Thursday, April 16, 2015

Facts About Internet Scams

Both businesses and individuals must be aware of online scams.


New Internet scams are always cropping up online. Many people have heard of online scams from foreign countries offering promises of monies or lottery winnings, yet some people unfortunately fall victim to less obvious online scams. There are new Internet scams and advanced criminal activity in regard to old scams as well. Here are some of the most recent facts about Internet scams, as reported by the Internet Crime Complaint Center's (IC3) Scam Alerts. The IC3 is a partnership between the Federal Bureau of Investigation (FBI) and the National White Collar Crime Center (NW3C).


Social Network Misspelling Scam


The IC3 discovered misspellings in 2010 of a social networking site used as a social engineering ploy. The misspelling occurred in the domain name of the site, redirecting users to coded websites that looked similar to the genuine website. Survey questions were put on the fraudulent site, prompting users to answer the questions, in exchange for free gifts.


How the Scam Worked


There were brand name items offered and retail store gift cards. The unaware users on the fake site would click on the free gift icon, and were then redirected to other websites supposedly offering these free gifts as compensation for completing the surveys. Users were asked to provide their name, address, phone numbers and email address.


Fake Online Receipt Generator


A new scam is targeting unsuspecting online marketplace sellers. The scam involves generating fake receipts, using an executable file called "Receipt Generator." This file has circulated on hacking forums, and primarily targets sellers at online marketplace websites.


Hard to Detect


The program was hard for sellers to detect as fraudulent, because it appeared to generate genuine marketplace receipts, with a copy of a printable order summary similar to documents that result from legitimate marketplace purchases. Sellers would print out the receipts without checking details, and provide their business information.


Malicious Code In Government Email


A malware compaign targeted government employees, because the malware was disguised as a holiday greeting from the White House. The recipient of the malware received an email with links to what appeared to be a holiday greeting card, but was in fact an information-stealing Trojan virus with a file labeled "card.exe."


How the Trojan Spread


The Trojan would disable the recipient's computer security notifications, firewall settings and future software updates for these settings. The malware installed into the computer's registry, which enabled the code to be executed during every computer reboot. This Trojan had a low detection rate of about 20%. Only nine antivirus companies out of 43 reported detection of the Trojan.