The Internet Crime Complaint Center (IC3) continues to receive reports of telephone scams involving calls that claim their “relative” is in a legal or financial crisis.

These complaints are sometimes referred to as the “Grandparent Scam.” Scammers use scenarios that include claims of a relative being arrested or in a car accident in another country. Scammers often pose as the relative, create a sense of urgency and make a desperate plea for money to victims. It is not unusual for scammers to beg victims not to tell other family members about the situation.

The scammers also impersonate third parties, such as an attorney, law enforcement officer, or some other type of official, such as a U.S. Embassy representative. Once potential victims appear to believe the caller’s story, they are provided instructions to wire money to an individual, often referred to as a bail bondsman, for their relative to be released.

Some complainants have reported the callers claimed to be from countries including, but not limited to: Canada, Mexico, Haiti, Guatemala, and Peru.

Callers often disguise themselves by using telephone numbers generated by free applications or by spoofing their numbers.

If you receive this type of call:

Resist the pressure to act quickly.
Verify the information before sending any money by attempting to contact your relative to determine whether or not the call is legitimate.
Never wire money based on a request made over the phone or in an e-mail, especially to an overseas location. Wiring money is like giving cash—once you send it, you cannot get it back.
Individuals who have fallen victim to this type of scam are encouraged to file a complaint with the Internet Crime Complaint Center, http://www.ic3.gov.

The FBI Seattle Division is aware of a fraud victimizing Washington state-based businesses, nicknamed “man-in-the-e-mail” scheme for being an e-mail variation of a known “man-in-the-middle” scam.

The FBI wants the public to learn about this scam in order to avoid being victimized. In 2013, at least three area companies—in Bellevue, Tukwila, and Seattle—were led to believe they were sending money to an established supply partner in China. In reality, fraudsters intercepted legitimate e-mails between the purchasing and supply companies and then spoofed subsequent e-mails impersonating each company to the other. The fraudulent e-mails directed the purchasing companies to send payments to a new bank account because of a purported audit. The bank accounts belonged to the fraudsters, not the supply companies.

Total loss experienced by the three area companies is roughly $1.65 million. In some cases, the metadata on the spoofed e-mails indicated that they actually originated in Nigeria or South Africa.

Under this scam, both companies in a legitimate business relationship can be victimized. The supplier may first ship out the legitimately ordered products and then never receive payment (because the purchasing company was scammed into paying the scammer-controlled bank account). Or, the purchasing company may first make a payment and then never receive the ordered goods (because the supply company never receives that payment).

Here are some of the ways businesses can reduce their chance of being scammed by this man-in-the- e-mail fraud:

  • Establish other communication channels, such as telephone calls, to verify significant transactions. Arrange this second-factor authentication early in the relationship and outside the e-mail environment to avoid interception by a hacker.
  • Utilize digital signatures in e-mail accounts. Be aware that this will not work with web-based e-mail accounts, and some countries ban or limit the use of encryption.
  • Avoid free, web-based e-mail. Establish a company website domain and use it to establish company e-mail accounts in lieu of free, web-based accounts.
  • Do not use the “Reply” option to respond to any business e-mails. Instead, use the “Forward” option and either type in the correct e-mail address or select it from the e-mail address book to ensure the real e-mail address is used.
  • Delete spam: Immediately delete unsolicited e-mail (spam) from unknown parties. Do not open spam e-mail, click on links in the e-mail, or open attachments.
  • Beware of sudden changes in business practices. For example, if suddenly asked to contact a representative at their personal e-mail address when all previous official correspondence has been on a company e-mail, verify via other channels that you are still communicating with your legitimate business partner.

If you or your business has been targeted by the man-in-the-e-mail fraud, report it to the Internet Crime Complaint Center (IC3) at www.ic3.gov. The following information is helpful to report:

  • Header information from e-mail messages
  • Identifiers for the perpetrator (e.g., name, website, bank account, e-mail addresses)
  • Details on how, why, and when you believe you were defrauded
  • Actual and attempted loss amounts
  • Other relevant information you believe is necessary to support your complaint
  • Reference to the man-in-the-e-mail fraud

Filing a complaint through IC3’s website allows analysts from the FBI to identify leads and patterns from the hundreds of complaints that are received daily. The sheer volume of complaints allows that information to come into view among disparate pieces, which can lead to stronger cases and help zero-in on the major sources of criminal activity. The IC3 then refers the complaints, along with their analyses, to the relevant law enforcement agency for follow-up.

The public can learn about other common scams by visiting http://www.fbi.gov/scams-safety/frauds-from-a-to-z and learn about ways to reduce their risk of being scammed: http://www.fbi.gov/scams-safety/fraud/Internet_fraud.

The FBI is aware of a spear-phishing e-mail appearing as if it were sent from the National Center for Missing and Exploited Children. The subject of the e-mail is “Search for Missing Children,” and a zip file containing three malicious files is attached. E-mail recipients should always treat links and attachments in unsolicited or unexpected e-mail with caution.  US-CERT recommends users and administrators review the FBI Internet Crime Complaint Center’s announcement and refer to the US-CERT Security.

From FTC.gov – The Federal Trade Commission is warning small businesses that an email with a subject line “NOTIFICATION OF CONSUMER COMPLAINT” is not from the FTC. The email falsely states that a complaint has been filed with the agency against their company. The FTC advises recipients not to click on any of the links or attachments with the email. Clicking on the links may install a virus or other spyware on the computer.  The FTC’s advice: Delete the email. For more information on malicious software (malware), visitwww.OnGuardOnline.gov/malware.

Various government agencies and high ranking government officials have been the target of previous spam attacks. In their attempts to lure victims, criminals continue to explore new avenues to obtain their goal.  A new version of the spam e-mail uses the names of FBI officials along with the names of specific units within the FBI. The e-mail alerts the recipient that two “Trunk Boxes” containing a large sum of money were intercepted at an international airport. The funds are allegedly from the Office of the Ministry of Finance, Federal Government of Nigeria.The boxes contain documents bearing the recipient’s name as the owner of the funds. The fraudsters advise an additional document called the “Diplomatic Immunity Seal of Delivery” is needed to protect the recipient from violating the Patriot Act. The recipient is required to contact the fraudsters,

via email, for instructions to obtain the document. The fraudsters further inform the recipient of the consequences if they fail to comply and are told not to contact any bank in Africa, or any other institution.DO NOT RESPOND. THESE E-MAILS ARE A HOAX. Neither government agencies nor government officials send unsolicited e-mail to consumers. United States government agencies use the legal process to contact individuals. Consumers should not respond to any unsolicited e-mails or click on an embedded link associated with such e-mails, as they may contain viruses or malware.If you have been a victim of Internet crime, please file a complaint at http://www.ic3.gov/default.aspx. For previous IC3 Alerts concerning e-mail scams targeting the FBI and other government agencies visit http://www.ic3.gov/media/2009/091027.aspx.

Install all recommended software and/or hardware to protect your information. To be protected against cyber criminals, you need current anti-virus, anti-spyware, anti-malware, and firewall programs.

STOP identity

caption

  • Install reputable anti-spam software. Most reputable anti-spam software programs today are also programmed to identify known viruses, which could contain Trojan horses as well.
  • Keep all your security software and operating systems updated.
  • Verify BOTH the source AND content of each file you download! Don’t download an executable program just to “check it out.” If it’s a Trojan, the first time you run it, you’re already infected!
  • Use caution when dealing with pop-ups. This is a perfect place to plant a virus or Trojan programs.
  • Beware of hidden file extensions. Windows by default hides the last extension of a file, so that innocuous-looking picture “susie.jpg” might really be “susie.jpg.exe” – an executable Trojan! To avoid being tricked, unhide those pesky extensions. This is an option selected in Windows Explorer under Tools\Folder Options\View.
  • If you are an online multi-gamer type, do not publish your I.P. address on websites or newsgroups, unless you are very sure that you are fully protected. You would be much better off logging into others’ game servers than inviting others to log onto your game server at a precise I.P. address.
  • Backup your system!
  • Turn off your computer when not in use. If you are not connected to the Internet, you cannot be infected, hacked or hijacked.
  • Reconsider storing personal information in your computer. Transfer it to a CD and use the CD when you need the information. This is especially true of passwords, SSNs, tax and financial records.