Category Archives: Scam

Alert: Online Scammers Require Payment Via Music Application Gift Cards

Via: IC3

Source: https://www.ic3.gov/media/2017/170801.aspx

“Wire Transfer” Scam Email Sent to the Fordham Community on July 5, 2017

This is a Scam email that has been reported. This message was
received on or about July 5, 2017. Please DO NOT respond to this message or anything that looks like it. You may disregard and delete this message. If you have any questions about the validity of this email please contact IT Customer Care at 718-817-3999 or via email: helpit@fordham.edu.
———————-———-——Begin Message ——–——————————

From: <CustomerService@interaudibank.com>
Date: July 5, 2017 at 10:51:32 AM EDT
To: <user@fordham.edu>
Subject:Wire Transfer

A wire request has been sent to Interaudi Bank on 07/05/17 at 08:13:59 AM to transfer 10000.00 to your account.
The confirmation ID for this request is ******.
Please do not respond to this confirmation. This is an unmonitored mailbox, and replies to this email cannot be read or responded to.

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

The information contained in this message is privileged and confidential and protected from disclosure.

If the reader of this message is not the intended recipient, or an employee or agent responsible for

delivering this message to the intended recipient, you are hereby notified that any dissemination,

distribution or copying of this communication is strictly prohibited.

If you have received this communication in error, please notify us immediately by replying to the message and deleting it from your computer.

Thank you.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

———————-———-——End of Message ——-———-———————

Alert: Easter Holiday Phishing Scams and Malware Campaigns

Via: US CERT

“Original release date: April 11, 2017

As the Easter holiday approaches, US-CERT reminds users to stay aware of holiday scams and cyber campaigns, which may include:

  • unsolicited shipping notifications that may actually be scams by attackers to solicit personal information (phishing scams),
  • electronic greeting cards that may contain malicious software (malware),
  • requests for charitable contributions that may be phishing scams or solicitations from sources that are not real charities, and
  • false advertisements for holiday accommodations or timeshares.

US-CERT encourages users and administrators to use caution when reviewing unsolicited messages. Suggested preventive measures to protect against phishing scams and malware campaigns include:

  • Do not click web links in untrusted email messages.
  • Refer to the Shopping Safely Online Tip.
  • Use caution when opening email attachments. Check out the Using Caution with Email Attachments Tip for more information on safely handling email attachments.
  • Review the Federal Trade Commission’s page on Charity Scams. Use the links there to verify a charity’s authenticity before you donate.
  • Read the Avoiding Social Engineering and Phishing Attacks Tip.
  • Refer to the Holiday Traveling with Personal Internet-Enabled Devices Tip for more information on protecting personal mobile devices.”

Source: https://www.us-cert.gov/ncas/current-activity/2017/04/11/Easter-Holiday-Phishing-Scams-and-Malware-Campaigns

Scam Campaign Targeting University Communities

Please be advised that there are scam campaigns targeting University communities. We have received reports of phone calls claiming to be Apple, reporting suspicious activity on accounts and requesting to call them back.

This is not a legitimate call, if you receive it and have any concerns about your account please contact Apple directly and not the number given in this message.

Unfortunately, this is not the only campaign masquerading as Apple support so please be diligent and avoid giving any personally identifiable information over the phone or through email.

Please remember that Fordham IT will NEVER ask you for your username and password or ask you to click any links to validate or verify your account or password. If you receive questionable or suspicious communications, contact IT Customer Care and allow the University Information Security Office (UISO) to validate the legitimacy of these communication attempts.

“Help…………………..Paul Williams” Scam Email Sent to the Fordham Community on March 30, 2017

This is a Scam email that has been reported. This message was
received on or about March 30th, 2017. Please DO NOT respond to this message or anything that looks like it. You may disregard and delete this message. If you have any questions about the validity of this email please contact IT Customer Care at 718-817-3999 or via email: helpit@fordham.edu.
————————————Begin Message ————————————
From: “Paul Williams” <Pppandpw@aol.com>
Date: Mar 30, 2017 10:14 AM
Subject: Help…………………..Paul Williams
To: <user @ fordham.edu>

Good Morning,
I thought i could reach out to you to help me out, I made a quick trip out of the country for a conference, unfortunately i had my bag stolen from me with my phone on my way back to my hotel room. I need your urgent help before my return flight.I will forever be grateful if you can help me.
Paul Williams

————————————End of Message ————————————

Article: How to protect yourself while online shopping for the holidays

A recent article from Mashable provides researched geared towards protecting yourself online while shopping for the holidays:

—Begin—

With many retailers offering internet-only promotions to go along with their in-store doorbusters, more Americans than ever seem to be choosing to stay home to take advantage of the best deals of the season.

Research from Visa projects an 18 percent increase in online holiday spending this year, which follows 16 percent growth over the 2015 season from the year before. That uptick in 2015 resulted in about $11 billion of online sales over the five-day Thanksgiving weekend period (Thanksgiving Day through Cyber Monday). That’s why it’s essential that shoppers protect themselves and their personal information more than ever in 2016. Especially since “25 percent of all security breaches [are] taking place in the retail sector,” said Experts Exchange COO Gene Richardson in a statement to Mashable.

As a former head of the data security teams of IBM, Charles Schwab and Motorola, Richardson has extensive experience advising companies and consumers alike on how to avoid fraud and protect their identities online.

With that in mind, he’s assembled a set of helpful online shopping safety tips:

1. Ensure that the website address is secure and has a valid encryption certificate. It will usually display a “locked, green” indicator in front of the website name. If it doesn’t have that, it does not have a higher level of security that has been guaranteed by a known entity like Verisign, Symantec and others.

2. Ensure your system has the most recent recommended system and security patches.

3. Always use a credit card that is not tied directly to your personal bank account(s), even if you are using PayPal, Bitcoin or some other payment method.

4. Never give anything other than name, address and phone number. You should not need to answer security or privacy questions when making a purchase or checking out. If they ask, see if you can checkout as a “guest” instead.

5. Monitor your credit through a third party for identify theft and have SMS and email alerts sent to you immediately.

6. Set-up alerts with your credit card company that send both SMS and emails when any purchases are made and the credit card was not scanned (meaning, it wasn’t in someone’s hand when the charge was made). Set them as low as $25 per purchase. Also, set-up alerts for total purchases over $500 in a billing period to protect multiple $24.99 purchases. And if possible, a maximum amount of purchases allowed in a billing period such as $1500 before card will get declined.

7. Ensure that you have a reputable Antivirus program running on your computer and that your browser has an Ad blocking plug-in.

8. Ensure that the network your computer/device is on is secure and you know who has access to your network. This is usually done with your router. You want to lock down your router so that traffic can be initiated from the inside-out but you do not want traffic to be initiated from the outside-in. If you are using a WiFi connection, make sure that network is also secure and requires a password to join. If it is a public WiFi network that doesn’t require a password, then the traffic coming from your device can be monitored and stolen.

9. Any passwords that you use should be strong, hard to guess ones. Or, even better, hard to guess, but easy to remember.

10. Don’t click on unfamiliar links to sites advertising sales, coupons, etc.

11. Use two-factor authentication/verification, if it is offered.

Mobile Concerns

To stay safe while shopping on your phone or tablet, be sure to follow these tips, according to RiskIQ:

1. Only download apps from official app marketplaces like Google Play or Apple’s App Store.

2. Be wary of applications that ask for suspicious permissions, like access to contacts, text messages, administrative features, stored passwords, or credit card info.

3. Check out the background of an app before downloading. Research the developer and be cognizant of the spelling of brand names.

4. Make sure to take a deep look at each app. New developers, or developers that leverage free email services (e.g., @gmail) for their developer contact, can be enormous red flags — threat actors often use these services to produce mass amounts of malicious apps in a short period. Also, poor grammar in the description highlights the haste of development and the lack of marketing professionalism that are hallmarks of mobile malware campaigns.

Common Sense

Just like any other time of the year, a deal found online over Thanksgiving weekend that seems too good to be true might be just that.

In addition to Richardson’s first tip about web page encryption certificates, always check website addresses after following links on Twitter, Facebook or even Google to be sure you haven’t been redirected. Legitimate retailers will almost always be determined by the “S” in HTTPS at retail sites.

Finally, keep your personal and financial information close at hand. Never provide anything until you’ve done your homework on a site or app, and even then never input anything until you’ve selected your purchase and are checking out.

With a measured approach to online shopping, you can dodge the in-store lines and the security risks this holiday season.

—End—
Source: http://mashable.com/2016/11/21/online-shopping-safety-black-friday-cyber-monday/#6OHl_1zRaqql

Article: Random text? Wait, wait, don’t click that!

“Here’s a tip that’s worth repeating:

Don’t click on a link in a text message you get on your phone that says you’ve won a terrific prize or a gift card, or that asks you to click on a link. Don’t reply either. It’s probably a scam.

The Federal Trade Commission settled charges with a group of marketers that were part of a scheme that sent millions of unsolicited spam text messages promoting supposedly free merchandise like $1,000 gift cards for Wal-Mart and Best Buy.

People who clicked the links in the messages didn’t get the promised prizes. Instead, they were taken to websites that asked them to give personal information and sign up for multiple offers, often involving purchases or paid subscriptions.

What can you do about unwanted text messages?

  • Delete unwanted text messages that ask you to enter a special code, or to confirm or provide personal information. Legitimate companies won’t send you a text asking for sensitive information.
  • Don’t click on links in the text message. Links can take you to spoof sites that look real but will steal your personal information.
  • Report spam texts to your carrier. Copy the original message and forward it to 7726 (SPAM) free of charge, if you are an AT&T, T-Mobile, Verizon, or Sprint subscriber.”

Though scams involving free gift cards and merchandise are common there are also other types of scams prevalent via text messages. Below is an example of  a scam text message.

textscam

Source: https://www.consumer.ftc.gov/blog/random-text-wait-wait-dont-click

Alert: Potential Hurricane Matthew Phishing Scams

logo

US-CERT warns users to remain vigilant for malicious cyber activity seeking to capitalize on interest in Hurricane Matthew. Users are advised to exercise caution in handling any email with subject line, attachments, or hyperlinks related to Hurricane Matthew, even if it appears to originate from a trusted source. Fraudulent emails will often contain links or attachments that direct users to phishing or malware-infected websites. Emails requesting donations from deceptive charitable organizations commonly appear after major natural disasters.

US-CERT encourages users and administrators to use caution when encountering these types of email messages and take the following preventative measures to protect themselves from phishing scams and malware campaigns:

  • Do not follow unsolicited web links in email messages.
  • Use caution when opening email attachments. Refer to the Security Tip Using Caution with Email Attachments for more information on safely handling email attachments.
  • Keep antivirus and other computer software up-to-date.
  • Refer to the Security Tip Avoiding Social Engineering and Phishing Attacks for more information on social engineering attacks.
  • Review the Federal Trade Commission information on Charity Scams.
  • Verify the legitimacy of any email solicitation by contacting the organization directly through a trusted contact number. You can find trusted contact information for many charities on the BBB National Charity Report Index.

Source: https://www.us-cert.gov/ncas/current-activity/2016/10/11/Potential-Hurricane-Matthew-Phishing-Scams

FUND ADMINISTRATION ORDER CAP 000623 CODED – Scam Email Sent to the Fordham Community on 8/4/2016

This is Scam email that has been reported. This message was
received on or about August 4th, 2015. Please DO NOT respond to this
message or anything that looks like it. You may disregard and delete
this message. If you have any questions about the validity of this email
please contact IT Customer Care at 718-817-3999 or via email:
helpit@fordham.edu.

——————–Begin Message ——————————

From: EUMONETAY GROUPUK <drjohnikolo234@gmail.com>
Sent: Thursday, August 4, 2016 11:16 AM
Reply To: eumonetary2010groupuk@gmail.com
Subject: FUND ADMINISTRATION ORDER CAP 000623 CODED

OFFICE OF THE DIRECTOR-GENERAL
UNITED NATIONS OFFICE AT GENEVA
Palais des Nations
AVENUE DE LA PAIX 8 – 14
1211 Geneva 10
SWITZERLAND

RE: FUND ADMINISTRATION ORDER CAP 000623 CODED

I am Michael Møller, Director-General, United Nations office at Geneva
in charge of economic and financial matters. I have been mandated by
United Nations Department on International Fund delivery to confirm if
you have received your assigned compensation award of $ 2,500,000.00
among those paid in the first quarter payment schedule between 1st of January to 31st March 2016?

If you have not received your payment, then forward the Following
details: Full Names, Contact Address, Your Private Telephone / Mobile
Numbers and Valid Means of Identification and Your Current Receiving
Banking Details to Sir Moses Lambert payment coordinator European
Union Monetary Group. United Kingdom his contact information below:-

NAME: SIR MOSES LAMBERT
EMAIL:eumonetary2010groupuk@gmail.com
TEL: +447418469393

Warm Regards,
Michael Møller
Director-General
United Nations Office At Geneva.
Tel: +41225181581

——————–End Message ——————————

Security Awareness: Student IRS Tax Scam Alert

The Internal Revenue Service last week issued a warning to taxpayers about bogus phone calls from IRS impersonators demanding payment for a non-existent tax, the “Federal Student Tax.”

Examples of the varied tactics seen this year are:

  • Demanding immediate tax payment for taxes owed on an iTunes gift card
  • Soliciting W-2 information from payroll and human resources professionals (IR-2016-34
  • “Verifying” tax return information over the phone (IR-2016-40
  • Pretending to be from the tax preparation industry (IR-2016-28

The IRS urges taxpayers to stay vigilant against these calls and to know the telltale signs of a scam demanding payment.

The IRS Will Never:

  • Call to demand immediate payment over the phone, nor will the agency call about taxes owed without first having mailed you a bill.
  • Threaten to immediately bring in local police or other law-enforcement groups to have you arrested for not paying.
  • Demand that you pay taxes without giving you the opportunity to question or appeal the amount they say you owe.
  • Require you to use a specific payment method for your taxes, such as a prepaid debit card.
  • Ask for credit or debit card numbers over the phone.

For more information please see the below link for details and guidance.

https://www.irs.gov/uac/newsroom/irs-warns-of-latest-scam-variation-involving-bogus-federal-student-tax