FBI Alert Regarding Cyber Scams
The FBI recently issued a press release regarding the resurgence of a prior cybermail scam.
Victims receive an email purporting to be from a government agency. The email indicates that a complaint has been filed against them. When the victim opens the supposedly attached complaint, malicious software is downloaded onto the system.
In part, the press release states:
The FBI has recently developed information indicating cyber criminals are attempting to once again send fraudulent e-mails to unsuspecting recipients stating that someone has filed a complaint against them or their company with the Department of Justice or another organization such as the Internal Revenue Service, Social Security Administration, or the Better Business Bureau.
Information obtained during the FBI investigation has been provided to the Department of Homeland Security (DHS). DHS has taken steps to alert their public and private sector partners with the release of a Critical Infrastructure Information Notice (CIIN).
The e-mails are intended to appear as legitimate messages from the above departments, and they address the recipients by name, and other personal information may be contained within the e-mail. Consistent with previous efforts, the scam will likely be an effort to secure Personally Identifiable Information. The nature of these types of scams is to create a sense of urgency for the recipient to provide a response through clicking on a hyperlink, opening an attachment, or initiating a telephone call.
It is believed this e-mail refers to a complaint that is in the form of an attachment, which actually contains virus software designed to steal passwords from the recipient. The virus is wrapped in a screensaver file wherein most anti-virus programs are unable to detect its malicious intent. Once downloaded, the virus is designed to monitor username and password logins, and record the activity, as well as other password-type information, entered on the compromised machine.
Companies should be particularly careful, as they often are vulnerable targets. Even though companies tend to have better resources than individuals, companies also have a number of employees to control, and are often particularly proactive in responding to complaints.
Customers of mortgage companies also can be particularly vulnerable. They often transmit and receive substantial amounts of personal information to mortgage companies over less secure home computers.
In this environment, mortgage companies should continue to probe their systems for vulnerability, and strengthen any weaknesses detected. Employee training is also critical.