Cyber Fraud - Don’t be a victim!

CAUTION: Fraud is everywhere on the web, don’t be a victim…Look here for some useful tips.

  
There are many types of cyber attacks taking place through the Internet. Many of these come in through fraudulent e-mails. These might be trying to attack your computer for the purpose of encrypting your files to try to make you pay a ransom fee to get your files back. These Ransomware attacks are particularly nasty because they do a lot of damage, and for many people, cause a complete loss of all files and programs.

Others are designed to get you to simply send money or provide your contact information to steal your identity.

Don’t be a victim, learn to spot these bogus e-mails and follow a few simple rules:

1. NEVER EVER EVER CLICK ON A LINK IN AN E-MAIL unless you initiated the receipt of the e-mail.

If you received the e-mail without doing anything to ask for it, then the links are likely dangerous and you should NOT click on them.

If, however, you tried to log into a site, like your bank account, or your e-mail account like gmail and you can’t remember your password and request a password reset, you’ll often be sent an e-mail with a link to click on. Those links are safe because YOU REQUESTED it be sent from a legitimate site.

2. NEVER EVER EVER GIVE YOUR CONTACT INFO THROUGH AN UNSOLICITED LINK.

Look, if you receive an e-mail that claims to need your contact info and maybe bank account number, username, password, social security number, etc. and you hadn’t requested the e-mail, then DON’T FILL OUT THE INFORMATION AND SEND IT BACK!!! Come ON!!! Use your head, that’s obviously fraud.

Real-life example:
Guess who didn’t follow these rules…

Answer: A former Presidential Chief of Staff responded to an e-mail that appeared to come from GMAIL support telling him they had lost his password. So…what did he do…he clicked on the link, provided the information they wanted…and soon WikiLeaks was providing the world with his private e-mails.

This wasn’t some sophisticated hacking attack, it was a simple social engineering attack that took down someone who should have known better.

3. If they are offering you millions of dollars and all you have to do is send them some money…NOPE! It’s Fraud. Just delete it.

4. If they claim to be a friend or relative on vacation in some foreign land and they’ve been robbed and are stranded…NOPE! It’s Fraud. Just delete it.
  
Stacks Image 14
E-mail attachments:

There are many different attacks taking place through the use of an e-mail attachment. The image to the left is an actual e-mail I received that appears to come from FedEx when, in fact, the e-mail address hidden behind the FedEx Support was actually…

rafael.zimmerman@yankeerussia.com

By simply hovering the cursor over the FedEx Support name, the e-mail address is revealed.

During holidays, this type of e-mail attack is very common because so many of us may be receiving packages via FedEx.

The e-mail seems safe enough but that attachment is loaded for the kill. If I were to try to open that Undelivered-Parcel-..39.zip file on a Windows PC, my computer would have all of its files encrypted and I’d be completely locked out with a Ransom message on the screen telling me to call a phone number and pay a ransom fee to get an de-encryption key to get my files back.

If you make this mistake, I hope you have a backup of your important files. Because unless you want to pay out hundreds of dollars in a ransom fee, you’ll likely be forced to completely reformat your hard drive and reinstall the operating system and all of your programs to get operational again. And…if you don’t have a backup of your files, you’ll have lost everything.

If you make this mistake…
Call Dr. Bob (817) 994-7111
   
Stacks Image 25
Here’s another common fraud…

This is one of many types of fraud using human social engineering principals to scare you into taking action. In this case, they are trying to make me believe that my credit card has been charged $1812 and there are embedded links to Download Receipt and Click Here to download a copy of the invoice and payment receipt.

By hovering my cursor over (not clicking on) either the Download Receipt link or the CLICK HERE link, I see that the go to…

http://www.ccbilling.online/march-crystalizes/CO68K6A2NpZsZ8-mjLOmVFLjWmNKtO00iOVCaa

wherever the heck that goes.

What I do know is that I didn’t have a credit card that could be billed and I would have seen it in my bank account and I didn’t. So, it’s obviously a fraudulent attempt to get me to click on the link and then give them information that could allow them to steal my identity or just infect me with a nasty virus.

By the way, look closely at the e-mail and tell me what you don’t see…

What company is it from????

Maria Rodriguez
Billing Dept.

Billing Department of what company????

Just a little common sense ought to tell you this isn’t real. Don’t be fooled, use a little grey matter.

But, if you don’t, call Dr. Bob (817) 994-7111
   
FROM OFFICE OF THE CHAIRMAN,
ECONOMIC AND FINANCIAL CRIMES COMMISSION.
CHIEF DR. IBRAHIM MUSTAFA MAGU(CHAIRMAN)
NIGERIA INVESTIGATION BUREAU
14A AWOLOWO LANE, IKOYI
LAGOS NIGERIA.
WEBSITE: www.efcc.com
Motto: No Body is Above the LAW (THE EAGLE)
(BE CAREFUL OF THE HOODLUMS / SCAMMERS)



I am Mr. Ibrahim Mustafa Magu the chairman of ECONOMIC & FINANCIAL CRIME COMMISSION (EFCC), EFCC in alliance with economic community of West African states (ECOWAS) with head Office here in Nigeria, We have been working towards the eradication of fraudsters and scam Artists in Western part of Africa With the help of United States Government and the United Nations.

We have been able to track down so many of this scam in various parts of the West Africa countries which includes ( REPUBLIC OF BENIN, TOGO, GHANA, CAMEROUN, NIGERIA , MALI AND SENEGAL, ) and they are all in our custody here in Lagos Nigeria.

The Anti-corruption war is taken a turn as the past chairman of the commission's Mr. Ibrahim Lamorde a police officer, was removed as EFCC chairman on November 9, 2015 four years after he took over as head of the anti-graft agency and is under investigation for alleged diversion of N1 trillion and charge to court on the 17th November 2015 in a supreme court in Abuja, you can also follow the link for more informations.

http://www.blueprint.ng/2015/11/10/sacked-lamorde-faces-arrest/

The EFCC as an agency that is founded on transparency is not afraid of any “probe” or request for information regarding its activities by individuals, groups or organs of government; so far as such requests followed due process of law. The EFCC under Lamorde did not need the prompting of anyone, when it commissioned a reputable international audit firm, KPMG to carry out comprehensive audit of exhibits and forfeited assets of the Commission from 2003 to date.

We have also arrested all those who claim that they are barristers, bank officials, government officials, Lottery Agents who with-held your funds, has money for transfer or want you to be the next of kin of such funds which does not exist.

http://www.premiumtimesng.com/news/headlines/198289-lawyers-acting-technical-advisers-criminals-efccs-magu.html

We have been able to recover so much money from this hoodlums, corrupt government officials and these scam artists, the New minister of Finance Federal Republic of Nigeria  Mrs. Kemi Adeosun under president Muhammadu Buhari, and the CBN issued a statement on Feburary 20th 2016 to the effect that the CBN is against the fleecing of customers under any guise and with the mandate of the Apex Bank, issued a deposit refund of N6.2 Billion excess charges on cost of transaction for 2015 alone. This refund, the CBN said arose from more 6,000 complaints of unauthorised bank charges brought to its notice. So the United Nation Anti-crime commission, the United State Government and the CBN have ordered the money recovered from the Scammers/government official to be shared among 100 Lucky people around the globe.

This email is being directed to you because your email address was found in our past Chairman computer Mr. Ibrahim Larmode hard disk during our investigation in our office here in Nigeria and with the information gathered, we notice that you have been scammed of so much money and no compensation has been given to you, so we decided to compensate you with a little token to recover the lost of your fund you are therefore being compensated with the total sum $2.5 Million Dollars.

Since your name appeared among the lucky beneficiaries who will receive a compensation of US$2.5 Million, we have made arrangement to register an Online Banking through our Global Bank, (Standard Chartered Global Bank) where you will have full access to your Online Banking Account Fund, to transfer your fund personally to your Private Bank Account with no complication of things or questioning as the Account will be fully registered in your Name.

The online Banking Processing is made much easier for you to transfer your fund to your private Bank Account personally, to avoid any delay or complication of things With this Online Banking Transfer Processing, you can only transfer the Maximum Amount of US$500.000.00 daily/instalmentally until the total amount of your Compensated/deposited fund is transferred and completely paid to you.

So you are advice to contact the processing officer Anti-Crime Foreign Operation Department of the (EFCC) Mr. James Green who is in charge of your funds with your provided information required for verification below.

CONTACT PERSON:  MR JAMES GREEN
CONTACT EMAIL ADDRESS: efccjamesgreen@gmail.com
Provide the information below to enable the processing of your Online Banking Account for deposition of your total compensated fund.


Provide the information bellow to enable the processing of your Online Banking Account for deposition of your total compensated fund.

1) YOUR FULL NAME.
2) YOUR ADDRESS.
3) YOUR TELEPHONE NUMBER.
4) YOUR OCCUPATION
5) YOUR IDENTITY/INTERNATIONAL PASSPORT
6) COUNTRY.


Contact Mr. James Green with the information required for verification to enable him start the processing of your Online Banking Account Registration, we GUARANTEE you your safety and wish you the best of luck.

We must all act as AGENT of stamping out corruption, THE EAGLE will get you.

Best Regard,

Mr.Ibrahim Mustafa Magu
CHAIRMAN ECONOMIC & FINANCIAL CRIME COMMISSION
(EFCC) FOREIGN OPERATIONS DEPT,
LAGOS-NIGERIA.
Ok, so here it is…the Nigerian e-mail claiming to have money…lots of money…for you. Just give them all the information they request through the various links and you’ll be set.

Amazingly, this e-mail has fooled a lot of people who have sent hundreds of thousands of dollars for nothing. And they send the money, sometimes for years.

Nope! another scam that can cost you…literally.

Not a virus, not even a hack. Just a social engineering attack to make you a fool for falling for it.

Don’t be a victim, I can’t help you with this one, there’s no damage to your computer, just your bank account.

I can, however, teach you what to look for so you don’t get scammed.

By the way, just read this e-mail and look for bad english, misspelled words, etc. Do you really think if this was real the english grammar and spelling would be this bad? Especially if they are working with the US Government and the United Nations as they claim? I don’t think so.

   
Stacks Image 49
Here’s another example of a fraudulent attempt to get your personal information.

If the English grammar is particularly bad and awkward and they are constantly trying to convince you that the e-mail is legitimate…IT ISN’T!!!

Look at the first sentence on this one.

“I have very vital information, but first I must have your trust before I review it to you because it may cause me my job, so I need somebody that I can trust for me to be able to review the secret to you.”

Obviously someone for whom English is a second language. And it just gets worse the more you read.

And his next to the last line…

I assure you that this is legal and 100% risk free.”

Sure buddy…Like I’m buying that…
   
Stacks Image 60
Here’s a fraudulent order delivery notice. Don’t be fooled by something like this…

Not only does it not indicate where the order is coming from, look down at the added text below the last line “We hope to see you again soon”

it starts out…

“The story shifts to the fairies in the woods. The fairies are magical little creatures like Tinkerbell.”

What is that???

Well, one of the methods to attempt to get past spam mail filters is to make the e-mail look legitimate. They do that by copying and pasting, into the e-mail, passages from actual literature.

Originally, a lot of spam e-mail came in as just an image with no actual text and so the filters were able to identify them quite easily. When the spammers realized what was happening, they developed various methods to defeat the filters. Many filters looked at what was being said in the e-mail and began to recognize certain phrases they could tag as spam. So the spammers added real literature to defeat that filter.

It’s a constant battle that the spammers continue to win as they get more sophisticated.

The bottom line is you need to recognize these kinds of schemes so you can tell fake mail that may contain dangerous links…like this one. Those links in the order number and the button would likely download a virus.


   
Stacks Image 71
Another e-mail attachment fraud.

I hope, by now, you’ve gotten the idea firmly in mind that you NEVER, EVER, click on a link or download and open an attachment in and e-mail unless you requested it.

I knew this was fake because I’d never had any dealings with these people and it has all the looks of a fake e-mail trying to do harm.

Just take the time to really look at the e-mail and recognize that you don’t recognize anything about the people sending it or they don’t even tell you who they are.

If you don’t remember doing business with them…you probably didn’t.
   
Stacks Image 82
Mailbox Full fraud…

We all use e-mail and some e-mail services impose limits on how much space your mailbox can take up before it is considered full. When that happens, you can’t receive any more e-mail and you need to go in and delete old e-mails to free up space.

Well, that opens the door for fraud like that shown here. A fake message telling you your e-mail box is full with a link that here is called restore.

But, notice that it doesn’t tell you who it is from!!! Just the generic Mail Desk.

This is fraud, they are counting on you not knowing your e-mail provider service and not knowing whether you have a size limit so they can scare you into clicking on the link.

ANY E-MAIL THAT TRIES TO SCARE YOU IS FRAUD 100% OF THE TIME.


For that matter, ANY MESSAGE THAT POPS UP ON YOUR COMPUTER SCREEN TELLING YOU SOMETHING BAD IS HAPPENING TO YOUR COMPUTER AND PROVIDING YOU WITH A PHONE NUMBER TO CALL TO FIX THE PROBLEM IS FRAUD. DON’T CALL ANY NUMBER PUT UP IN A SCARY MESSAGE.
   
Stacks Image 93
When a Friend is NOT a Friend!!!

How many of you have received an e-mail that looks like it is coming from a friend but just has a link like you see to the left?

This looks like it is coming from my good friend Jean Christenberry (who, by the way is a great real estate agent!).

However, when I hover my cursor over her name the e-mail address hidden under that name is really:

deedee@fadal-buchanan.com

And what is that link going to??? Does that even make sense? It doesn’t to me so it has to be fake.

In fact, at this time that account is suspended so it no longer goes anywhere. But, when it was active, it likely went to a site that would have installed viruses or other malware on my computer had I clicked on it…which I didn’t. I just saved it to my fraud folder so I could share it with you.
  
Stacks Image 104
Paypal Fraud…

How many of you have Paypal accounts? Well, let me tell you that they would NEVER EVER EVER send you an e-mail like this one.

If PayPal has something they need you to take action on, they’ll send you an e-mail that DOES NOT CONTAIN A LINK TO CLICK ON. They’ll simply tell you to log into your account through your normal login procedures and update your password or other information.

BANK ACCOUNT FRAUD

This same rule applies to e-mails that appear to come from your bank or another bank. Sometimes you’ll get e-mails with all the proper logos and look and feel of a real e-mail from your bank or another well known bank. But if they are giving you scary information and provide a link for you to click on and update your information…IT’S FAKE, IT’S FRAUD, don’t be fooled.

Unfortunately, I didn’t save off an example of one of these fake bank e-mails yet, but when I get another one, I’ll post it here so you can see just how good they can look.
  
Stacks Image 115
Fake Virus Attack:

To the left is a photograph of a message that came up on a customer’s computer. Let’s analyze this one.

First, it’s a window that’s open in a new tab in the web browser that was given the tab title of System Infected Virus Alert. That’s the first attempt to scare you.

Then it presents… webtechexpert.co.in says: Wow! Impressive, it’s from a webtechexpert…Not! Then another scary statement that A Suspicious Connection was trying to access all sorts of things. They want you to pay attention and take them seriously…oooh, be scared. Then some tech talk nonsense to make it sound more geek legit.

Your TCP Connection Was Blocked by Your Firewall.

Well, no, my Firewall won’t block my outgoing Internet traffic, the firewall is there to keep activities on the Internet OFF my computer. I get to go out but nobody gets to come in unless I let them. Now the next scare…

Your Accounts May be Suspended Until You Take an Action.

What’s with the capital letters? And the grammar, ‘Until You Take an Action.’ Which an action? Do you guys really mean to say Take Action? Ok, let’s start nailing the coffin shut…

Your Personal Information May Have Leaked. IMMEDIATE RESPONSE REQUIRED

Again, the weird capitalization within the statement and then they start yelling!!! Quick, take IMMEDIATE ACTION. And no period at the end of the statement. Ok, so now let’s really stab you in the brain…

Your Hard Disk May Have Trojan Virus! Please Do Not Try to Fix Manually, It May Crash Your Data.

Now I’m really scared, my hard disk may have Trojan Virus! Not ‘have a Trojan Virus’ or ‘may have Trojan Viruses!’ Again, the bad grammar and punctuation ought to tell you these guys aren’t tech experts. But then they want to help us out by pointing out we shouldn’t try to fix it ourselves because it might Crash our data. Maybe replacing Crash with Damage or Delete would have been a better choice of words. But, hey, maybe they did a survey and found people respond more appropriately to the word Crash… And now they want us to know they are our saviors, they are performing additional system checks to verify system security. And then a final bit of deflection to prove they are the good guys…they tell you to visit your Nearest Windows Service Center OR Call Help Desk… How nice, they don’t want us traveling too far to get assistance…but why go anywhere when you can just call a toll-free phone number…

Call that number and then… call Dr. Bob; in moments you’ll be locked out of your computer.

They’ll likely walk you through opening some System Log Files where you’ll find ERROR messages. Guess what! You’ll almost always be able to find ERROR messages in the log files. But once found, they’ll tell you that’s proof you are infected and, since they’ve been soooo helpful, they’ll ask you to let them log into your computer…and you’ll do it… because they are trying to help you out…after all, they found the infection…didn’t they?

Once in, you’ll see windows opening and closing all over the place, and really fast, so they are really good, working so fast to fix your computer. In reality, they are probably going into your user account, changing the password to lock you out and maybe changing the username to their phone number. That way when you reboot and try to log in it won’t say your name any more it’ll say Call [their phone number] and when you try your password, it will be rejected because….THEY CHANGED IT!

Now before you discover what they’ve done, they’re going to tell you they’ve fixed everything and they are going to want payment. It’ll likely be $400-$500 and maybe instead of taking a credit card, they’ll tell you to go buy Apple iTunes cards to total their bill and send them to them.

Are you the least bit suspicious yet???

Look, what you should have done when you got the scary message is CALL Dr. Bob. But now that you let them into your computer, you really need to call Dr. Bob.

I can remove the bad password, put yours back in and rename your account back to what it was and then clean up any malicious software (Malware) that may be on the computer.