Thursday, January 27, 2011

Search Warrants Executed - Cyber Investigation

Search Warrants Executed in the United States as Part of Ongoing Cyber Investigation

Washington, D.C.
January 27, 2011 FBI National Press Office
(202) 324-3691


FBI agents today executed more than 40 search warrants throughout the United States as part of an ongoing investigation into recent coordinated cyber attacks against major companies and organizations. Also today, the United Kingdom’s Metropolitan Police Service executed additional search warrants and arrested five people for their alleged role in the attacks.

These distributed denial of service attacks (DDoS) are facilitated by software tools designed to damage a computer network’s ability to function by flooding it with useless commands and information, thus denying service to legitimate users. A group calling itself “Anonymous” has claimed responsibility for the attacks, saying they conducted them in protest of the companies’ and organizations’ actions. The attacks were facilitated by the software tools the group makes available for free download on the Internet. The victims included major U.S. companies across several industries.

The FBI also is reminding the public that facilitating or conducting a DDoS attack is illegal, punishable by up to 10 years in prison, as well as exposing participants to significant civil liability.

The FBI is working closely with its international law enforcement partners and others to mitigate these threats. Authorities in the Netherlands, Germany, and France have also taken their own investigative and enforcement actions. The National Cyber-Forensics and Training Alliance (NCFTA) also is providing assistance. The NCFTA is a public-private partnership that works to identify, mitigate, and neutralize cyber crime. The NCFTA has advised that software from any untrustworthy source represents a potential threat and should be removed. Major Internet security (anti-virus) software providers have instituted updates so they will detect the so-called “Low Orbit Ion Canon” tools used in these attacks.

Saturday, January 22, 2011

PayPal scam

I wanted to share a PayPal scam email that I found in my inbox, and how you can tell that it is a scam.


Dear PayPal customer,

Our company has intended a new feature that will improve the Online Banking security. Upgrading our systems will help protect our customers accounts from 3rd-party access and reduce fraud. This process has started on 14th January, 2011 and will be closed on 19th January, 2011.

All our members are required to update their account profile for the new databases. Filling our online form will take about 3-5 minutes from your time.

To access our profile update form click on the following link to login to your account:

Click here to go to the online form

Please note that failure in updating your profile will result in account suspension.

Alison Grudzinski,
IT Assistant Manager,
PayPal Inc.

____________

Now . . . how to tell that this is a scam email

First, companies like PayPal or credit cards will NEVER send you and email asking you to update your information.  

Second, if there was a new PayPal feature upgrade, there would be information on it when you logged into your account.  No need for an email if you just tell people about it when they log in.  

Third, the window of when it started to when it ends is VERY small.  They do this to make you want to rush and go and update your account right away, instead of keeping the email in your account for months.

Fourth, the click here to go to the online form.  Again, if there really was an upgrade, they would ask you to log into your account, and you would already know how to do that and where to go, so no need for a link.

And last, the link itself.  I have removed the link from the "Click here" wording so that no one will go there, but when it was active you could hover your cursor over it, and you would be able to see where it REALLY points to, and it is NOT a PayPal site.  

Here is an image of what the site would look like if you would have clicked on the link.


They make it look like it really is PayPal, but the URL address is not PayPal.

These types of scams are called Phishing scams (pronounced Fishing)


Tuesday, January 11, 2011

What would you do?

Every day we make choices . . . grab some fast food for breakfast, or have some fresh fruit . . . walk up the stairs or take the elevator . . . you can follow the crowd or stand alone. What would you do?



This is the basis of the television segment What Would You Do on ABC.  They set up scenarios that are supposed to make you stop and think, and then they let the hidden camera roll to catch on tape what people really do in these situations.

Now, you might ask what this show has to do with this scam blog.  It turns out that they are looking to do a segment where one of the scenarios will be a person that is entering into a situation that is clearly a scam.  Will people warn them or just let them go on believing that this is all real?

They would also like to partner this with an interview with real life scam victims who would be willing to share their story.  If you are a scam victim who is willing to share your story please contact me.  They would prefer someone in the New York Tri-State Area, since that is where their production studios are located.

Monday, January 3, 2011

The Sophistication of Scams


I just got done reading the article Scams achieve a new level of sophistication which does a good job at pointing out that anyone can become the victim of a scam.  Here are my two cents that I added as a comment to the article . . .

These scams have been evolving for years now, and the WORST part about any of the counterfeit cashier's check scams is the fact that when someone wants to find out if the check is legitimate and they take it to the bank for them to look at . . . because of course the average person would assume the bank can spot a counterfeit check . . . the banking customer is told that it is "good", "clear", "verified" and that "funds are available".  Look up good, clear and verified in the dictionary and by definition the average person would then assume that there is no problem in cashing and using the money from a check that is "good", "clear" and "verified".  But this is where we as banking customers make a mistake . . . we trust our banks are giving us accurate information.

These checks can come back weeks and even months later as counterfeit, and the bank CUSTOMER is held liable for the entire amount, the the bank, who verbally told us it was "good", "clear" and "verified".

How about the banks start telling people the truth?  That it could take 10 business days or more for the check to be "good", "clear" and "verified".  Is that too much to ask?