FRAUDULENT AUTOMATED CLEARING HOUSE (ACH) TRANSFERS CONNECTED TO MALWARE AND WORK-AT-HOME SCAMS
11/03/09—Within
the last several months, the FBI has seen a significant increase in
fraud involving the exploitation of valid online banking credentials
belonging to small and medium businesses, municipal governments, and
school districts. In a typical scenario, the targeted entity receives a
“spear phishing” e-mail which either contains an infected attachment,
or directs the recipient to an infected website. Once the recipient
opens the attachment or visits the website, malware is installed on
their computer. The malware contains a key logger which will harvest
the recipients business or corporate bank account log-in information.
Shortly thereafter, the perpetrator either creates another user account
with the stolen log-in information, or directly initiates funds
transfers by masquerading as the legitimate user. These transfers have
occurred as both traditional wire transfers and as ACH transfers.
Further
reporting has shown that the transfers are directed to the bank
accounts of willing or unwitting individuals within the United States.
Most of these individuals have been recruited via work-at-home
advertisements, or have been contacted after placing resumes on
well-known job search websites. These persons are often hired to
“process payments”, or “transfer funds”. They are told they will
receive wire transfers into their bank accounts. Shortly after funds
are received, they are directed to immediately forward most of the
money overseas via wire transfer services such as Western Union and
Moneygram.
Customers who use
online banking services are advised to contact their financial
institution to ensure they are employing all the appropriate security
and fraud prevention services their institution offers.
The United States Computer Emergency Readiness Team (US-CERT) has made information on banking securely online available at http://www.us-cert.gov/reading_room/Banking_Securely_Online07102006.pdf
Protecting
your computer against malicious software is an ongoing activity and, at
minimum, all computer systems need to be regularly patched, have up to
date anti-virus software, and a personal firewall installed. Further
information is available at http://www.us-cert.gov/nav/nt01/
If
you have experienced unauthorized funds transfers from your bank
accounts, or if you have been recruited via a work-at-home opportunity
to receive transfers and forward money overseas, please notify the IC3
by filing a complaint at www.ic3.gov.
For a detailed analysis of this scam please visit http://www.ic3.gov/media/2009/091103-1.aspx
SPAMMERS CONTINUE TO ABUSE THE NAMES OF TOP GOVERNMENT EXECUTIVES BY MISUSING THE NAME OF THE UNITED STATES ATTORNEY GENERAL
10/27/09—As
with previous spam attacks, which have included the names of
high-ranking FBI executives and names of various government agencies, a
new version misuses the name of the United States Attorney General,
Eric Holder.
The current
spam alleges that the Department of Homeland Security and the Federal
Bureau of Investigation were informed the e-mail recipient is allegedly
involved in money laundering and terrorist-related activities. To avoid
legal prosecution, the recipient must obtain a certificate from the
Economic Financial Crimes Commission (EFCC) Chairman at a cost of $370.
The spam provides the name of the EFCC Chairman and an e-mail address
from which the recipient can obtain the required certificate.
DO NOT RESPOND. THESE E-MAILS ARE A HOAX.
Government
agencies do not send unsolicited e-mails of this nature. The FBI,
Department of Justice, and other United States government executives
are briefed on numerous investigations, but do not personally contact
consumers regarding such matters. In addition, United States government
agencies use the legal process to contact individuals. These agencies
do not send threatening letters/e-mails to consumers demanding payments
for Internet crimes.
Consumers
should not respond to any unsolicited e-mails or click on any embedded
links associated with such e-mails, as they may contain viruses or
malware.
It is imperative
consumers guard their Personally Identifiable Information (PII).
Providing your PII will compromise your identity!
If you have been a victim of Internet crime, please file a complaint at www.IC3.gov.