. Victims were also given the option to have their names and conversations removed for $99. Some were even told that once the payment was made, the information would be removed within an hour and the website would not allow anyone to post anything pertaining to the victims’ names again. However, reports do not indicate that the information was ever removed. 

The Internet Crime Complaint Center (IC3) has been made aware of various malware attacking Android operating systems for mobile devices. Some of the latest known versions of this type of malware are Loozfon and FinFisher. Loozfon is an information-stealing piece of malware. Criminals use different variants to lure the victims. One version is a work-at-home opportunity that promises a profitable payday just for sending out e-mail. A link within these advertisements leads to a website that is designed to push Loozfon on the user’s device. The malicious application steals contact details from the user’s address book and the infected device’s phone number.

FinFisher is a spyware capable of taking over the components of a mobile device. When installed the mobile device can be remotely controlled and monitored no matter where the Target is located. FinFisher can be easily transmitted to a smartphone when the user visits a specific web link or opens a text message masquerading as a system update.

Loozfon and FinFisher are just two examples of malware used by criminals to lure users into compromising their devices.

Safety tips to protect your mobile device:

• When purchasing a smartphone, know the features of the device, including the default settings. Turn off features of the device not needed to minimize the attack surface of the device.
• Depending on the type of phone, the operating system may have encryption available. This can be used to protect the user’s personal data in the case of loss or theft.
• With the growth of the application market for mobile devices, users should look at the reviews of the developer/company who published the application.
• Review and understand the permissions you are giving when you download applications.
• Passcode protect your mobile device. This is the first layer of physical security to protect the contents of the device. In conjunction with the passcode, enable the screen lock feature after a few minutes of inactivity.
• Obtain malware protection for your mobile device. Look for applications that specialize in antivirus or file integrity that helps protect your device from rogue applications and malware.
• Be aware of applications that enable geo-location. The application will track the user’s location anywhere. This application can be used for marketing, but can also be used by malicious actors, raising concerns of assisting a possible stalker and/or burglaries.
• Jailbreak or rooting is used to remove certain restrictions imposed by the device manufacturer or cell phone carrier. This allows the user nearly unregulated control over what programs can be installed and how the device can be used. However, this procedure often involves exploiting significant security vulnerabilities and increases the attack surface of the device. Anytime an application or service runs in “unrestricted” or “system” level within an operation system, it allows any compromise to take full control of the device.
• Do not allow your device to connect to unknown wireless networks. These networks could be rogue access points that capture information passed between your device and a legitimate server.
• If you decide to sell your device or trade it in, make sure you wipe the device (reset it to factory default) to avoid leaving personal data on the device.
• Smartphones require updates to run applications and firmware. If users neglect this, it increases the risk of having their device hacked or compromised.
• Avoid clicking on or otherwise downloading software or links from unknown sources.
• Use the same precautions on your mobile phone as you would on your computer when using the Internet.

The Financial Fraud Enforcement Task Force maintains a wide list of resources and information dedicated to helping find and report suspected cases of financial fraud. 

What is the Financial Fraud Enforcement Task Force?

President Obama established the Financial Fraud Enforcement Task Force in November 2009 to hold accountable those who helped bring about the last financial crisis as well as those who would attempt to take advantage of the efforts at economic recovery.

The task force is improving efforts across the government and with state and local partners to investigate and prosecute significant financial crimes, ensure just and effective punishment for those who perpetrate financial crimes, recover proceeds for victims and address financial discrimination in the lending and financial markets.

With more than 20 federal agencies, 94 US Attorneys Offices and state and local partners, it’s the broadest coalition of law enforcement, investigatory and regulatory agencies ever assembled to combat fraud. 

Visit www.stopfraud.gov to learn how to protect yourself and to report fraudulent activities.

(Note: link is to third party site not controlled or monitor by Bank of Ann Arbor.)