FBI Warns of Three Online Scams: Sex, Taxes and a Desktop Hijack

scam alertsMaking a list of federal scam alerts this week is a fraudulent dating site; a phishing email that claims your federal tax payment has been rejected; and a bogus virus-removal service that allows criminals to hijack your computer.

The alerts by the IC3, a partnership between the FBI and the National White Collar Crime Center (NW3C), reflect recent cyber-crime trends and new takes on existing online scams.

We've summarized the three new threats below, and have substituted "http" with "hxxp" to prevent readers from visiting these malicious sites and inadvertently falling prey to any of these scams:1. Romance Scammers Claim IC3 Affiliation

So-called romance scams typically involve con artists who win the trust of lonely hearts via dating sites, then try to swindle them. These scams often involve fraudsters claiming to be out of the country on business and in desperate need of funds, begging victims to wire them money for hotels, airfare or legal fees.

Recent complaints to the IC3 involve romance scammers operating via a dating site; they even claim the involvement of law enforcement agencies in order to convince skeptical victims of their legitimacy. One complaint cites a scammer posing as an "investigator" who is assigned to the case and who claims that he is using his private email because the IC3 database is down for maintenance.

Other complaints about the dating site come from those who report difficulty canceling their "3-day free membership," and who then allegedly had the memberships automatically renewed. The complainants said that the website renewed their membership and charged $59 to their credit card, despite attempts to cancel. Others told the IC3 that the site refuses to answer calls, emails or voice-mail messages. Those who did manage to contact the site said that requests for refunds were refused.

2. Phishing Email Claims 'Your Federal Tax Payment Was Rejected'

The IC3 has received more than 150 complaints about phishing e-mails purportedly sent by the Electronic Federal Tax Payment System (EFTPS) claiming that the recipient's payment was rejected.

Although different versions of this spam email have been reported, many were titled "LAST NOTICE: Your Federal Tax Payment has been rejected." The emails themselves claimed: "The problem is that system doesn't process your company ID on holidays and we moved your tax payment batch to a waiting list."

Recipients of the bogus email are instructed to click on a provided link to obtain more details about their company's status and tax payment batch file. Since some complainants use the electronic system to pay their estimated quarterly taxes, the email appeared legitimate.

Other related emails claim, "the identification number used in the Company Identification Field is not valid." Recipients are then directed to visit hxxp://eftps.gov/r21 and "check the information and refer to Code R21 to get details about your company payment in transaction contacts section."

Another recent IC3 complaint reports a similar phishing email with the subject "Your Federal Tax Payment Notice," and which contains an enclosed attachment. Like the others, it claims that "the identification number used in the Company Identification Field is not valid." To lure the recipient into opening the attachment, the email says, "check the attached information and refer to Code R21 to get details about your company payment in transaction contacts section."

3. Fake Virus Removal Scam Takes Control of Victims' Computers

Consumers also have complained to the IC3 about a telephone scam involving a caller who claims to be a tech support employee of a well-known company that develops, manufactures and supports software.

Victims reported calls from someone with an Indian accent who claims that their computers are infected with viruses. The caller then warns victims that they are inadvertently transmitting viruses to others via the Internet, and instructs them to visit one of the following websites: hxxp://www.irssupport.net, hxxp://www.go4support.org, hxxp://www.teche4pc.com, and hxxp://www.ammyy.com.

When the victims visit one of the bogus websites, they're told to click on "live support" or "live connect" for help removing the non-existent viruses. Victims who visit hxxp://www.ammyy.com are instructed to download a program that gives the caller control of the victim's computer.

Victims then watch as the caller remotely explores personal files, pointing out files that were supposedly infected. Some victims say the caller copied their files and stole personal information. In some cases, the phony tech-support employee tries to sell the victims software.

Although the IC3 didn't name the company, Microsoft users have been victims of similar scams in the past.
Read Full Story