Complaints filed with Internet Crime Complaint Center (IC3) from 2017 show online scammers are asking victims to pay fraudulent fees using music application gift cards as part of multiple fraud schemes. These schemes include auction frauds, employment/opportunity scams, grandparent scams, loan frauds, romance scams, ransomware, tax frauds, and various other online schemes.
In this scam involving music application gift cards, the perpetrator directs the victim to a specific retailer to obtain music application gift cards of varying amounts. Once the victim has purchased the gift cards, the perpetrator directs the victim to reveal the numbers on the back of the cards and provide them to the perpetrator via telephone, email, text, or a designated website. Once the perpetrator obtains the music application gift card data, the perpetrator either continues to request additional funds through more gift card purchases or ceases all communication with the victim.
The financial impact to victims can range from hundreds to thousands of dollars. IC3 victim complaint data from January through June 2017 involving music application gift cards indicate that these scams have impacted hundreds of victims with reported losses exceeding $6 million.
This scam is also associated with other fraud scams involving victims having won a prize, needing to pay a tax debt, having qualified for a loan, or that a friend or relative is in trouble and needs a payment via music application or other prepaid gift card to assist.
GENERAL ONLINE PROTECTION TIPS
- Recognize the attempt to perpetrate a scam and cease all communication with the perpetrator.
- Research the subject’s contact information online (e.g., email address, phone number); other individuals have likely posted about the scam online.
- Resist the pressure to act quickly. The perpetrator creates a sense of urgency to produce fear and lure the victim into immediate action.
- Never give unknown or unverified persons any personally identifiable information (PII).
- Ensure all computer antivirus and security software and malware protection are up to date.
- If you receive a pop-up or locked screen, shut down the affected device immediately.
- Should a perpetrator gain access to a device or an account, take precautions to protect your identity. Immediately contact your financial institution(s) to place protection on your account(s), and monitor your account(s) and personal information for suspicious activity.
- Always use antivirus software and a firewall. It is important to obtain and use antivirus software and firewalls from reputable companies. It is also important to maintain both of these through automatic update settings.
- Enable pop-up blockers. Pop-ups are regularly used by perpetrators of online scams to spread malicious software. To avoid accidental clicks on or within the pop-up, it is best to try to prevent them in the first place.
- Be skeptical. Do not click on any emails or attachments you do not recognize, and avoid suspicious websites.
- If you receive a pop-up or message alerting you to an infection, immediately disconnect from the Internet to avoid any additional infections or data loss. Alert your local FBI field office and file a complaint at www.ic3.gov.
FILING A COMPLAINT
Individuals who believe they may be a victim of an online scam (regardless of dollar amount) can file a complaint with the IC3 at www.ic3.gov.
In reporting online scams, be as descriptive as possible in the complaint by including:
- Name of the subject and company.
- Email addresses and phone numbers used by the subject.
- Web sites used by the subject company.
- Account names and numbers, and financial institutions that received any funds (e.g., wire transfers, prepaid card payments).
- Description of interaction with the subject.
Complainants are also encouraged to keep original documentation, emails, faxes, and logs of all communications. To view previously released PSAs and scam alerts, visit the IC3 Press Room at www.ic3.gov/media/default.aspx.
A very common cause for device issues is the lack of antivirus software or antivirus software that is outdated (i.e. threat signatures out-of-date). This sometimes overlooked layer of protection can have heavy consequences for the user and is an easy way for a machine to become compromised.
A virus as we outlined in previous tips can do a number of things to a device such as make it run slowly, prevent the device from booting up properly, steal personal information, etc. For this reason is is prudent to have up-to-date antivirus software on all your devices.
An antivirus software’s main objective is to defend against these threats while also seeking out and removing any threats to your system. This can only be truly effective with regular virus definition updates and periodic scans.
Again, Fordham IT offers free antivirus software protection.
There are ways in which some users manipulate their devices to accept unsigned or unlicensed apps on to their devices in order to circumvent some barriers. Taking these measures to install unfiltered apps is very dangerous. Installing pirated apps carries a heavy security risk.
The intention of the app “hackers” in many cases could be to inject malicious code that could compromise your mobile device. Many users save information on their mobile devices such as email passwords, banking information, contacts, Wi-Fi Passwords, etc.
By trying to circumvent the system in place that screens apps, you could be putting your personal information in danger.
Viruses are small software programs that perform malicious actions and are designed to systematically spread from one device to another. These programs can perform malicious tasks that include deleting data, replicating itself by spreading through emails to your contacts, etc.
Viruses are often received through email attachments from untrusted sources. It is essential that users do not open attachments from other users unless you know who it is from and are expecting an attachment.
To protect yourself from viruses it is important to keep your device up-to-date as well as downloading the latest antivirus definitions.
Things you can to to protect yourself from devices include:
- Use a pop-up blocker
- Don’t open email’s or attachments from untrusted sources.
- Use an anti-malware app
- Keep your operating system updated
Phishing is the act of attempting to deceive a user into divulging personal or confidential information such as login credentials, credit card information, etc., to gain access to resources that enable them to steal your identity.
Phishing scams usually come in the form of email messages and false websites. Cyber criminals use social engineering to learn about their targets and then use that information to try and gather your personal information.
Below is an example of a phishing campaign scam.
Things to look for to identify that you may be targeted include:
- Spelling and bad grammar: Phishing emails are commonly plagued with spelling and grammatical errors.
- Links in emails: Links in emails may appear as though they are taking you to a legitimate website however they can be disguised. Hover over (DO NOT CLICK) links and see if you are being re-routed to some other page.
- Threats: Some emails contain threats to include legal action, time sensitive materials, etc. These are designed to convince you to make a hasty decision and click a malicious link or open a unsafe attachment.
- Spoofing a legitimate website or company: Some emails will appear to come from a legitimate company. However that is far from the case. Again, attackers will try to make everything appear to be legitimate but things such as suspicious URL’s (pages with names not associated with the website or company), or outdated information can be tell-tale signs something is not right.
If you believe you are being targeted by a phishing campaign or have received a phishing email, please contact IT Customer Care at (718) 817-3999 or HelpIT@fordham.edu.
Ransomware is a form of malware that prevents or limits a user’s access to their files or devices . The malware encrypts a user’s information and locks it using a secure private key. The attackers then force victims to pay a ransom, usually in the form of bitcoins, before they can get access back.
Ransomware is a huge threat but there are ways to protect yourself.
- Perform regular backups.
- Keep antivirus protection up to date. Get free Antivirus software from Fordham here.
- Do not click on suspicious links or open suspicious attachments.
For more information see our in-depth research on ransomware here.
Malware is a name given to a malicious piece of software or code that is designed to compromise and disrupt the integrity and operation of your device and the privacy of your personal information and saved data. Worms, viruses, spyware and ransomware are common forms of malware.
Malware can infect your device through a variety of means that include being embedded in a malicious piece of software waiting to be executed, or passed through the network via a malicious link.
Once a malicious program has infected a device, its main task is to conceal itself by hiding itself from the user and from antivirus software. From there it will attempt to open backdoors to allow access to your device in the future.
The best way to protect yourself from these threats is to install antivirus software on your device. Keep your anti-virus definitions up to date to ensure complete coverage. Also check for operating system and software updates to ensure that you have no exploitable vulnerabilities on your device.
File sharing settings on your computer can be dangerous if not implemented properly. Lax settings can allow malicious actors to transfer hostile files and applications to you without your knowledge. These malicious files can install malware on your machines or open up backdoors and avenues for malicious actors to further compromise your device.
Examine your file sharing settings to ensure that you are properly protected on untrusted networks. Requiring a password or restricting access completely are simple ways to prevent unwanted files from infecting your device.
Some establishments offer free Wi-Fi access after accepting their terms of service policies. You should always familiarize yourself with what you are agreeing to when connecting to these unsecured networks.
Beware of public Wi-Fi access point that require you to download software before you can gain access to the internet. It is a common practice to bundle malicious software and distribute it to unsuspecting users to gain access to their devices.
For access to Fordham’s Wi-Fi, Windows users are required to run a Java-based compliance scan that will ensure their computers meet Fordham IT security policy requirements. This requires enabled installations of the following:
- Windows automatic updates
- Up-to-date antivirus software
When these requirements are met, users will have full access to the University’s public network.
Application permissions on your mobile devices grant an application access to certain information or functions of your phone. When you install an application you are usually greeted with a pop up listing all the permissions the application requests access to. Such permissions include the ability to access your device’s storage and place phone calls. While many simply click through to get the application up and running, it is important to consider what the application is requesting access to and if it is entirely necessary.
If an application is requesting permissions that do not fit the functions of the application (i.e. “find accounts on this device” and “modify your contacts, read your contacts” for an application that only changes your background photo) consider denying the permission to the application. Be cognizant of the applications you download to your device and ensure it is doing only what you intend it to do.
The same principle applies to privacy policies. Though many choose to gloss over them, it is prudent to see how certain information is used, especially in regards to social media sites and applications that require permissions to your information. Make sure you are comfortable with what that information will be used for and how the information is stored.