Rossander’s Security Reader

Email scammers have been developing some creative new attacks lately which play on human fears, insecurity and/or vanity. We will be discussing several of these attacks over the next few weeks. First, a scam using fraudulent pink slips.

In this attack, the phisher sent emails to some employees at the target company telling them that they had been laid off. The subject line read "Urgent – employment issue”. The from: line was successfully spoofed so that the message appeared to come inside the company. Other content in the message was consistent with the target company’s operations (a hospital) and reinforced the victims’ belief that this was a real message.

The message included a link to a website where the victim could get career-counseling information. Concerned about their employment status and being justifiably upset over being laid off by email, at least two employees at the target company clicked on the link. In fact, opening that website loaded a keystroke logger on the victims’ computers.

Spam and phishing attacks are being increasingly customized to the specific company under attack. Because the content is so customized and because this particular message was so intimidating, the scammer knew that he/she could send out far fewer fraudulent messages and still find an unwary victim. Such low volume, highly targeted attacks are almost impossible for the spam filters to identify and block ahead of time. You must remain on guard when you see a suspicious message.

No reputable company will notify you of any such personnel action solely by email. If you receive a message that concerns you, talk to your manager or to HR department directly. Never click on any link in a suspicious email or IM message.

More and more people are turning to eBay and other online sales channels to get rid of old furniture or toys that the children have outgrown. Even though you may have to deal with shipping, it can be a lot more convenient than holding a yard sale in the rain. And it can reach many more people, increasing the chance that you’ll get the best price for your stuff.

If you do sell anything online, beware of overly generous offers. A particularly common scam is for the buyer to send a check for several thousand dollars more than the asking price and then ask the victim to send back for the difference. The scammer will make up a plausible reason for the overpayment. It could be "a clerical error" or "a way around the local taxes". Very often, these offers come from overseas – places which do have different and sometimes confusing tax laws. Sometimes, it’s “an agency fee that you must remit to the agent”, but the “agent” is a confederate to the scam. Some of these scams look very credible.

Regardless of the alleged reason, the thief will take your “refund” and run, knowing that it can take weeks before his/her original counterfeit check is discovered. When your bank finally does get the counterfeit back, they will deduct the full amount of the bounced check back from your account, leaving you without your stuff, owing bounced-check fees and the cost of the wire transfer and with a loss for the “refunded” amount.

Overpayment scams have been around for years but used to be almost exclusively based on foreign banks. Many of these scams are now based on counterfeits of checks from US banks or even on counterfeit postal money orders.

To recognize the scam, watch out if the buyer is sends you more than your asking price. Return the check and have the buyer send a new check for the correct amount. And don’t be shy about holding the delivery until the check clears. If someone offers more than you asked for, be suspicious.

Read more at FTC.gov.

The Internet Crime Complaint Center (IC3) has received reports of multiple email hoaxes claiming to be from a soldier deployed to Iraq. The individual claims to be in possession of millions of dollars and requests assistance in moving the funds. In one of the more common variations, the funds allegedly came from a soldier who was an orphan and recently died while on a mission in Iraq. The sender of the email claims to want assistance with donating the funds to an American orphanage.

If you receive this email, it is a hoax. DO NOT RESPOND. Delete the message – without opening it if possible. This scam is designed to convince you to reveal your own personal banking information.

Be very cautious when responding to any requests delivered through unsolicited email. Be skeptical of individuals representing themselves as officials asking for donations or requesting the movement of funds to a charity or other program. There is no legitimate reason why a donor (or anyone else) would be unable to wire funds anywhere they wanted by themselves.

If you want to donate to a charity, ensure that the contributions are received and that they will be used for the intended purposes. Go directly to recognized organizations. Do not rely on others to make the donation on your behalf.

If you have received this or any similar hoax message, you can file a complaint at www.ic3.gov.

US-CERT is warning of an increase in phishing and other fraud sites related to the hurricane season. They have already received reports of malicious activity associated with Tropical Storm Ernesto including 17 ernesto-related domain names registered by one person.

These emails and websites claim to be from legitimate charitable organizations and ask for donations to "aid the victims". Some of the sites merely steal the donations. Others use your personal information to either max out your credit card, empty your bank account or set up fraudulent accounts using your stolen identity.

As you may remember from last year, there were an unprecedented number of frauds set up within hours of Hurricane Katrina’s strike. Two of the most egregious turned out to be fronts for a white-supremacist group. Many of the scammers looked at the standard storm-naming conventions and started registering fraudulent "charity" sites a year ago – long before the current storm season even started.

• Treat all requests for donation with caution. Never follow the “convenient” link in an unsolicited email. If you want to go to the website, retype the URL into your browser’s address line by hand.
• Take the time to research the charity before making your donation. Make sure you know who’s really getting your money.
• Report fraudulent or suspicious “charities” to the FBI’s Internet Crime Complaint Center.
From westfieldinsurance.com

Some thieves use a tactic called ATM skimming to steal your card number and PIN. While this tactic has been used for several years in large cities and tourist areas, there is some evidence that the tactic is now being used more in smaller areas.

ATM skimming depends on a device that clips onto the outside of the ATM and sits on top of the cardslot. The device is camouflaged to look like a normal part of the ATM. When you insert your card, the skimmer reads the magnetic strip as it goes past into the regular ATM card reader. The skimmer does not interfere with the operation of the ATM.

The thief will often also put up a small camera positioned to watch your hand as you enter your PIN. The camera might be camouflaged as a brochure holder. These devices often have built-in antennae to send the numbers wirelessly to the thief’s computer in a nearby car.

See this Snopes.com article for pictures of an ATM skimmer in place.

Banks regularly check their ATMs for these devices but if you see something suspicious, you should call the Bank immediately. If your bank offers a "smart card" (a card with an embedded chip), those are currently secure from most skimmer attacks. Regardless, you should always monitor your bank statement carefully to make sure that all the transactions on it are really yours.