SpamScams.net http://www.spamscams.net Ultimate Spam Email Archive : Shedding light on email spam, scams, Internet crimes and phishing schemes Tue, 26 Jul 2016 16:15:04 +0000 en-US hourly 1 Oleg Dmitry Financial Adviser to Vladimir Yevtushenkov Scam http://www.spamscams.net/spam-email/oleg-dmitry-financial-adviser-vladimir-yevtushenkov-scam/ http://www.spamscams.net/spam-email/oleg-dmitry-financial-adviser-vladimir-yevtushenkov-scam/#respond Thu, 21 Jul 2016 16:10:37 +0000 http://www.spamscams.net/?p=1764 Oleg Dmitry Financial Adviser to Vladimir Yevtushenkov Scam

Mr. Oleg Dmitry, financial adviser to Vladimir Yevtushenkov, accused of money-laundering and placed under house arrest by a Moscow court, wants you to invest his client's money for him.

SpamScams.net

]]>
Oleg Dmitry Financial Adviser to Vladimir Yevtushenkov Scam

Mr.Oleg Dmitry
Jul 21
Dear Friend.

I understand that through Internet is not the best way to link up with you because of the confidentiality which my proposal demands and Due to Crisis we have in Russia after annexation of Crimea and the sanctions that followed from United States European union.

I am Mr, Oleg Dmitry. I am the financial adviser to Vladimir Yevtushenkov, who is the president and principal shareholder of AFK Sistema, who was accused of money-laundering and placed under house arrest by a Moscow court. Coincidentally, if you can invest for my client who is presently watched by Russian Government just because he is an opposition to the dictator Russian president PUTIN, and this can lead to the seizure of his company and Business Empire and this is why, my client is seeking your expertise in investing over US$450 Million Dollars cash discretely in diverse project.I have one concern/if I can trust you with this top secret to invest this money for my client,if you believe in democracy and a free world where people can express their heart desire without being persecuted,that means you are the right person to receive this funding from this type of investor, please indicate by return email and we can discuss on the modalities of getting this funds to you as the investor.Once I receive a message from you notifying me of your interest, the details of the transaction/the terms and condition of sharing regarding the business would then be brought to your knowledge.Please note this email address is activated for this transaction and need to contact me at (REDACTED) for more details.

Thank you.

Mr.Oleg Dmitry.

SpamScams.net

]]>
http://www.spamscams.net/spam-email/oleg-dmitry-financial-adviser-vladimir-yevtushenkov-scam/feed/ 0
Unclaimed Compensation Contract and Inheritance Fund http://www.spamscams.net/spam-email/unclaimed-compensation-contract-inheritance-fund/ http://www.spamscams.net/spam-email/unclaimed-compensation-contract-inheritance-fund/#respond Sat, 16 Jul 2016 16:01:29 +0000 http://www.spamscams.net/?p=1762 Unclaimed Compensation Contract and Inheritance Fund

$11,000,000.00 will be released to you via a custom pin based ATM Master card with a maximum withdrawal limit of $15,000 a day which is powered by Visa Card and can be used anywhere in the world where you see a Master Card Logo on the Automatic Teller Machine (ATM).

SpamScams.net

]]>
Unclaimed Compensation Contract and Inheritance Fund

MR. JAMES COMEY,
Jul 16
(FBI) FEDERAL BUREAU OF INVESTIGATION (FBI)
Counter-terrorism Division and Cyber Crime Division
Washington DC/REPUBLIC DU BENIN BRANCH COTONOU,

Attention: Dear Beneficiary,

RE-NOTIFICATION ABOUT YOUR UNCLAIMED COMPENSATION, CONTRACT AND INHERITANCE FUND!

Records show that you are among one of the individuals and organizations who are yet to receive their overdue payment from overseas which includes those of Compensation, Contract and Inheritance Fund, Through our Fraud Monitory Unit we noticed that you have been transacting with some impostors and fraudsters who have been impersonating likes of Prof. Soludo /Mr. Lamido Sanusi of the Central Bank Of Nigeria, Mr. Patrick Aziza, Bode Williams, Mr. David Julius, Frank, Victor, Anderson, none officials of Oceanic Bank, Zenith Banks, Kelvin Young of HSBC, Ben of FedEx, Ibrahim Sule, Dr. Usman Shamsuddeen and some impostors claiming to be The Federal Bureau of Investigation.

The Cyber Crime Division of the FBI gathered information from the Internet Fraud Complaint Center (IFCC) on how some people have lost outrageous sums of money to these impostors. As a result of this, we hereby advise you to stop further communication with anyone that’s not referred to you by us. We have negotiated with the Federal Ministry of Finance that your payment totaling $11,000,000.00 (Eleven Million United States Dollars) will be released to you via a custom pin based ATM Master card with a maximum withdrawal limit of $15,000 a day which is powered by Visa Card and can be used anywhere in the world where you see a Master Card Logo on the Automatic Teller Machine (ATM).

We guarantee receipt of your payment. This is as a result of the mandate from US Government to make sure all debts owed to citizens of American, Asia and Europe which includes Inheritance, Contract, Compensation etc are been cleared. Below are few list of tracking numbers you can track from Delivery Company website to confirm people like you who have received their payment successfully.

Website FedEx.com
1)Name Howard Keighler
Tracking Number: 899328773367
Website: FedEx.com
(2) Name: Jody Miller
Tracking Number: 899571438936

To redeem your funds, you are hereby advised to contact the ATM Department Unit via email for their requirement to proceed and procure your Approval of Payment Warrant and Endorsement of your ATM Release Order on your behalf which will cost you $195.00us dollars only and nothing more as everything else has been taken care of by the Federal Government including taxes, custom paper and clearance duty so all you need to pay is $195.55us dollars only.

Note these: you are to pay the sum of $195.00us dollars (One Hundred and Ninety-Five Dollars) before your ATM Master Card can be deliver to your nominated delivery address.

Rev. Fr. David Mark (ATM Card Department Manager)
ATM Card Manager Rev. Fr. David Mark
Email: (REDACTED)

Do contact Rev. Fr. David Mark, of the ATM Department Uni with his contact details above and furnish him with your personal information as listed below:

FULL NAMES: __________________________________
DELIVERY ADDRESS FOR ATM CARD: __________________
SEX: _______________
DATE OF BIRTH: __________________
YOUR COUNTRY
OCCUPATION: __________________
TELEPHONE NUMBER: _____________________
EMAIL ADDRESS: _____________________
Scan Copy of your Identification:_____________________

Due contact him with your personal information in order to update your payment file and he will give you the instruction on how to make of $195.00 via Western Union Money Transfer for the procurement Approval of your Payment Warrant and Endorsement of your ATM Release Order, after which the delivery of your ATM Master card will be commence to your designated home address without any further delay and their will be no more extra fee.

MR. JAMES COMEY,
FEDERAL BUREAU OF INVESTIGATION
UNITED STATES DEPARTMENT OF JUSTICE
WASHINGTON, D.C. 20535
E-MAIL: (REDACTED)

WARNING: Disregard any e-mail you receive from any impostors or offices claiming to be in possession of your ATM Master card to avoid being mislead and you are hereby advice only to be communicating with Rev. Fr. David Mark. of the ATM Department Unit who is the rightful person to deal with in regards to your payment and forward any e-mails you received from any impostors to this office so we can investigate over it and so help to stop fraud and cyber crime worldwide.

SpamScams.net

]]>
http://www.spamscams.net/spam-email/unclaimed-compensation-contract-inheritance-fund/feed/ 0
Business Proposal for Mobile Development http://www.spamscams.net/spam-email/business-proposal-for-mobile-development/ Fri, 12 Feb 2016 17:01:03 +0000 http://www.spamscams.net/?p=1713 Business Proposal for Mobile Development

Hello Sir / Mam, Greetings from Infynic !!! We are Mobile Development Company. We provide complete Mobile solutions with good quality and affordable prices. We can be your service provider and we can explore more working opportunities. We work in following area : IOS App Development. Android App Development. WordPress. PHP Web Development. Iphone / […]

SpamScams.net

]]>
Business Proposal for Mobile Development

Hello Sir / Mam,

Greetings from Infynic !!!

We are Mobile Development Company. We provide complete Mobile solutions with good quality and affordable prices. We can be your service provider and we can explore more working opportunities.

We work in following area :

  • IOS App Development.
  • Android App Development.
  • WordPress.
  • PHP Web Development.
  • Iphone / Ipad App Development.
  • Android SDK Development.
  • Game Development.

How we will beneficial for you:

  • We have a good team of developers who can work for you.
  • You can cut your cost by paying us only development charges which is much less than your company.
  • We can handle any kind of Mobile related project and will stand with you on your requirement.
  • On time delivery with quality services.

Our Commitments:

  • You will be our client. We will not approach your client ever.
  • We will leave your location for our business. Any client came to us from your location will be yours.
  • We are ready to come under your contract.
  • No compromise with the services and delivery of work, we like to work transparent and like to work for long-term.
  • You can use our development center as yours to show your international presence.

How we will work for you:

  • We will assign one Account manager to you. He will be in your direct contact.
  • Will assign dedicated developer for your project under Account Manger.
  • Direct access to our CEO for any query.

Please check below few links of our past work, also check below our contact detail..

Android Links :

[ REDACTED ]

IOS Links :

[ REDACTED ]

Contact Detail :

Email id : infynic@[ REDACTED ]
Skype id : [ REDACTED ]

We will wait for your supportive & positive reply to start our business relationship.

Best Regards,

Raj.
Business Development Manager

SpamScams.net

]]>
FBI Warns of Fictitious ‘Work-from-Home’ Scam Targeting University Students http://www.spamscams.net/email-spam-news/fbi-warns-of-fictitious-work-from-home-scam-targeting-university-students/ Tue, 13 Jan 2015 17:05:40 +0000 http://www.spamscams.net/?p=1716 FBI Warns of Fictitious ‘Work-from-Home’ Scam Targeting University Students

College students across the United States have been targeted to participate in work-from-home scams. Students have been receiving e-mails to their school accounts recruiting them for payroll and/or human resource positions with fictitious companies.

SpamScams.net

]]>
FBI Warns of Fictitious ‘Work-from-Home’ Scam Targeting University Students

College students across the United States have been targeted to participate in work-from-home scams. Students have been receiving e-mails to their school accounts recruiting them for payroll and/or human resource positions with fictitious companies. The “position” simply requires the student to provide his/her bank account number to receive a deposit and then transfer a portion of the funds to another bank account. Unbeknownst to the student, the other account is involved in the scam that the student has now helped perpetrate. The funds the student receives and is directed elsewhere have been stolen by cyber criminals. Participating in the scam is a crime and could lead to the student’s bank account being closed due to fraudulent activity or federal charges.

Here’s how the scam works:

  • The student is asked to provide his/her bank account credentials under the guise of setting up direct deposit for his/her pay.
  • The scammers will add the student’s bank account to a victim employee’s direct deposit information to redirect the victim’s payroll deposit to the student’s account.
  • The student will receive the payroll deposit from the victim’s employer in the victim’s name.
  • The student will be directed to withdraw funds from the account and send a portion of the deposit, via wire transfer, to other individuals involved in the scam.

Consequences of Participating in the Scam:

  • The student’s bank account will be identified by law enforcement as being involved in the fraud.
  • The victim employee has his/her pay stolen by the scammers utilizing the student’s bank account.
  • Without the student’s participation, the scam could not be perpetrated, so he/she facilitated the theft of the paycheck.
  • The student could be arrested and prosecuted in federal court. A criminal record will stay with the student for the rest of his/her life and will have to be divulged on future job applications, which could prevent the student from being hired.
  • The student’s bank account may be closed due to fraudulent activity and a report could be filed by the bank.
  • This could adversely affect the student’s credit record.

Tips on how to Protect Yourself from this Scam:

  • If a job offer sounds too good to be true, it probably is.
  • Never accept a job that requires the depositing of funds into your account and wiring them to different accounts.
  • Look for poor use of the English language in e-mails such as incorrect grammar, capitalization, and tenses. Many of the scammers who send these messages are not native English speakers.
  • Never provide credentials of any kind such as bank account information, login names, passwords, or any other identifying information in response to a recruitment e-mail.
  • Forward these e-mails to the university’s IT personnel and tell your friends to be on the lookout for the scam.
  • This could adversely affect the student’s credit record.

If you have been a victim of this scam, you may file a complaint with the FBI’s Internet Crime Complaint Center at www.IC3.gov. Please reference this PSA number in your complaint.

The IC3 produced a PSA in May 2014 titled “Cyber-related Scams Targeting Universities, Employees, and Students,” which mentioned this scam. The PSA can be viewed at http://www.ic3.gov/media/2014/140505.aspx.

SpamScams.net

]]>
IC3 Scam Alerts for June 2014 http://www.spamscams.net/email-spam-news/ic3-scam-alerts-june-2014/ Thu, 03 Jul 2014 19:38:10 +0000 http://www.spamscams.net/?p=1616 IC3 Scam Alerts for June 2014

This report, which is based upon information from law enforcement and complaints submitted to the IC3, details recent cyber crime trends and new twists to previously-existing cyber scams. Business E-mail Compromise For more than a year, the IC3 has been receiving complaints from businesses that were contacted fraudulently via legitimate suppliers’ e-mail accounts. Recipients were […]

SpamScams.net

]]>
IC3 Scam Alerts for June 2014

This report, which is based upon information from law enforcement and complaints submitted to the IC3, details recent cyber crime trends and new twists to previously-existing cyber scams.

Business E-mail Compromise

For more than a year, the IC3 has been receiving complaints from businesses that were contacted fraudulently via legitimate suppliers’ e-mail accounts. Recipients were asked to change the wire transfer payment of invoices. Businesses became aware of the scheme after the legitimate supplier delivered the merchandise and requested payment. This scam has been referred to as the “man-in-the-email scam.” However, it was recently renamed the “business e-mail compromise.”

A twist to this scam that is being reported pertains to the spoofed business e-mail accounts requesting unauthorized wire transfers. In the scheme, a business partner, usually chief technology officers, chief financial officers, or comptrollers, receives an e-mail via their business accounts purportedly from a vendor requesting a wire transfer to a designated bank account. The e-mails are spoofed by adding, removing, or subtly changing characters in the e-mail address that make it difficult to identify the perpetrator’s e-mail address from the legitimate address. The scheme is usually not detected until the company’s internal fraud detections alert victims to the request or company executives talk to each other to verify the transfer was made. The average dollar loss per victim is approximately $55,000. However, the IC3 has received complaints reporting losses that exceed $800,000.

Recently, the IC3 began receiving related complaints from companies that were alerted by their suppliers about spoofed e-mails received using the company’s name to request quotes and/or orders for supplies and goods. These spoofed e-mails were sent to multiple suppliers at the same time. In some cases, the e-mails could be linked by Internet Protocol (IP) address to the original business e-mail compromise scams. Because this latest twist is relatively new, the dollar loss has not been significant. Also, victim companies have a greater chance of discovering the scheme because the e-mails go to multiple suppliers that often follow-up with the company.

Based on analysis of the complaints, the scam appears to be Nigerian-based. Complaints filed contain little information about the perpetrators. However, subject information that was provided has linked to names, telephone numbers, IP addresses and bank accounts reported in previous complaints, which were tied over the years to traditional Nigerian scams.

Some commonalities found among the complaints include:

  • Victims are generally from the United States, England and Canada, although there have been complaints from other countries such as Belgium.
  • Victim businesses often trade internationally, usually through China.
  • Victim businesses that conduct high-dollar wire transfers, so requests for larger monetary amounts are not uncommon.
  • Most, but not all, victims receive the fraudulent e-mail request through AOL, Gmail, or Hotmail addresses. A few companies have reported scammers were able to access the company’s internal server.
  • Transactions were traced by the victim’s fraud department to mainly banks in China or Hong Kong. However, transactions with banks in South Africa, Turkey and Japan were also reported.

Increase In Fraudulent Tax Filings

IC3 complaints reporting the fraudulent filing of victims’ income taxes have doubled from 2013 to 2014. Complainants report their information was somehow compromised and used to file their taxes.

Some complainants reported that before filing their 2013 taxes, they were notified by the Internal Revenue Service (IRS) that they were being audited or under review. Others reported receiving a rejection notice from the IRS when they attempted to electronically file their taxes. They were told that someone else had already used their Social Security Number to file. These victims had to mail their tax returns into the IRS and file an identity theft report.

Some of the victims reported their information was also used to open several credit cards and lines of credit.

SpamScams.net

]]>
Judiciary of England and Wales Victim Compensation Scam http://www.spamscams.net/identity-theft/judiciary-england-wales-victim-compensation-scam/ Mon, 02 Jun 2014 14:41:34 +0000 http://www.spamscams.net/?p=1610 Judiciary of England and Wales Victim Compensation Scam

New identity theft scam via email claiming compensation from Judiciary of England and Wales.

SpamScams.net

]]>
Judiciary of England and Wales Victim Compensation Scam

The Judiciary of England and Wales,
Royal Courts of Justice,
11th floor, Thomas More Building,
Strand, London WC2A 2LL

Dear Sir/Madam,

Compliments of the day.

We hope this email would find you in the best of health and spirits.

You are reading an e-mail from JUDICIARY OF ENGLAND AND WALES, UNITED KINGDOM. On a daily basis, the Judicial Office coordinates and transmits requests for investigative and humanitarian assistance. The preponderance of economic and financial crimes like Advance Fee Fraud, Money Laundering and Terrorist activities all over the world, etc has had severe negative consequences all over the world, including decreased Foreign Direct Investments and tainting of world’s national image.

The menace of these crimes and the recognition of the magnitude and gravity of the situation led to the signing of Memorandum of Understanding on Friday 21st March, 2014 between British Government, United States Government, United Nations, Australian Government, Canada Government and Nigeria Government at the United Nations Headquarters located at New York City, USA. It was agreed that to retain the good image of Nigeria and the rest of Africa countries, all the scam victims who lost his/her hard earn money to these faceless thieves will be compensated with just US$250,000.00 (Two hundred and fifty thousands United Stated Dollars only) to avoid sanctioning Nigeria and some Africa Countries.

To that effect, we are sending you this e-mail because your contact details were given to us as one of the victims. You will receive your compensation payment through ATM SMART CARD which is the simplest way to transfer huge amount of money to avoid transfer charges or any further delay.

I WANT YOU TO READ BELOW CAREFULLY, THE NOTICE BELOW STAND AS CAUTION BEFORE IT IS TOO LATE.

MR. CHARLES WILLIAM ROME presented an Authorization Letter for change of your data that you are dead one month ago. After the investigations however,it was revealed that there are some dubius Banks and Government Officials in Nigeria and the rest of Africa countries who are collaborating with some Foreigners to make these changes illegally without the knowledge of the Bona-fide Benefactors and one traced to your own change is this MR. CHARLES WILLIAM ROME of United States of America, who said you are dead, He have also forwarded his Name and Address below as the new Address that will receive this money.

Name: MR. CHARLES WILLIAM ROME
Address: 139 Chelmsford DR Aurora, Ohio 44202, United States

But we wanted to confirm if actually this is true and hence decided to write to your email address which from now and there is no response from you, We will then know that you are dead indeed and the Compensation payment of US$250,000.00 will be transfer to him.

IF PROVED OTHERWISE BY YOU THAT YOU ARE NOT DEAD, PLEASE, FILL THE Claimant Form below and SEND IT TO HON. MINISTER OF FINANCE, NIGERIA (ATTENTION DR. NGOZI OKONJO-IWEALA) IMMEDIATELY. SHE IS THE PROCESSING AND PAYING OFFICER.

CLAIMANT FORM:-
1. YOUR FULL NAME
2. GENDER:
3. HOUSE OR OFFICE ADDRESS (P. O. Box not accepted)
4. YOUR PHONE NUMBER(S)
5. COUNTRY:

NAME: ATTN: DR. NGOZI OKONJO-IWEALA
E-mail: [ REDACTED ]

Immediately you send the above required information to DR. NGOZI OKONJO-IWEALA, she will proceed with the Processing/Releasing of your ATM SMART CARD to you within 2-3 working days based on our agreement.

PLEASE NOTE: YOU WILL NOT PAY ANY MONEY TO RECEIVE YOUR ATM SMART CARD. (YOU SHOULD NOT PAY ANY MONEY FOR ANY REASON(S) WHATSOEVER). We have signed a contract with CHRONOPOST INTERNATIONAL COURIER for the delivery of all the ATM SMART CARD which should expired December 31st, 2014.

IMPORTANT: UNDER PENALTY OF LAW, THE INFORMATION YOU SUBMITTED TO DR. NGOZI OKONJO-IWEALA CORRECTLY IDENTIFY YOU AS THE RECIPIENT OF THIS PAYMENT; NO OTHER LIVING PERSON OR ENTITY IS ENTITLED TO ANY PART OF THIS PAYMENT; IT IS A VIOLATION OF LAW FOR ANY PERSON TO INTENTIONALLY OR KNOWINGLY FILLING FOR DOUBLE CLAIMING OR AID ANOTHER PERSON IN CLAIMING THE SAME FUND, BY MEANS OF FRAUD OR DECEIT. BE WARNED

We await your urgent reply.

Yours faithfully,

The Lord John Thomas of Cwmgiedd,
Lord Chief Justice of England and Wales

SpamScams.net

]]>
Telephone Scam Alleging A Relative is in Financial or Legal Crisis http://www.spamscams.net/fraud-alert/telephone-scam-relative-in-financial-or-legal-crisis/ Wed, 09 Apr 2014 16:38:30 +0000 http://www.spamscams.net/?p=1604 Telephone Scam Alleging A Relative is in Financial or Legal Crisis

IC3 continues to receive reports of telephone scams involving calls that claim their "relative" is in a legal or financial crisis.

SpamScams.net

]]>
Telephone Scam Alleging A Relative is in Financial or Legal Crisis

The Internet Crime Complaint Center continues to receive reports of telephone scams involving calls that claim their “relative” is in a legal or financial crisis. These complaints are sometimes referred to as the “Grandparent Scam.” Scammers use scenarios that include claims of a relative being arrested or in a car accident in another country. Scammers often pose as the relative, create a sense of urgency and make a desperate plea for money to victims. It is not unusual for scammers to beg victims not to tell other family members about the situation.

The scammers also impersonate third parties, such as an attorney, law enforcement officer, or some other type of official, such as a U.S. Embassy representative. Once potential victims appear to believe the caller’s story, they are provided instructions to wire money to an individual, often referred to as a bail bondsman, for their relative to be released.

Some complainants have reported the callers claimed to be from countries including, but not limited to: Canada, Mexico, Haiti, Guatemala, and Peru.

Callers often disguise themselves by using telephone numbers generated by free applications or by spoofing their numbers.

If you receive this type of call:

  • Resist the pressure to act quickly.
  • Verify the information before sending any money by attempting to contact your relative to determine whether or not the call is legitimate.
  • Never wire money based on a request made over the phone or in an e-mail, especially to an overseas location. Wiring money is like giving cash—once you send it, you cannot get it back.

Individuals who have fallen victim to this type of scam are encouraged to file a complaint with the Internet Crime Complaint Center, http://www.ic3.gov.

SpamScams.net

]]>
Treasury Inspector General Warns of “Largest Ever” Phone Fraud Scam Targeting Taxpayers http://www.spamscams.net/fraud-alert/phone-fraud-scam-targeting-taxpayers/ Thu, 20 Mar 2014 14:59:39 +0000 http://www.spamscams.net/?p=1598 Treasury Inspector General Warns of “Largest Ever” Phone Fraud Scam Targeting Taxpayers

The Treasury Inspector General for Taxpayer Administration (TIGTA) today issued a warning to taxpayers to beware of phone calls from individuals claiming to represent the Internal Revenue Service (IRS) in an effort to defraud them.

SpamScams.net

]]>
Treasury Inspector General Warns of “Largest Ever” Phone Fraud Scam Targeting Taxpayers

WASHINGTON — The Treasury Inspector General for Taxpayer Administration (TIGTA) today issued a warning to taxpayers to beware of phone calls from individuals claiming to represent the Internal Revenue Service (IRS) in an effort to defraud them.

“This is the largest scam of its kind that we have ever seen,” said J. Russell George, the Treasury Inspector General for Tax Administration. George noted that TIGTA has received reports of over 20,000 contacts and has become aware of thousands of victims who have collectively paid over $1 million as a result of the scam, in which individuals make unsolicited calls to taxpayers fraudulently claiming to be IRS officials.

“The increasing number of people receiving these unsolicited calls from individuals who fraudulently claim to represent the IRS is alarming,” he said. “At all times, and particularly during the tax filing season, we want to make sure that innocent taxpayers are alert to this scam so they are not harmed by these criminals,” George said, adding, “Do not become a victim.”

Inspector General George urged taxpayers to heed warnings about the sophisticated phone scam targeting taxpayers, noting that the scam has hit taxpayers in nearly every State in the country. Callers claiming to be from the IRS tell intended victims they owe taxes and must pay using a pre-paid debit card or wire transfer. The scammers threaten those who refuse to pay with arrest, deportation or loss of a business or driver’s license.

The truth is the IRS usually first contacts people by mail — not by phone — about unpaid taxes. And the IRS won’t ask for payment using a pre-paid debit card or wire transfer. The IRS also won’t ask for a credit card number over the phone.

“If someone unexpectedly calls claiming to be from the IRS and uses threatening language if you don’t pay immediately, that is a sign that it really isn’t the IRS calling,” he said.

The callers who commit this fraud often:

  • Use common names and fake IRS badge numbers.
  • Know the last four digits of the victim’s Social Security Number.
  • Make caller ID information appear as if the IRS is calling.
  • Send bogus IRS e-mails to support their scam.
  • Call a second time claiming to be the police or department of motor vehicles, and the caller ID again supports their claim.

If you get a call from someone claiming to be with the IRS asking for a payment, here’s what to do:

  • If you owe Federal taxes, or think you might owe taxes, hang up and call the IRS at 800-829-1040. IRS workers can help you with your payment questions.
  • If you don’t owe taxes, call and report the incident to TIGTA at 800-366-4484.
  • You can also file a complaint with the Federal Trade Commission at www.FTC.gov. Add “IRS Telephone Scam” to the comments in your complaint.

TIGTA and the IRS encourage taxpayers to be alert for phone and e-mail scams that use the IRS name. The IRS will never request personal or financial information by e-mail, texting or any social media. You should forward scam e-mails to phishing@irs.gov. Don’t open any attachments or click on any links in those e-mails.

Taxpayers should be aware that there are other unrelated scams (such as a lottery sweepstakes winner) and solicitations (such as debt relief) that fraudulently claim to be from the IRS.

Read more about tax scams on the genuine IRS website at www.irs.gov.

SpamScams.net

]]>
US Cell Phones Targeted by International Revenue Share Fraud http://www.spamscams.net/fraud-alert/us-cell-phones-targeted-by-irsf-fraud/ Fri, 14 Feb 2014 05:52:06 +0000 http://www.spamscams.net/?p=1593 US Cell Phones Targeted by International Revenue Share Fraud

If you receive a "ring once" call from a number you do not recognize, DO NOT return the call.

SpamScams.net

]]>
US Cell Phones Targeted by International Revenue Share Fraud

Callback Scheme Used In International Revenue Share Fraud.

Telephone companies in the United States are seeing missed calls used to enable International Revenue Share Fraud (IRSF).

Fraudsters are using call generators with automated spoofing capabilities to place calls to a large volume of US cell phone numbers. The calls typically ring once. The number displayed on the recipient’s caller ID is a high cost international number, usually located in the Caribbean. The recipient calls the number back and is greeted with a message designed to keep them on the line, such as “Hello, you have reached the operator, please hold.” The longer the caller stays on the line, the more revenue fraudsters generate.

Recipients do not realize they are calling an international number and that they will be billed for an international call. Businesses are also victims because recipients often use their work telephone to make the return call.

Telephone companies in the United States are charged when a return call is made because they are required to pay a fee to transfer calls to foreign countries. The payment is then shared with the fraudster who spoofed the calls. This is referred to as IRSF.

Area codes used in the spoofed numbers are from Anguilla, Antigua, Barbados, British Virgin Islands, the Commonwealth of Dominica, Grenada, Montserrat, and the Turks and Caicos Islands. These countries’ numbers are part of the North American Numbering Plan and do not require 011 to be dialed as with other international calls.

[sws_yellow_box box_size=”600″]Recipients should not answer calls from numbers they do not recognize or initiate a return call. [/sws_yellow_box]

Recipients will not be charged for receiving the calls, however.

Companies that do not conduct business with companies in the above-mentioned countries may want to consider blocking these area codes to avoid this type of charge.

SpamScams.net

]]>
7 Scams Retirees Fall For http://www.spamscams.net/fraud-alert/7-scams-retirees-fall/ Wed, 15 Jan 2014 16:39:36 +0000 http://www.spamscams.net/?p=1568 7 Scams Retirees Fall For

A recent MetLife survey estimated that $2.6 billion is lost each year in financial scams aimed at seniors and retirees

SpamScams.net

]]>
7 Scams Retirees Fall For

A MetLife survey estimated that seniors older than 60 have lost nearly $3 billion a year to financial abuse. And surprisingly, much of this abuse is not from strangers.

“They are often friends and families and neighbors,” says senior fraud expert and independent consultant Marion Somers. “There are a lot of bad guys out there,” she says.

Here’s a list of the 7 scams. Get all the details here.

1. Advanced fee (and lottery) scam.
2. Grandparent scam.
3. Cash fraud.
4. Computer scams.
5. Time-share scam.
6. Homeowner scam.
7. Medical scam.

SpamScams.net

]]>
Victims of The Tech Support Scam Are Defrauded A Second Time http://www.spamscams.net/fraud-alert/tech-support-scam-victims-defrauded-second-time/ Mon, 25 Nov 2013 23:40:42 +0000 http://www.spamscams.net/?p=1572 Victims of The Tech Support Scam Are Defrauded A Second Time

IC3 has produced Scam Alerts advising the public of an ongoing telephone scam in which callers purport to be an employee of a major software company

SpamScams.net

]]>
Victims of The Tech Support Scam Are Defrauded A Second Time

The IC3 has produced Scam Alerts advising the public of an ongoing telephone scam in which callers purport to be an employee of a major software company. The callers have very strong accents, most referred to as “Indian.” The callers report the users’ computers are sending error messages and a virus has been detected. The victims are convinced to allow the caller remote access to their computer. As the victims’ computers are searched, the caller points out infected files. The victims are advised that the virus can be removed for a fee and are asked to provide their credit card information. Whether the users pay for the removal of the virus or not, many reported difficulties with their computers afterwards.

The subjects of this scheme have devised yet another avenue to further defraud victims. Fraudsters are now calling those who had recently purchased software and offering them a refund within three to four months of the purchase. The callers are still described as having “a strong Indian accent.” In some cases, the victims were asked if they were satisfied with the service they received. When the response was negative the caller offered a refund. Other victims were told the company was going out of business and therefore the victim was due a refund. Some were advised they needed to complete a form, at which time the caller asked for remote access to assist in the completion of the form. The caller said the fastest method for a refund was to use the card from the original purchase and wire the money. At this point, the caller helped the victims open an account via a wire transfer company to receive their refund. The victims later discovered funds were taken from their accounts and wired to India..

SpamScams.net

]]>
Justice Department Officials Raise Awareness of Disaster Fraud Hotline Following Typhoon Haiyan http://www.spamscams.net/fraud-alert/justice-department-officials-raise-awareness-disaster-fraud-hotline-following-typhoon-haiyan/ Thu, 14 Nov 2013 15:25:26 +0000 http://www.spamscams.net/?p=1560 Justice Department Officials Raise Awareness of Disaster Fraud Hotline Following Typhoon Haiyan

The Department of Justice, the FBI, and the National Center for Disaster Fraud (NCDF) remind the public there is a potential for disaster fraud in the aftermath of a natural disaster

SpamScams.net

]]>
Justice Department Officials Raise Awareness of Disaster Fraud Hotline Following Typhoon Haiyan

Department of Justice

Washington — The Department of Justice, the FBI and the National Center for Disaster Fraud (NCDF) remind the public there is a potential for disaster fraud in the aftermath of a natural disaster. Suspected fraudulent activity pertaining to relief efforts associated with the recent series of tornadoes in the Midwest and South should be reported to the NCDF hotline at 866-720-5721. The hotline is staffed by a live operator 24 hours a day, seven days a week, for the purpose of reporting suspected scams being perpetrated by criminals in the aftermath of disasters.

NCDF was originally established in 2005 by the Department of Justice to investigate, prosecute and deter fraud associated with federal disaster relief programs following Hurricanes Katrina, Rita and Wilma. Its mission has expanded to include suspected fraud related to any natural or man-made disaster. More than 20 federal agencies – including the Justice Department’s Criminal Division, U.S. Attorney’s Offices, Department of Homeland Security Office of Inspector General, FBI, U.S. Postal Inspection Service and the U.S. Secret Service – participate in the NCDF, allowing the center to act as a centralized clearinghouse of information related to disaster relief fraud.

In the wake of natural disasters, many individuals feel moved to contribute to victim assistance programs and organizations across the country. The Department of Justice and the FBI remind the public to apply a critical eye and do due diligence before giving to anyone soliciting donations on behalf of hurricane victims. Solicitations can originate as emails, websites, door-to-door collections, mailings, telephone calls and similar methods.

Before making a donation of any kind, consumers should adhere to certain guidelines, including the following:

  • Do not respond to any unsolicited (spam) incoming emails, including by clicking links contained within those messages, because they may contain computer viruses.
  • Be cautious of individuals representing themselves as victims or officials asking for donations via email or social networking sites.
  • Beware of organizations with copycat names similar to but not exactly the same as those of reputable charities.
  • Rather than following a purported link to a website, verify the existence and legitimacy of non-profit organizations by using Internet-based resources.
  • Be cautious of emails that claim to show pictures of the disaster areas in attached files, because those files may contain viruses. Only open attachments from known senders.
  • To ensure that contributions are received and used for intended purposes, make donations directly to known organizations rather than relying on others to make the donation on your behalf.
  • Do not be pressured into making contributions; reputable charities do not use coercive tactics.
  • Do not give your personal or financial information to anyone who solicits contributions. Providing such information may compromise your identity and make you vulnerable to identity theft.
  • Avoid cash donations if possible. Pay by debit or credit card, or write a check directly to the charity. Do not make checks payable to individuals.
  • Legitimate charities do not normally solicit donations via money transfer services.
  • Most legitimate charities maintain websites ending in .org rather than .com.

In addition to raising public awareness, the NCDF is the intake center for all disaster relief fraud. Therefore, if you observe that someone has submitted a fraudulent claim for disaster relief, or observe any other suspected fraudulent activities pertaining to the receipt of government funds as part of disaster relief or clean up, please contact the NCDF.

If you believe that you have been a victim of fraud by a person or organization soliciting relief funds on behalf of hurricane victims, or if you discover fraudulent disaster relief claims submitted by a person or organization, contact the NCDF by phone at (866) 720-5721, fax at (225) 334-4707 or email at disaster@leo.gov.

You can also report suspicious e-mail solicitations or fraudulent websites to the FBI’s Internet Crime Complaint Center at www.ic3.gov.

SpamScams.net

]]>
Warning: CryptoLocker Ransomeware Encrypting Computer Files http://www.spamscams.net/fraud-alert/warning-cryptolocker-ransomeware-encrypting-computer-files/ Tue, 29 Oct 2013 00:46:44 +0000 http://www.spamscams.net/?p=1556 Warning: CryptoLocker Ransomeware Encrypting Computer Files

Businesses are receiving email with alleged customer complaints containing malware downloader that encrypts computer files and requires a private key (ransome) to decrypt.

SpamScams.net

]]>
Warning: CryptoLocker Ransomeware Encrypting Computer Files

The FBI is aware of a file encrypting Ransomware known as CryptoLocker. Businesses are receiving email with alleged customer complaints containing an attachment that when opened, appears as a window and is in fact a malware downloader. This downloader than downloads and installs the actual CryptoLocker malware.

The verbiage in the window states that important files have been encrypted using a unique public key generated for the computer. To decrypt the files you need to obtain the private key. A copy of the private key is located on a remote server that will destroy the key after the specified time shown in the window. The attackers demand a ransom of $300.00 to be paid in order to decrypt the files.

CryptoLocker Screen IMage

*Unfortunately, once the encryption of the files is complete, decryption is not feasible. To obtain the file specific Advanced Encryption Standard (AES) key to decrypt a file, you need the private RSA key (an algorithm for public key cryptography) corresponding to the RSA public key generated for the victim’s system by the command and control server. However, this key never leaves the command and control server, putting it out of reach of everyone except the attacker. The recommended solution is to scrub your hard drive and restore encrypted files from a backup.

As with any virus or malware, the way to avoid it is with safe browsing and email habits. Specifically, in this case, be wary of email from senders you don’t know and never open or download an attachment unless you’re sure you know what it is and that it’s safe. Be especially wary of unexpected email from postal/package services and dispute notifications.

If you have been a victim of an internet scam, please file a complaint at www.ic3.gov.

SpamScams.net

]]>
Spam E-Mails Continuing to Capitalize on FBI Officials’ Names http://www.spamscams.net/fraud-alert/spam-e-mails-capitalize-on-fbi-officials-names/ Wed, 25 Sep 2013 14:00:08 +0000 http://www.spamscams.net/?p=1549 Spam E-Mails Continuing to Capitalize on FBI Officials’ Names

FBI continues to receive reports of spam e-mails that use FBI officials' names

SpamScams.net

]]>
Spam E-Mails Continuing to Capitalize on FBI Officials’ Names

The FBI continues to receive reports of spam e-mails that use FBI officials’ names and titles in online fraud schemes. Although there are different variations of these schemes, recipients are typically notified they have received a large sum of money. The latest round of e-mails uses the name of new FBI Director James B. Comey.

Some of the e-mails reported to the Internet Crime Complaint Center continue to use the alleged “Anti Terrorist & Monetary Crimes Division” of the FBI. All e-mails encourage the recipient to send money for various reasons.

Do not respond. These e-mails are a hoax.

Neither government agencies nor government officials send unsolicited e-mail to members of the public. United States government agencies use the legal process to contact individuals.

The public should not respond to any unsolicited e-mails or click on embedded links in these messages because they may contain viruses or malicious software.

If you have received a message that purports to be from the FBI, disregard its instructions and file a complaint at www.IC3.gov.

SpamScams.net

]]>
Beta Bot malware blocks users anti-virus programs http://www.spamscams.net/virus-alerts/beta-bot-malware-blocks-users-anti-virus-programs/ Wed, 18 Sep 2013 14:00:29 +0000 http://www.spamscams.net/?p=1552 Beta Bot malware blocks users anti-virus programs

Cyber criminals use Beta Bot to target financial institutions, e-commerce sites, online payment platforms, and social networking sites

SpamScams.net

]]>
Beta Bot malware blocks users anti-virus programs

The FBI is aware of a new type of malware known as Beta Bot. Cyber criminals use Beta Bot to target financial institutions, e-commerce sites, online payment platforms, and social networking sites to steal sensitive data such as log-in credentials and financial information. Beta Bot blocks computer users’ access to security websites and disables anti-virus programs, leaving computers vulnerable to compromise.

Beta Bot infection vectors include an illegitimate but official looking Microsoft Windows message box named “User Account Control” that requests a user’s permission to allow the “Windows Command Processor” to modify the user’s computer settings. If the user complies with the request, the hackers are able to exfiltrate data from the computer. Beta Bot is also spread via USB thumb drives or online via Skype, where it redirects the user to compromised websites.

Windows Command Process message box

Figure 1, Beta Bot “Windows Command Process” message box

Although Beta Box masquerades as the “User Account Control” message box, it is also able to perform modifications to a user’s computer. If the above pop-up message or a similar prompt appears on your computer and you did not request it or are not making modifications to your system’s configuration, do not authorize “Windows Command Processor” to make any changes.

Remediation strategies for Beta Bot infection include running a full system scan with up-to-date anti-virus software on the infected computer. If Beta Bot blocks access to security sites, download the latest anti-virus updates or a whole new anti-virus program onto an uninfected computer, save it to a USB drive and load and run it on the infected computer. It is advisable to subsequently re-format the USB drive to remove any traces of the malware.

SpamScams.net

]]>
Darkleech Says Hello http://www.spamscams.net/virus-alerts/darkleech-says-hello/ Sun, 15 Sep 2013 00:08:23 +0000 http://www.spamscams.net/?p=1588 Darkleech Says Hello

FireEye notified that a fireeye[.]com/careers HR link was inadvertently serving up a drive-by download exploit.

SpamScams.net

]]>
Darkleech Says Hello

Fireye.com posted the following on September 14, 2013:

There’s never a dull day at FireEye — even on the weekends. At approximately 7:29 AM PDT today, we were notified by several security researchers that a fireeye[.]com/careers HR link was inadvertently serving up a drive-by download exploit. Our internal security, IT operations team, and third-party partners quickly researched and discovered that the malicious code was not hosted directly on any FireEye web infrastructure, but rather, it was hosted on a third-party advertiser (aka “malvertisement”) that was linked via one of our third-party web services. The team then responded and immediately removed links to the malicious code in conjunction with our partners in order to protect our website users. More information on this third-party compromise (of video.js) can be found at hxxps://twitter.com/heff.

Technical Details
The full redirect looked like this:

hxxp://www[.]fireeye[.]com/careers/
(redirect to) -> hxxp://xxx[.]xxxxxxxx[.]com/career/
CareerHome.action?clientId=8aa00506326e915601326f65b82e1fcb
(calls) -> hxxp://vjs[.]zencdn[.]net/c/video.js (VULNERABLE JAVASCRIPT)
(calls) -> hxxp://cdn[.]adsbarscipt[.]com/links/jump/ (MALVERTISEMENT)
(calls) -> hxxp://209[.]239[.]127[.]185/591918d6c2e8ce3f53ed8b93fb0735cd
/face-book.php (EXPLOIT URL)
(drops) -> MD5: 01771c3500a5b1543f4fb43945337c7d
(Update_flash_player.exe)

So what was this, anyway?

It turns out, this attack was not targeted and it was not a watering hole attack. Instead, this campaign appears to be a recent wave of the Darkleech malware campaign, where third-party Horde/IMP Plesk Webmail servers were vulnerable to attack and used to serve up Java exploits that ultimately drop yet another ransomware named Reveton (similar to Urausy) – yet other AV engines report it as a Zeus Bot (Zbot) variant.

Do FireEye products detect this attack?

Yes, the initial infection vector, payload, and corresponding Reveton callbacks were fully detected across all FireEye products prior to this incident being reported to us. In fact, this particular Reveton sample has been reported by approximately 49 of our worldwide customers, so far. Further intelligence about this threat is listed below:

  • DTI Statistics for MD5: 01771c3500a5b1543f4fb43945337c7d
  • MD5 first seen by our customers: 2013-09-14 07:12:40 UTC
  • Number of unique worldwide FireEye Web MPS detections: 188+
  • Number of unique FireEye Web MPS customers reported/alerted on this sample: 49+
  • Number of industries affected: 12+

Attack victims by business sector : 56% education, 14% high-tech, 7% entertainment/media/hospitality, 6% healthcare/pharmaceuticals, 5% energy/utilities/petroleum refining, 4% government, 3% telecom, 2% services

fireeye-product-attach-chart

Lastly, FireEye acknowledges and thanks security researchers Inaki Rodriguez and Stephanus J Alex Taidri for bringing this issue to our attention.

SpamScams.net

]]>
New Varient of Android Ransomeware “Fake Defender” Surfaces http://www.spamscams.net/virus-alerts/varient-of-android-ransomeware-fake-defender-surfaces/ Sat, 14 Sep 2013 00:01:33 +0000 http://www.spamscams.net/?p=1586 New Varient of Android Ransomeware “Fake Defender” Surfaces

Researchers believe a spam campaign is spreading a new variant of mobile ransomware.

SpamScams.net

]]>
New Varient of Android Ransomeware “Fake Defender” Surfaces

SCmagazine.com posted the following on September 13, 2013:

Researchers believe a spam campaign is spreading a new variant of mobile ransomware.

Malware called “Fake Defender,” was first discovered in June, but security firm Symantec has now detected that the malware’s authors are using a different ruse to target Android users, primarily in Russia.

The malicious application, detected as fakedefender.B., is designed to look like the official application for an adult video website, a Wednesday blog post by Symantec researcher Roberto Sponchioni said. But once users install the app, messages warn them to run an antivirus scan that is supposedly Avast AV.

Once the spurious AV scan is finished, the user’s phone is locked for their “protection,” and the app asks for a ransom payment of $100 via a prepaid MoneyPak card.

SpamScams.net

]]>
Study: Medical ID Theft Victims Increasingly Report Spoofed Sites And Phishing as Cause of Fraud http://www.spamscams.net/identity-theft/study-medical-id-theft-victims-increasingly-report-spoofed-sites-phishing-cause-fraud/ Thu, 12 Sep 2013 23:56:58 +0000 http://www.spamscams.net/?p=1584 Study: Medical ID Theft Victims Increasingly Report Spoofed Sites And Phishing as Cause of Fraud

As the number of individuals impacted by medical identity theft continues to climb, so does the number of victims fooled by spurious emails and websites designed to purloin their sensitive information, a study finds.

SpamScams.net

]]>
Study: Medical ID Theft Victims Increasingly Report Spoofed Sites And Phishing as Cause of Fraud

SCmagazine.com posted the following on September 12, 2013:

As the number of individuals impacted by medical identity theft continues to climb, so does the number of victims fooled by spurious emails and websites designed to purloin their sensitive information, a study finds.

According to the “2013 Survey on Medical Identity Theft,” the number of people who’ve fallen victim to this type of fraud has increased by 19 percent since last year, accounting for more than 1.8 million victims in 2013.

More than 300,000 new medical identity theft cases cropped up during the one-year period, the study found. The survey was conducted by the Ponemon Institute and sponsored by the Medical Identity Fraud Alliance (MIFA) and data breach prevention firm ID Experts.

The study, in its fourth year, surveyed nearly 800 adults in the U.S. who self-reported that they, or their close family members, were victims of medical identity theft.

Along with the rise in medical identity fraud, experts also saw a significant uptick in dubious websites being erected by saboteurs and spam emails being sent – all with the intent of tricking individuals into giving up their medical information.

Between 2012 and 2013, the percentage of medical identity theft victims reporting spoofed websites and phishing emails as the likely cause of their troubles doubled. This year, eight percent of respondents cited the cyber schemes as the cause of their issues, while only four percent of victims reported the same in 2012.

In the report, medical identity theft was defined as a person using an individual’s name or personal identity “to fraudulently receive medical service, prescription drugs and goods, including attempts to commit fraudulent billing.”

Larry Ponemon, chairman and founder of the Ponemon Institute, told SCMagazine.com earlier this week that in this study, and in other Ponemon studies, the frequency of spear phishing targeting medical identity theft victims has gone up.

Furthermore, spear phishing, attempts to infiltrate an individual’s network or steal their data by crafting a targeted ruse they are likely to open via email, is likely under-reported among medical identity theft victims, Ponemon added.

“A lot of people aren’t even aware that they have fallen for a phishing scam because they were so sophisticated,” he said. “The ability to record it is difficult because people aren’t even aware that it’s happened to them.”

In the study, the groups also found that seven percent of medical identity theft victims believed a data breach suffered by their health care provider, insurer or related organizations, was the cause of fraud. Last year, six percent of respondents cited those reasons as the cause.

SpamScams.net

]]>
iPhone 5s Phishing Mail Arrives In Time For Launch http://www.spamscams.net/identity-theft/iphone-5s-launch-phishing-scam/ Tue, 10 Sep 2013 23:50:53 +0000 http://www.spamscams.net/?p=1578 iPhone 5s Phishing Mail Arrives In Time For Launch

While millions of mobile users are anticipating the launch of the new iPhone (5S and 5C), cybercriminals are already making their move to distribute spam that promise to give away the said devices for free, in the guise of a contest.

SpamScams.net

]]>
iPhone 5s Phishing Mail Arrives In Time For Launch

Towerwall Security posted the following on September 10, 2013:

While millions of mobile users are anticipating the launch of the new iPhone (5S and 5C), cybercriminals are already making their move to distribute spam that promise to give away the said devices for free, in the guise of a contest.

We saw samples of spammed messages that attempted to spoof an Apple Store email notification. The said message informs recipients that they won the latest iPhone 5S mobile phones and iPad.

Sample iPhone 5S phishing email

Figure 1. Fake Apple email

To get these prizes, they are asked to go to a specific website and disclose their email address and password. This will obviously result in your credentials ending up in the hands of cybercriminals.

iPhone 5S phishing email collection web form

Figure 2. Phishing page

The content of the message and the sender’s email address are obviously fake. However, its combination of perfect timing plus popular social engineering hook may cause users to fall into the spammers trap. The most important thing to know is: “if it’s too good to be true, it probably is”.

Feedback provided by the Smart Protection Network indicates that this mail is particularly effective in targeting Southeast Asian users:

Nationality breakdown of iPhone 5S phishing email responders: 57% Malaysia, 17% Singapore, 8% Germany, 6% Japan, 4% Taiwan, 8% others

Figure 3. Most affected countries

Trend Micro blocks the said email message and blocks access to the phishing site.

SpamScams.net

]]>
Banking Trojan Now Circulating Overseas Could Soon Reach U.S. http://www.spamscams.net/fraud-alert/overseas-banking-trojan-could-soon-reach-united-states/ Fri, 06 Sep 2013 23:44:18 +0000 http://www.spamscams.net/?p=1574 Banking Trojan Now Circulating Overseas Could Soon Reach U.S.

Researchers at IT security company ESET have discovered a banking trojan that is targeting users who bank online in the Czech Republic, Turkey, Portugal and, most recently, the United Kingdom.

SpamScams.net

]]>
Banking Trojan Now Circulating Overseas Could Soon Reach U.S.

SCMagazine featured the following article on September 6, 2013:

The Hesperbot trojan has been distributed via sophisticated phishing emails.

Researchers at IT security company ESET have discovered a banking trojan that is targeting users who bank online in the Czech Republic, Turkey, Portugal and, most recently, the United Kingdom.

Banking trojan now circulating overseas could soon reach U.S.

The Hesperbot trojan has been distributed via sophisticated phishing emails.

Stephen Cobb, ESET’s security evangelist, told SCMagazine.com on Friday that the campaign to infect computer and mobile devices resembles a “full court press” for online banking information, and that the end goal is to get money out of accounts.

Although the trojan — known as Hesperbot — has remained a predominately international threat, Cobb said that he believes the “sophisticated” malware is only being tested at the moment – and that “it’s a possibility this can be tested out in America.”

The trojan is predominately infecting users through what Cobb said are deceptive phishing emails. The Czech Republic email, which claims to come from the Czech Postal Service, alerts recipients that they have a parcel and provides a link to track the package.

Cobb said that those who click on the link will unknowingly begin downloading malicious code to their computer all while being distracted by a realistic looking Czech Postal Service website that pops up in their browser.

Some of the malicious modules loaded into the computer to capture banking information include web-injects, keyloggers and form-grabbers, Cobb said, adding that users are also prompted via the faux website to enter their mobile number.

Consequently, those who enter their mobile number will receive an SMS text message containing an app that, when downloaded, infects the mobile and provides the “bad guys” with a means of circumventing two-factor authentication required by many European banks, Cobb said. Android, Symbian and BlackBerry devices have been targeted.

“We’ve not yet seen any attribution indicators at this point,” said Cobb. “But we’re not looking to attribute right away – we’re looking to see what the code does to make sure we can defend against it.” He added that researchers see Hesperbot as similar, yet more sophisticated, than similar trojans such as SpyEye and Zeus.

“The big picture to me is that this is proof that banking trojans have a lot of life left in them,” Cobb said. “This is a whole new banking trojan. While it’s got a lot of features of the others, it’s not reusing code. It’s built from the ground up.”

He added that clicking links in emails is risky and advised users to visit websites via the web address bar in their web browsers. Make sure your anti-virus is active and up to date, too, he added.

SpamScams.net

]]>