Blog

On May 5, the Internet Crime Complaint Center (IC3) issued a warning to people traveling abroad to beware of malware. The IC3’s release stated, “Recent analysis from the FBI and other government agencies demonstrates that malicious actors are targeting travelers abroad through pop-up windows while establishing an Internet connection in their hotel rooms.”

This malware scam currently only applies to those traveling abroad, but the tips provided are good advise for anyone using any network away from home.

How the malware scam works

So how does this scam work? The bad guys know us well. For instance, they know that the first thing a traveler will do in a hotel is to look for an Internet connection. They also know that we, as computer users, have become accustomed to frequent software updates for certain products. In addition to that, most computer users almost automatically accept those software updates without a second thought. And therein lies our weakness.

While the hotel’s connection can be trusted, it’s the popup window that appears prior to or during the connection setup that is the problem. The popup advises the user that there is a software update. When the user clicks on the button or link to accept the update, the malware is installed.

How to protect yourself from the malware scam

In the IC3 release the FBI recommended that those traveling abroad “take extra caution before updating software products on their hotel Internet connection.” They also suggested that users update their software before leaving home and that they check the digital certificate for the update. Those suggestions, however, assume that the traveler would take the time to update software and know how to check a digital certificate. Let’s get practical.

1) Unless you’re traveling abroad for an extended period of time, there’s no reason to update software while on the road. So, just don’t accept the software update. You’ll be able to “catch up” when you get home.

2) If you must update the software, go to the software vendor’s website and download the update.

Report the malware attack

If you believe that you’ve been targeted with a malware scam, contact your local FBI office or report the incident at www.IC3.gov.

This internet email scam that is being used a lot these days has several variations. The latest involves yet another modification on the original email that claimed my package couldn’t be delivered and was being held until I claimed it. The email from the “US Postal Service” has changed slightly—the supposed package is now being held in Bakersfield instead of Chicago. The good news is that it has moved westward without me doing a thing. On the down side, the daily charge to “store” the supposed package has gone up. Since nothing about this email is true—other than the fact that it’s an email scam—who really cares?

As I pointed out in the first post on this scam, the US Postal Service doesn’t charge “rent” or “storage” so that should be an immediate tipoff that something is not quite right with this email. Beware, don’t click the link included to learn more.

Here’s the text of the latest email received:

Postal notification,

Courier service couldn’t make the delivery of your parcel.
Reason deny:Postal code isn’t valid.

LOCATION:Bakersfield
PARCEL STATUS: sort order
SERVICE: Local Pickup
NUMBER OF YOUR ITEM:U996791909NU
INSURANCE: Yes

Label is enclosed to the letter.
Print a label and show it at your post office.

Important information!
If the parcel isn’t received within 30 working days our company will have the right to claim compensation from you for it’s keeping in the amount of $8.59 for each day of keeping.

You can find the information about the procedure and conditions of parcels keeping in the nearest office.

Thank you.
USPS Logistics Services.

This one’s been around before. But, it, just like yesterday’s American Express Scam email, was in my email inbox this morning. This one is a notification that my package that was being sent via US Postal Service could not be delivered. The email includes a zip file that supposedly contains a label that I can print and take to the nearest post office to retrieve my package. What’s wrong in this picture? Three things:

1. The package, according the the email, is in Chicago.
2. I didn’t order anything that was being sent via Express Mail
3. The Postal Service does not charge for “holding” or “storing” packages, as this email indicates.

Our company’s courier couldn’t deliver your parcel.
Status deny\Wrong postal code.

LOCATION OF YOUR ITEM:Chicago
STATUS: not delivered
SERVICE: Express Mail
NUMBER OF YOUR PARCEL:U797368459NU
INSURANCE: Yes

Label is enclosed to the letter.
You should print the label and show it in the nearest post office to get a parcel.

An additional information
If the parcel isn’t received within 30 working days our company will have the right to claim compensation from you for it’s keeping in the amount of $5.42 for each day of keeping of it.

You can find the information about the procedure and conditions of parcels keeping in the nearest office.

Thank you.
USPS Logistics.

To say that Internet scams are getting more difficult to spot is an understatement. This morning, I received an email notification from American Express about a fraud alert on my AmEx card.  Problem is, I don’t have an AmEx card. Sorry fellas, wrong guy.

There are a couple of things about this email that make it suspicious. First, the “From” address is seems a bit off. Why would American Express send a fraud warning from their “Welcome” group? And second, there’s an image missing. They do have the AmEx logo card image included—a nice touch that will fool a good many people.

Here’s an image of the email that I received. If you get this one, don’t open or it or click on the links, but do consider forwarding it to spoof@americanexpress.com. 

This job sounds almost too good to be true. Who wouldn’t want to make some extra cash by doing what they’re going to do anyway? This is one of the latest scams on the FBI’s Internet Crime Complaint Center’s (IC3) website.

The scam begins when you see an online ad to earn money by letting a well-known brand put a vinyl decal on your car. The online ad says you’ll earn $400-$600 per week just for driving your car. The next step is for you to provide your personal and vehicle information.

Once the scammers have your contact information, they send you a check or money order for more than the amount you were supposed to receive. In order to “pay back” the overage, victims are given instructions to cash the check and wire transfer the excess funds back to the person who supposedly created the decal.

The check you received, of course, was bogus. The check, once cashed, becomes untraceable. The crooks get the money you wired to them and you get stuck paying the bank’s losses.

The IC3 pointed out that there are legitimate offers of this type, but there are also many people who fall victim to fraud after responding to this type of online ad.