FBI Warns of Phony Government Emails and Osama bin Laden Videos
Alerts by the IC3, a partnership between the FBI and the National White Collar Crime Center (NW3C), reflect recent cyber-crime trends and new takes on existing scams. Other recent alerts have included warnings about a reshipping scam and virus-laden Osama Bin Laden spam.Here's a summary of the latest threats:
Phishing Emails from the Treasury Department
Scammers regularly try to fool consumers into responding to their emails by giving them an air of legitimacy, such as purporting to be from an official government agency. Recent complaints to the IC3 include emails claiming to be sent by the U.S. Treasury Department's Financial Crimes Enforcement Network.
Victims reported receiving phony Treasury Department emails saying their funds -- which were stolen and diverted to a foreign account registered in their name -- have been recovered.
The email advises recipients to cease all financial transactions, particularly ones overseas, and respond to the email immediately to facilitate the return of their "lost funds." The e-mail also claims the U.S. government is making arrangements to ensure all beneficiaries receive their funds.
The email is signed by James H. Freis, deputy director of the Financial Crimes Enforcement Network. Although the fraudsters got the name mostly right (it should be James H. Freis Jr.) Freis is actually the network's director.
The phishing emails also ask recipients to provide personally identifiable information that could be used to commit identity theft.
The Treasury Department posted a scam alert on their website, reminding the public that it never sends unsolicited requests and never requests personal or financial information from members of the public via e-mail. The Treasury Department also advises consumers to ignore, report and then delete the email.
Breaking News Scams
When major news stories break, fraudsters are quick to exploit the event to entice unsuspecting consumers into opening their emails.
IC3 has been monitoring its complaint database for scams related to the recent death of Osama bin Laden and recently issued an alert related to emails claiming to containing pictures and videos of his recent assassination.
Another Osama bin Laden-related scam involves cross-site scripting (XSS) -- a kind of computer security vulnerability usually found in various web applications -- that allows an attacker to activate code on a website from a victim's browser.
Recently, users of Facebook and other social networking sites have fallen victim to "self infecting" XSS attacks in which they're induced to attack their own computers by following directions to view the latest Osama bin Laden snuff video.
Before users are allowed to view the phony video, they're asked to complete a "5 second security check." A few keyboard shortcuts allow unsuspecting users to cut and paste malicious code directly into their browser's URL, infecting their computers and automatically posting the scam on the Facebook pages of their "friends."