Scam Alerts -- 2009

Spear Phishing E-Mails Target U.S. Law Firms And Public Relations Firms
Apple Computers Retail Scam
Live Chat Phishing Scam
Scam E-mail Targeting Verizon Wireless Customers
Text Message Scam
New Facebook Chat Phishing Scam
Google Wave Scam
Online Dog Selling Scam
Scam Involving Pop-Up Advertisements Offering Anti-Virus Software
Targets Unemployment Insurance Recipients
Fraudulent E-Mails Claiming to be from the Federal Deposit Insurance Corporation FDIC)
Scam misusing the name of the United States Attorney General
Social Networking Scams
Fake U.S. Census Scam
H1N1 Flu Scam
Veteran’s Administration Scam
Sweepstakes Scammers Posing as Federal Officials Scam
Fraudulent FBI Intelligence Bulletin Scam
Fraudulent FBI Intelligence Bulletin From The Weapons Of Mass Destruction Directorate Scam
E-mail password scam
Text or voice message Phishing scam
‘Cash for Clunkers’ scam
iPhone Purchasing website scam
Keys-for-Cash NYC Renters Scam
Twitter Work-at-Home Money-Making Schemes
Twitter Spam Scam Uses Fake Celebrity Retweets
Social Security and Economic Stimulus scam
Michael Jackson-related scams
U.S. Customs and Border Protection (U.S. CBP) Scam
Fraudulent 2009 H1N1 Influenza (Swine Flu) Products Scam
Facebook.com Typosquatting and Phishing Scams
'Property Fraud' Scam
Small Business Administration Letter Scam
Odometer Fraud
Telephone Fraud Involving Jury Duty
FDIC Scam
Web Hosting Scam
Oprah Millionaire Contest Show scam
Secured Credit Card Marketing Misrepresentation
Advance-Fee Loan (“Easy Cash Offers’) Scams
Credit Repair Scams
Bank Failures, Mergers, and Takeovers
Spear Phishing Scam
Medicare Scam
Home Foreclosure Rescue Scams
Koobface Virus Attacks Social Networking Sites in New Form (See “New Scams Hit Social Networking Site” for first Division Alert)
Fake Military Twist on Vehicle Sale Scam
McDonalds and Walgreens Survey Scam
Twitter.com Scam
MobileMe Phising Scam
FBI Phising and Spoofing Scam
Tax Season Scam
Immigration Scam
Work-At-Home Scams
Wal-Mart Consumer Satisfaction Survey Scam
Grandparents Scam
Charity Foundation Fax Scam

TOPIC: Spear Phishing E-Mails Target U.S. Law Firms And Public Relations Firms

WHO IS THE TARGETED VICTIM? E-mail users

WHAT IS THE SCAM? Hackers are using spear phishing e-mails with malicious attachments to exploit U.S. law and public relations firms. A spear phishing, or targeted socially engineered, e-mail designed to compromise a network is being employed by hackers to bypass defenses and exploit the person at the keyboard. These e-mails urge the receiving user to open an attachment or link, which contains a virus or a malicious executable file. Resistance against these attacks is difficult as the subject lines are “spoofed,” or crafted in such a way to uniquely engage recipients with content appropriate to their specific business interests. In addition to appearing to originate from a trusted source based on the relevance of the subject line, the attachment name and message body are also crafted to associate with the same business interests. Infection occurs once someone opens the attachment or clicks the link, which launches a self-executing file and, through a variety of malicious processes, attempts to download another file.

Once executed, the malicious payload will attempt to download and execute the file ‘srhost.exe’ from the domain ‘http://d.ueopen.com’; e.g. http://d.ueopen.com/srhost.exe. Any traffic associated with ‘ueopen.com’ should be considered an indicator of an existing network compromise and addressed appropriately.

The malicious file does not necessarily appear as an ‘exe’ file in each incident. On occasion, the self-executing file has appeared as other file types, e.g., ‘.zip’, ‘.jpeg’, etc.

WHAT STEPS SHOULD YOU TAKE? Please contact your local F.B.I. field office if you experience this network activity and direct incident response notifications to the U.S. Department of Homeland Security and the U.S. Computer Emergency Readiness Team.

TOPIC: Apple Computers Retail Scam

WHO IS THE TARGETED VICTIM? E-mail users

WHAT IS THE SCAM? A phishing e-mail purporting to relate to a recent Apple retail transaction is in circulation. The scam e-mail asks for details of any recent orders and zipped ‘.exe’ file which will only launch on a Windows machine.

The e-mail reads: “We recorded a payment request from ‘Apple Inc.’ to enable the charge of $7,548.45 on your account.” It then goes on to advise readers to click on the attachment in the e-mail in the event they want the transaction stopped.

WHAT STEPS SHOULD YOU TAKE? Be advised not to click on any attachments from sources you don’t know/trust and take precautions as outlined in the Division's Phishing Scam Prevention Tips.

TOPIC: Live Chat Phishing Scam

WHO IS THE TARGETED VICTIM? Internet users

WHAT IS THE SCAM? Online scammers have created a phishing site masquerading as a U.S.-based bank that launches a live chat window where victims are tricked into revealing more information. After a user accesses the phishing site, the chat window messages come through the browser and not via a typical instant messenger application. The chat window is displayed if the log-in credentials are typed in or if any other link on the page is clicked. The scammer claims to be from the bank's fraud department and says that the bank is requiring members to validate their accounts, asking for additional information such as name, phone number, and e-mail address. That information could be used to get access to accounts and money online or over the phone.

WHAT STEPS SHOULD YOU TAKE? Do not provide personal identifiable information through e-mail or during a web “chat.” Do not chat with unknown entities.

TOPIC: Scam E-mail Targeting Verizon Wireless Customers

WHO IS THE TARGETED VICTIM? E-mail users

WHAT IS THE SCAM? Scammers are sending e-mails that claim a consumer’s Verizon account is over the limit. The e-mail also offers a "balance checker" program that would review payments. That program is actually a malicious Trojan horse virus that will ruin your computer.

WHAT STEPS SHOULD YOU TAKE? The e-mails look like they're from Verizon, but they're not. Verizon Wireless reps say there's no such thing as a "balance checker" program. They say Verizon users can check account information by going online or calling 611.

TOPIC: Text Message Scam

WHO IS THE TARGETED VICTIM? Mobile phone users

WHAT IS THE SCAM? Cell phone owners should be aware of a new scam that's delivered by text.

Most of these schemes consist of an unsolicited text message alerting the consumer that there is a problem with his/her cell phone account or some financial account, like a credit card. The message might say that a credit card has been deactivated, or it might warn that cell service will be canceled. To correct the supposed problem, consumers are told to call the number listed in the text.

WHAT STEPS SHOULD YOU TAKE? To avoid falling for this scam, contact your cell phone provider or the account representative in question directly using the customer service number on your statement or the number given on the provider’s website to verify that the account problem is legitimate. Also, do not respond to unsolicited texts, as legitimate businesses and companies will usually not contact their customers that way unless the customer has agreed to receive such text messages.

TOPIC: New Facebook Chat Phishing Scam

WHO IS THE TARGETED VICTIM? Facebook users

WHAT IS THE SCAM? Scammers are using the “chat” feature on Facebook as part of a phishing scam. The attack employs similar methods to those used by past scams, using hijacked user accounts to send chat messages with a generic message and a link to a familiar-looking Facebook phishing page. If you actually click the link and enter your details on the fake Facebook login page, the hackers steal your user name and password and direct you on to the real Facebook.

Once your account has been compromised, hackers use it to perpetuate the scam by spamming your friends in chat. Automated bots handle the heavy lifting of pestering your contacts. At least one of the messages comes in the format “ROFL this you?!” with a phishing link, but this particular vulnerability may take other forms

WHAT STEPS SHOULD YOU TAKE? Be sure to use caution when receiving any remotely suspicious chat messages from your Facebook contacts. Make sure you know with whom you are catching.

TOPIC: Google Wave Scam

WHO IS THE TARGETED VICTIM? E-mail users

WHAT IS THE SCAM? Google “Wave,” a new web-based product from Google, has become the subject of web-based scams. There are a few websites, Twitter and Facebook messages, and public “waves” that offer invitations to Google Wave in exchange for e-mail addresses or promotions.

Consumers should assume that Twitter message suggesting that a user will part with one of the purported 1,000 Google Wave invitations if the consumer “retweets” a message and “following” the user’s account is a fake. Google is giving out invites in batches of 8-10; nobody is getting 1,000.

Consumers should also be weary of messages via e-mail or social media networks that offer Google Wave invitations for sale or if a “free invitation” offer is coupled with another giveaway/sale.

WHAT STEPS SHOULD YOU TAKE? Consumers should always be careful about sharing their e-mail address or other personal information. Remember that Google Wave is free so you should never have to pay for an invitation. Free Google Wave invitations are available on the service’s official webpage.

TOPIC: Online Dog Selling Scam

WHO IS THE TARGETED VICTIM? Consumers looking to purchase a dog

WHAT IS THE SCAM? Internet scammers are stealing money from unsuspecting people who think their new dog or cat is on the way to his or her new home, when in fact there was never an animal at all. Internet pet-selling scams often include a long-distance seller -- claiming to be in another country doing missionary work -- who cannot keep the dog because the climate is too hot.

Scammers promise a free puppy -- as long as the consumer pays the shipping via money order or wire transfer. Once the scammers receive the "shipping" fee, the consumer receives a message that their puppy is stuck at the airport due to customs complications and the consumer is asked to send more money. Finally, the scammer -- and the puppy that never existed in the first place -- disappears. In many cases, victims think their dog is at the airport waiting for them after they've sent two or three money orders or wire transfers. In other cases, the seller claims to represent an animal shelter or a good samaritan, offering the breeds for "adoption."

Internet scammers can deceive would-be buyers by using readily available online photos or by using stolen photos of other people's pets to represent the non-existent animal. They will often copy the claims of legitimate rescue groups and attempt to sound reputable by saying that they will only deliver the pet to someone who has a fenced yard, for example. They will also copy the text from breeder ads and claim to have registration certificates, vet records and health guarantees.

WHAT STEPS SHOULD YOU TAKE? Never buy a pet from anyone whose operation you have not thoroughly researched . Check references for any breeder with whom you deal. An alternative to buying a pet is to find your local shelter and visit. Reputable shelters do not place puppies by sending out mass e-mails and then shipping animals to people.

TOPIC: Scam Involving Pop-Up Advertisements Offering Anti-Virus Software

WHO IS THE TARGETED VICTIM? Internet users

WHAT IS THE SCAM? An ongoing threat exists for computer users who, while browsing the Internet, began receiving pop-up security warnings that state their computers are infected with numerous viruses.

These pop-ups known as scareware, fake, or rogue anti-virus software look authentic and may even display what appears to be real-time anti-virus scanning of the user’s hard drive. The scareware will show a list of reputable software icons; however, the user cannot click a link to go to the actual site to review or see recommendations.

The scareware is intimidating to most users and extremely aggressive in its attempt to lure the user into purchasing the rogue software that will allegedly remove the viruses from their computer. It is possible that these threats are received as a result of clicking on advertisements contained on a website.

Once the pop-up appears it cannot be easily closed by clicking “close” or the “X” button. If the user clicks on the pop-up to purchase the software, a form is provided that collects payment information and the user is charged for the bogus product. In some instances, whether the user clicks on the pop-up or not, the scareware can install malicious code onto the computer. By running your computer with an account that has rights to install software, this issue is more likely to occur.

Downloading the software could result in viruses, Trojans, and/or keyloggers being installed on the user’s computer. The repercussions of downloading the malicious software could prove further financial loss to the victim due to computer repair, as well as, cost to the user and/or financial institutions due to identity theft.

The assertive tactics of the scareware has caused significant losses to users. The FBI is aware of an estimated loss to victims in excess of $150 million.

WHAT STEPS SHOULD YOU TAKE? Be cautious when using the Internet. Beware of pop-ups that offer a variation of recognized security software. Research the exact name of the software being offered. Take precautions to ensure operating systems are updated and security software is current.

If a user receives these anti-virus pop-ups, it is recommended to close the browser or shut the system down. It is suggested that the user run a full, anti-virus scan whenever the computer is turned back on.

If you have experienced the anti-virus pop-ups or a similar scam, please file a complaint with the Internet Crime Complaint Center (IC3).

TOPIC: Cell Phone Scam Targets Unemployment Insurance Recipients

WHO IS THE TARGETED VICTIM? Mobile phone users

WHAT IS THE SCAM? Scammers using cell phone calls and text messages are targeting unemployment insurance recipients in order to steal the unsuspecting victim's benefits.

People statewide, especially those receiving unemployment insurance benefits, have received text or cell phone messages that say something like "The Department of Labor has limited or deactivated your benefit card starting with (first 4-6 digits of card). Call: (various phone numbers) to reactivate." If they call the number, they are asked for their full card number and PIN. Once the scammer has that information, the victim's account can be accessed and funds stolen. Most, if not all, the scam messages have been received on the Sprint network.

WHAT STEPS SHOULD YOU TAKE? The New York State Department of Labor is working with Chase, the bank that issues debit cards for unemployment recipients to receive benefits, to address the situation. If you get a call or text message advising you that the Labor Department has limited or deactivated your credit card, DO NOT call the number provided. Neither the Department of Labor nor Chase will ever call and ask you for your debit card account information.

If you receive one of these messages, don't respond: delete it. If you have already replied and have given out your debit card PIN, call the customer service phone number on the back of your debit card for help. The Department of Labor is working with Chase to have stolen money restored to victims' accounts. For more information, check the Department of Labor's website.

TOPIC: Fraudulent E-Mails Claiming to be from the Federal Deposit Insurance Corporation (FDIC)

WHO IS THE TARGETED VICTIM? E-mail users

WHAT IS THE SCAM? E-mails fraudulently claiming to be from the FDIC are attempting to trick recipients into installing unknown software on personal computers. These e-mails falsely indicate that recipients should download and open a "personal FDIC insurance file" to check their deposit insurance coverage. The "insurance file" may actually be a form of spyware or malicious code and may collect personal or confidential information.

Currently, the subject line of the fraudulent e-mails includes the wording "check your Bank Deposit Insurance Coverage." The e-mails state: "You have received this message because you are a holder of a FDIC-insured bank account. Recently FDIC has officially named the bank you have opened your account with as a failed bank, thus, taking control of its assets."

The e-mails ask recipients to "visit the official FDIC website" by clicking on a hyperlink provided, which appears to be related to the FDIC and direct recipients to a fraudulent website. Clinking on links on the fraudulent website to your purported “personal FDIC insurance file” and files are believed to cause an unknown executable file to be downloaded.

WHAT STEPS SHOULD YOU TAKE? While the FDIC is working with the United States Computer Emergency Readiness Team (US-CERT) to determine the specific effects of the executable file, recipients should consider the intent of the software as a malicious attempt to collect personal or confidential information, some of which may be used to gain unauthorized access to online banking services or to conduct identity theft. Financial institutions and consumers should NOT access the website or download the executable files provided on the website.

Information about counterfeit items, cyber-fraud incidents and other fraudulent activity may be forwarded to the FDIC's Cyber-Fraud and Financial Crimes Section, 550 17th Street, N.W., Room F-3054, Washington, D.C. 20429, or transmitted electronically to alert@fdic.gov. Information related to federal deposit insurance or consumer issues should be submitted to the FDIC using an online form.

FDIC Special Alerts may be accessed from the FDIC's website.

TOPIC: Scam misusing the name of the United States Attorney General

WHO IS THE TARGETED VICTIM? E-mail users

WHAT IS THE SCAM? As with previous spam attacks, which have included the names of high-ranking Federal Bureau of Investigation (FBI) executives and names of various government agencies, a new version misuses the name of the United States Attorney General, Eric Holder.

The current spam alleges that the Department of Homeland Security and the FBI were informed that the e-mail recipient is allegedly involved in money laundering and terrorist-related activities. To avoid legal prosecution, the spam indicates that the recipient must obtain a certificate from the Economic Financial Crimes Commission (EFCC) Chairman at a cost of $370. The spam provides the name of the EFCC Chairman and an e-mail address from which the recipient can obtain the required certificate.

WHAT STEPS SHOULD YOU TAKE? Do not respond. These e-mails are a hoax. Government agencies do not send unsolicited e-mails of this nature. The FBI, Department of Justice, and other United States government executives are briefed on numerous investigations, but do not personally contact consumers regarding such matters. In addition, United States government agencies use the legal process to contact individuals. These agencies do not send threatening letters/e-mails to consumers demanding payments for Internet crimes.

Consumers should not respond to any unsolicited e-mails or click on any embedded links associated with such e-mails, as they may contain viruses or malware.

It is imperative consumers guard their Personally Identifiable Information (PII). Providing your PII will compromise your identity. Individuals who experienced such incidents are encouraged to file a complaint with the Internet Crime Complaint Center reporting the incident.

TOPIC: Social Networking Scams

WHO IS THE TARGETED VICTIM? Users of social networking websites

WHAT IS THE SCAM? Scammers continue to hijack accounts on social networking sites and spread malicious software by using various techniques. One technique involves the use of spam to promote phishing sites, claiming there has been a violation of the terms of agreement or some other type of issue which needs to be resolved. Other spam entices users to download an application or view a video. Some spam appears to be sent from users' "friends", giving the perception of being legitimate. Once the user responds to the phishing site, downloads the application, or clicks on the video link, their computer, telephone or other digital device becomes infected. Another technique used by scammers involves applications advertised on social networking sites, which appear legitimate; however, some of these applications install malicious code or rogue anti-virus software. Other malicious software gives the scammers access to your profile and personal information. These programs will automatically send messages to your "friends’" list, instructing them to download the new application too. Infected users are often unknowingly spreading additional malware by having infected websites posted on their webpage without their knowledge. Friends are then more apt to click on these sites since they appear to be endorsed by their contacts.

WHAT STEPS SHOULD YOU TAKE? Here are some tips to avoid these tactics:

Adjust website privacy settings. Some networking sites have provided useful options to assist in adjusting these settings to help protect your identity.
Be selective of your friends. Once selected, your "friends" can access any information marked as "viewable by all friends."
Select those who have "limited" access to your profile. This is for those whom you do not wish to give full friend status to or with whom you feel uncomfortable sharing personal information.
Disable options and then open them one- by- one such as texting and photo sharing capabilities. Users should consider how they want to use the social networking site. If it is only to keep in touch with people then perhaps it would be better to turn off the extra options which will not be used.
Be careful what you click on. Just because someone posts a link or video to their "wall" does not mean it is safe.

Those interested in becoming a user of a social networking site and/or current users should familiarize themselves with the site's policies and procedures before proceeding and encountering such a problem.

Each social networking site may have different procedures on how to handle a hijacked or infected account; therefore, you may want to reference their help or FAQ page for instructions. Individuals who experienced such incidents are encouraged to file a complaint with the Internet Crime Complaint Center reporting the incident.

TOPIC: Fake U.S. Census Scam

WHO IS THE TARGETED VICTIM? All consumers

WHAT IS THE SCAM? Scammers are posing as U.S. Census workers. Conducted every ten years, the U.S. Census is an important process that helps to define legislative districts and determine how to allocate federal aid to local, state and tribal governments. Census forms are to be mailed or delivered to households in March 2010.

For every person living at an address in the U.S., the U.S. Census will ask for a name, age, gender, race, ethnic origin, birth date, marital status, employment status, and other similar information. Scammers posing as Census employees ask for donations, personal financial information, and/or Social Security numbers.

WHAT STEPS SHOULD YOU TAKE?

Here are some tips to tell the difference between a U.S. Census worker and a scammer:

The Census Bureau does NOT conduct the 2010 Census via e-mail or the Internet. The Census Bureau does not request detailed personal information through e-mail.
U.S. Census workers will not ask you about past debt, solicit money, or in any way harass you about finances.
U.S. Census workers will not ask for your Social Security number, banking information, or credit card number.
U.S. Census workers will have identification; a copy of the notification letter you received, or should have received, in the mail describing the survey; and, depending on the area, a laptop and laptop case bearing the insignia of the U.S. Census Bureau.

If you receive an e-mail or find a website that you suspect is falsely representing the Census Bureau:

Do not reply or click on any links within the e-mail.
Do not open any attachments. Attachments may contain code that could infect your computer.
Forward the e-mail or website URL to the Census Bureau at itso.fraud.reporting@census.gov.
After you forward the e-mail delete the message.

You will not receive a confirmation e-mail after forwarding the information to the Census Bureau. However, the Census Bureau will investigate the information and notify you of its findings. The Census Bureau can use the information, URLs and links you forward to trace the hosting website and alert authorities to help shut down the fraudulent site.

If you have questions regarding the legitimacy of a survey questionnaire received in the mail, a phone call or visit by a Census Bureau employee, or other concerns of a non-cyber nature, please visit the Bureau’s Are You In a Survey? page.

TOPIC: H1N1 Flu Scam

WHO IS THE TARGETED VICTIM? All consumers

WHAT IS THE SCAM? Scam artists are preying on the public's fears while the H1N1 vaccine is delayed and real Tamiflu -- made by Switzerland's Roche Group -- is rationed. Some products being marketed with bogus claims are air "sterilizers," photon machines; supplement pills to boost the immune system; protective shampoos and face masks; and, fake Tamiflu.

WHAT STEPS SHOULD YOU TAKE? Consumers should consult a doctor for treatment if they have fallen ill with flu-like symptoms or to receive the H1N1 vaccine.

TOPIC: Veteran’s Administration Scam

WHO IS THE TARGETED VICTIM? Military veterans who access U.S. Department of Veterans Affairs (VA) services

WHAT IS THE SCAM? In the scheme, an unsolicited caller informs the veteran that the VA is updating its prescription information and asks for the victim's credit card information.

WHAT STEPS SHOULD YOU TAKE? Veterans should not be fooled by a caller who claims the VA is updating its procedures for dispensing prescriptions. Be wary of any call soliciting personal information such as credit card or Social Security numbers. Take control of the conversation and ask the caller if you can call them back. Then, take the time to research the legitimacy of the call. Be skeptical if the caller tells you to "act now" or to keep the transaction a secret. Veterans should not be pressured into divulging personal information or making a rash decision. Talk to trusted family members and friends for advice first.

TOPIC: Sweepstakes Scammers Posing as Federal Officials Scam

WHO IS THE TARGETED VICTIM? Phone users

WHAT IS THE SCAM? In the scheme, the unsolicited caller poses as a government official informing the consumer that he /she has won what turns out to be a bogus sweepstakes prize.

WHAT STEPS SHOULD YOU TAKE? Although these scammers say they represent the Federal Trade Commission (FTC) or some other government agency, the FTC would never call consumers on behalf of sweepstakes programs. Consumers should never send money up front just because someone promises them a prize. Scammers often take advantage of Internet technology to make it appear that they are calling from Washington, DC, or the consumer’s hometown. They could be calling from anywhere in the world. To learn more about how to avoid this type of scam, go to the FTC’s website for this scam.

TOPIC: Fraudulent FBI Intelligence Bulletin Scam

WHO IS THE TARGETED VICTIM? E-mail users

WHAT IS THE SCAM? A fraudulent e-mail message claiming to contain a confidential FBI report titled “New Patterns in Al-Qaeda Financing” has been circulating since August 15, 2009. The e-mail has the subject line “Intelligence Bulletin No. 267,” and contains an attachment titled “bulletin.exe.” This message, or similar messages, may contain files that are harmful to the recipient’s system and may try to steal user credentials.

Below in italics is an example of the fraudulent e-mail message:

INTELLIGENCE BULLETIN No. 267
Title: New Patterns in Al-Qaeda Financing
Date: August 15, 2009
THREAT LEVEL: YELLOW (ELEVATED)

THE INTELLIGENCE BULLETIN PROVIDES LAW ENFORCEMENT AND OTHER PUBLIC SAFETOFFICIALS WITH SITUATIONAL AWARENESS CONCERNING INTERNATIONAL AND DOMESIC TERRORIST GROUPS AND TACTICS.

HANDLING NOTICE: Recipients are reminded that FBI Intelligence Bulletins =ontain sensitive terrorism and counterterrorism information meant for us= primarily within the law enforcement community. Such bulletins are not =o be released either in written or oral form to the media, the general p=blic, or other personnel who do not have a valid ?eed-to-know?with=ut prior approval from an authorized FBI official, as such release could jeopardize national security

WHAT STEPS SHOULD YOU TAKE? Do not click on any links associated with this e-mail or similar e-mails; it is a hoax. The FBI does not send unsolicited e-mails or e-mail official reports. Consumers should not respond to any unsolicited e-mails or click on any embedded links, as they may contain viruses or other malicious software. As with many fraudulent e-mail messages, this message contains multiple spelling errors and poor grammar. If you have been a victim of Internet crime, please file a complaint with the Internet Crime Complaint Center.

TOPIC: Fraudulent FBI Intelligence Bulletin From The Weapons Of Mass Destruction Directorate Scam

WHO IS THE TARGETED VICTIM? E-mail users

WHAT IS THE SCAM? A fraudulent e-mail, initially appearing around June 16, 2009, claims to contain a confidential FBI report from the FBI “Weapons of Mass Destruction Directorate.” The subject line of the e-mail is “RE: Weapons of Mass Destruction Directorate,” and contains an attachment “reports.exe.” This message and similar messages may contain a file related to the ‘W32.Waledac” trojan software, which is designed to steal user authentication credentials or send spam messages.

Below is an example of the fraudulent e-mail (in italics):

CLASSIFIED
FEDERAL BUREAU OF INVESTIGATION
INTELLIGENCE BULLETIN
Weapons of Mass Destruction Directorate

HANDLING NOTICE: Recipients are reminded that FBI Intelligence Bulletins contain sensitive terrorism and counterterrorism information meant for use primarily within the law enforcement and homeland security communities. Such bulletins shall not be released, either in written or oral form, to the media, the general public, or other personnel who do not have a valid need-to-know without prior approval from an authorized FBI official, as such release could jeopardize national security. Link to malicious software (report.exe)

WHAT STEPS SHOULD YOU TAKE? Do not click on any links associated with this e-mail or similar e-mails; it is a hoax. The FBI does not send unsolicited e-mails or e-mail official reports. Consumers should not respond to any unsolicited e-mails or click on any embedded links, as they may contain viruses or other malicious software. As with many fraudulent e-mail messages, this message contains multiple spelling errors and poor grammar. If you have been a victim of Internet crime, please file a complaint with the Internet Crime Complaint Center.

TOPIC: E-mail password scam

WHO IS THE TARGETED VICTIM? Users of various e-mail services.

WHAT IS THE SCAM? This appears to have been an industry-wide phishing attack where users received phony e-mails purportedly from their e-mail service provider requesting their user names and passwords.

WHAT STEPS SHOULD YOU TAKE? Try to log on to your e-mail account. If your account has been compromised, your access will be blocked. You should be provided instructions by the e-mail service provider on how to validate your account to gain access. Once you are validated and your account is unblocked, you should immediately update your compromised password with a strong, new password consisting of more than seven (7) upper and lower case characters, numbers and symbols such as $, % and @. If you have used the same compromised password for other accounts or site registrations, you should update your password for those accounts as well. If your account has not been compromised, your account should not be blocked, but you should immediately update your password as a precaution. To protect the security of all of your password-protected accounts, you should update your password and your security question at least every three months. Also, you should never provide your account credentials in response to any request you receive through e-mail no matter how official-looking the e-mail may seem. For further information on protecting your personal information from phishing scams, please review the recommendations of your e-mail service provider and the Division's resources for Identity Theft Protection and Mitigation.

TOPIC: Text or voice message Phishing scam

WHO IS THE TARGETED VICTIM? Seemingly random consumers.

WHAT IS THE SCAM? Text messages from alleged credit union representatives are being sent to random consumers in various areas of the State informing them there’s a problem with their debit card or credit union account. They are provided with a phone number and asked to call to reactivate their account. Once the call is made, the consumer is asked for their debit card number and personal identification number (PIN) or their credit union number.

Warnings have been sent to credit union customers who were scammed into calling two identified numbers: 845-765-9464 and 585-331-8318. The numbers have been “spoofed” making them untraceable.

WHAT STEPS SHOULD YOU TAKE? Consumers should not respond to these messages as financial institutions do not contact customers by mail, phone or the Internet to request account or personal information. Most Internet connections are not secure. Don't be fooled by legitimate looking or sounding messages even if they include logos, pictures, copyrights or names of legitimate businesses, financial institutions or government agencies. Never update personal information online or over the telephone in response to e-mailed or texted requests.

Consumers who provided their account information in response to this scam should contact their financial institution and the police immediately.

TOPIC: ‘Cash for Clunkers’ scam

WHO IS THE TARGETED VICTIM? Consumers looking to trade in a less fuel efficient vehicle and purchase a new, more fuel efficient vehicle

WHAT IS THE SCAM? President Obama signed into law a program called the Car Allowance Rebate System (CARS), which provides $3,500 to $4,500 to people who trade in certain less fuel efficient vehicles when purchasing or leasing certain new, more fuel efficient vehicles.

Unofficial “cash for clunkers” websites are requesting personal identifiable information, including Social Security numbers and directing consumers to pre-register for the program. It appears that some of these sites are collecting personal identifiable information for the purpose of committing identity theft.

WHAT STEPS SHOULD YOU TAKE? The National Highway Traffic Safety Administration (NHTSA) states that dealers and consumers do not need to pre-register for CARS. Consumers should not provide personal identifiable information on any Cash for Clunkers website. Visit the official NHTSA CARS website to find relevant information about this program.

TOPIC: iPhone Purchasing website scam

WHO IS THE TARGETED VICTIM? Consumers using the Internet to purchase an iPhone

WHAT IS THE SCAM? The website CHUL8804.com is being used to rip off consumers who try to buy an iPhone. An ad ran for the website on Craigslist in late May 2009. It offered a new iPhone 3G 16GB for $465. The ad requested payment with a Green Dot MoneyPak prepaid card. The scammer took the money, but never sent the phone. The call back number given to the consumer was for the City of Atlanta’s subway system.

WHAT STEPS SHOULD YOU TAKE? Consumers should be extremely careful when paying for products in advance with prepaid cards or wire transfer services, especially if they have not purchased from the vendor before.

TOPIC: Keys-for-Cash NYC Renters Scam

WHO IS THE TARGETED VICTIM? Consumers looking to rent apartments in New York City via the Internet

WHAT IS THE SCAM? Carried out online, this ploy separates would-be renters from their money before setting foot inside a dwelling. In this scheme, information and pictures are lifted from legitimate websites with rental or sales listings and reposted on different sites under a different name and at an extremely low rent. An application asking for personal information is sent to the prospective renter before a request for a deposit. Many times, scammers will ask prospective renters to prove they can afford the security deposit and the first month’s rent by asking that they wire the amount to a friend of the victim. The scammer will then make a fake I.D. under the name of the friend and pick up the money.

WHAT STEPS SHOULD YOU TAKE? Avoid dealing with absentee landlords, and do nothing (applications, fees, deposits, etc.) without first seeing the property. That means proceed with extreme caution online. If an agent or landlord seems to be rushing you, increase your due diligence. Ask questions and be suspicious if they are not answered to your satisfaction.

When dealing with an agent who you feel is rushing you ask them to slow down or ask to speak to the agent’s manager. Although it may be inconvenient, renters should always visit the office of the agent with whom they are dealing to ensure that he or she is not a lone con artist. Even when the agent is legitimate, if trouble should develop down the road, you will have someone to whom to complain. While modest application fees in the range of $50 to $75 are frequently nonrefundable and collected in cash, be wary if you are asked for a more substantial sum in cash or for other fees that are nonrefundable. Also, if an agent wants you to make a check out in his or her name instead of an agency or corporate name, be careful. Some agents take the money without rendering service.

If you are the victim of a scam, you can file a complaint for larceny and fraud at your local police station. Internet scams can be reported online to the Internet Crime Complaint Center. You can also report them to the Federal Trade Commission.

TOPIC: Twitter Work-at-Home Money-Making Schemes

WHO IS THE TARGETED VICTIM? Twitter.com users

WHAT IS THE SCAM? Through twitter messages, e-mail and websites, job hunters are being told that they can make money from the comfort of their home using Twitter. The Better Business Bureau (BBB) warns that the large print for such offers may promise big returns but the fine print can cost them every month.

One e-mail advertisement, for example, reads: “Twitter Workers Needed ASAP, You're Hired! Make Extra Cash with Twitter; as seen on USA Today, CNN, and ABC... Apply Now!” The e-mail links to EasyTweetProfits.com, a company based in Surrey, England. EasyTweetProfits.com claims you can make $250-$873 a day working at home with Twitter. The website offers a seven-day free trial of their instructional CD-ROM for $1.95 to cover shipping. Buried in the lengthy terms and conditions are the details that the trial begins on the day the CD is ordered -- not when it is received -- and if the consumer does not cancel within seven (7) days of signing up, they’ll be charged $47 every month.

Similar to other work-from-home schemes, phony blogs by fake individuals have been created as testimonials to the success of Twitter-money-making programs. For example, Make-money-on-twitter.com is supposedly touted by a Derrick Clark of Virginia. On this website, the author brags about making up to $5,000 a month posting links to Twitter. The blog also includes an image of the check Derrick received for posting links on Twitter, but the exact same photo of the check has been used countless times on other phony blogs for various other suspect work-at-home jobs. This blog links to TwitterProfitHouse.com which, similarly claims you can make $250-$873 a day working at home and offers a seven-day free trial of their instructional CD-ROM, for $1.99 shipping. Again, however, reading the fine print shows that the trial period starts once the CD has been ordered and the consumer will be billed $99.99 every month if he/she doesn’t call the company to cancel.

WHAT STEPS SHOULD YOU TAKE? Job hunters should to be aware of the following red flags when searching for a work-at-home job online:

The work-at-home scheme claims that you can make lots of money with little effort and no experience.
You have to pay money up-front in order to be considered for the job or receive more information.
The exact same twitter message, or tweet, touting the program is posted by many different Twitter users. The links in such tweets could lead you to scam sites or install malware onto your computer.

TOPIC: Twitter Spam Scam Uses Fake Celebrity Retweets

WHO IS THE TARGETED VICTIM? Twitter.com

WHAT IS THE SCAM? A spam bot appears to be putting out thousands of Twiiter.com messages, or tweets, for a service that allows people to watch movies free, including Harry Potter and the Half-Blood Prince (2009), Ice Age 3 and the new Transformers movie. The tweets to this service do not actually exist and the URLs are forwarded to a phishing scam that eventually dumps out into an opt-in survey scam.

While that type of spam is common, what makes this case unique is that the tweets were sent in the format of fake “retweets” from Twitter celebrities. Such popular Twitter users as Penn Jillette, Stephen Fry and Perez Hilton have all had their names used.

The basic formula for these tweets follows:

RT @CELEBRITY-NAME (U can watch/I just watched/we just watched/etc)”MOVIE-NAME” Movie free online here YURL-LINK MOVIE-NAME

Clicking the link takes you to a page that shows you a still of the movie. It appears you can play the film but , you must complete a “survey” in order to watch the film. However, filling out the survey is never-ending and seems likely just an attempt to glean personal identifiable information.

WHAT STEPS SHOULD YOU TAKE? Twitter users are urged to not click on these links. Also, keep the following tips in mind:

Use an up-to-date browser that features an anti-phishing black list. Some examples include Internet Explorer 8 or Firefox 3.0.10.
Use unique logins and passwords for each of the websites you use.
Check to see that you are logging on from a legitimate Twitter page with the twitter.com domain.
Be cautious of any message, post, or link you find on Twitter that looks suspicious or requires an additional login.
Reset all accounts (not just Twitter) that use the same credentials. It is believed that scammers use username and password combinations obtained through these types of phishing scams on other web-based log-in services, such as web-based mail clients and other social networks. For example, if a user is compromised on Twitter and uses the same username and password combination to log onto their Gmail account, the attacker may be able to intercept the Twitter password, reset and compromise the account again in the future. This is one of the reasons why consumers should have unique passwords for their online accounts.

TOPIC: Social Security and Economic Stimulus scam

WHO IS THE TARGETED VICTIM? Seniors

WHAT IS THE SCAM? Scams related to the stimulus package continue to proliferate. In particular, one-time Social Security payments are being used to dupe seniors.

Under President Obama’s economic stimulus package, the Social Security Administration (SSA) is authorized to distribute $250 to 52 million individuals on Social Security and Supplemental Security Income (SSI), a program for elderly, blind and disabled individuals with little or no income.

The SSA reports of internet fraud, perpetrated by e-mail, which urges recipients to click on links to websites that resemble the SSI website. There, victims are asked to divulge personal identifiable information, such as Social Security and bank-account numbers in order to receive stimulus checks. The scammers then extract funds from the victims’ bank accounts or steal their identities.

WHAT STEPS SHOULD YOU TAKE? There is no new paperwork needed to receive this legitimate payment from the SSA. Social Security beneficiaries should be suspicious of anyone who tries to charge them a fee to file a form to obtain payment. Recipients will receive these checks the same way they get their Social Security benefits -- via direct deposit or mail. If you receive a solicitation you suspect may be fraudulent, report it on the SSA website or by phone at 1-800-269-0271.

TOPIC: Michael Jackson-related scams

WHO IS THE TARGETED VICTIM? General public, especially fans

WHAT IS THE SCAM? Fraudulent merchandise or memorabilia, e-mails and Internet ploys connected to the death of Michael Jackson are proliferating on the Internet and in the marketplace.

Online - The most common schemes are e-mails offering consumers the chance to view purported unseen pictures and videos of Jackson performing or samples of unreleased music. Instead, these e-mails contain attachments that release worms or viruses, or provide links to bogus Web sites that Phish for personal information.

YouTube Michael Jackson item

One circulating e-mail falsely promises an exclusive look at a YouTube video of the "last work of Michael Jackson," according to a story by the Associated Press.

Noted computer security developer Symantec issued a warning on June 30, 2009 that its Symantec Security Response system was being inundated by Michael Jackson-related scams and malware, which they say “is greater than the Independence Day-related Internet scams the company usually sees at this time of year.” They also report that some spammers have disguised themselves as a press organization attempting to lead recipients to a malicious URL.

Sophos, a maker of computer security software, issued a warning about an Internet virus being transmitted through a Zip file attachment contained in an e-mail entitled “Remembering Michael Jackson.” Opening the attachment infects computers with a worm that then spreads to the user’s e-mail contacts.

According to the PC Tools’ Threatfire blog, e-mails with the subject line “Michael Jackson Was Killed” are problematic. The e-mail says "But Who Killed Michael Jackson? Visit X-Files to see the answer: (hxxp://xfiles link here)" but, when PC Tools users visited the site, they found it hosted a malformed pdf and Zbot banking password stealing variant.

Merchandise - The Better Business Bureau (BBB) issued a warning for consumers to watch for a growing number of fakes including items such as autographs, gloves, posters, newspapers and others. The BBB advised consumers that mass produced items such as t-shirts, special edition magazines, etc. will likely have little collector value, comparing them to the beanie babies massed produced after the death of Princess Diana.

WHAT STEPS SHOULD YOU TAKE? Consumers should use caution when accessing Internet sites, e-mails, videos or other electronic media related to Michael Jackson. Internet users should update third-party plug-ins such as PDF readers. Never run an .exe file from an unknown source. Don’t click links in e-mails, or visit sites that cannot be documented as trustworthy. Fans should not open an e-mail with the subject line “Remembering Michael Jackson” sent from sarah@michaeljackson.com.

Regarding purchasing items, consumers should verify that merchandise under consideration for purchase is authentic, that the person or company selling the item is reputable and that the item has value before purchasing it. If the decision is made to purchase an item, consumers should not pay in cash and should collect and save all documentation associated with the purchase.

It is imperative that consumers guard their personally identifiable information (PII). Examples of a person’s PII include, but are not limited to, date of birth, Social Security number and bank account numbers. Providing your PII will compromise your identity. If you have responded to bogus offers or e-mails, please file a complaint with the Internet Crime Complaint Center (IC3).

TOPIC: U.S. Customs and Border Protection (U.S. CBP) Scam

WHO IS THE TARGETED VICTIM? E-mail recipients

WHAT IS THE SCAM? A spam e-mail claiming to be from former U.S. CBP Assistant Commissioner Thomas S. Winkowski is currently being circulated. This attempt to defraud uses the name and reputation of a federal government official to create an air of authenticity.

The spam e-mail informs the recipient that the U.S. CBP has stopped a Diplomat who is carrying a consignment to be delivered to the recipient’s residence. This consignment allegedly contains millions of dollars, which is an inheritance for the e-mail recipient. The e-mail advises the recipient that they will be permitted to obtain the inheritance once the recipient has given the sender their personal information via e-mail.

WHAT STEPS SHOULD YOU TAKE? This e-mail is a hoax. Do not respond. The U.S. CBP does not send unsolicited e-mails. Consumers should not respond to unsolicited e-mails or click on any embedded links, as they may contain viruses or malware. It is imperative that consumers guard their personally identifiable information (PII). Examples of a person’s PII include, but are not limited to, date of birth, Social Security number and bank account numbers. Providing your PII will compromise your identity. If you have received this e-mail, or a similar e-mail, please file a complaint with the Internet Crime Complaint Center (IC3).

TOPIC: Fraudulent 2009 H1N1 Influenza (Swine Flu) Products Scam

WHO IS THE TARGETED VICTIM? E-mail recipients

WHAT IS THE SCAM? Fraudulent Internet sites and other promotions have surfaced for products claiming to diagnose, prevent, mitigate, treat or cure the 2009 H1N1 influenza virus, also known as the Swine Flu. Consumers who purchase products to treat the 2009 H1N1 virus that are not approved, cleared or authorized by the FDA for the treatment or prevention of influenza risk their health and the health of their families. Many of these deceptive products are being sold over the Internet via illegitimate websites. The operators of these websites take advantage of the public’s concerns about H1N1 influenza and their desire to protect themselves and their families. These fraudulent products include dietary supplements or other food products, or products purporting to be drugs, devices or vaccines. Such fraudulent products will not prevent the transmission of the virus or offer effective treatments against infections caused by the H1N1 influenza virus. The U.S. Food and Drug Administration (FDA), Federal Trade Commission (FTC) and the New York State Department of State Division of Consumer Protection urge consumers to be wary of these offers. At present, there are no licensed or certified vaccines approved for this new H1N1 influenza virus.

WHAT STEPS SHOULD YOU TAKE? Consumers are urged to contact their health care provider or legitimate medical supply services if they have questions or concerns about medical products or personal protective equipment. Consumers can also visit the FDA and Centers for Disease Control and Prevention websites for more information about this health condition, and to determine which products the FDA has approved, cleared or authorized for use to diagnose, treat, prevent, mitigate or cure infections caused by the H1N1 influenza virus.

TOPIC: Facebook.com Typosquatting and Phishing Scams

WHO IS THE TARGETED VICTIM? Facebook.com Users

WHAT IS THE SCAM? The popular social-networking site Facebook.com has been infiltrated by phishing scams that send Facebook.com users to typosquatting or faux login sites, such as fbaction.net and fbstarter.com, in an effort to gain access to user data.

For example, a recent scam featured a message from a Facebook “friend” that says, "Look at this!," and includes a link to fbstarter.com. The site takes users to a fake Facebook sign-in page, asking for your username and password. Users who fall for this will essentially deliver his or her login credentials to the scammer.

WHAT STEPS SHOULD YOU TAKE? Do not enter your Facebook.com login information and password if the URL is not Facebook.com, and contact Facebook if you're no longer able to access your account. If you do sign in by mistake, change your password -- through Facebook.com -- as quickly as possible.

TOPIC: 'Property Fraud' Scam

WHO IS THE TARGETED VICTIM? Retirees whose first mortgages are paid off and whose homes are vacant

WHAT IS THE SCAM? A scammer creates a fake deed from readily-available sample forms, then records the deed at the local land-records office without the true owner’s knowledge. The thieves often use fake names and corporations to record the new deed. With their new deed, they apply for a mortgage. Assuming the fraud is not caught during a title search, the bogus borrower pockets the loan money and disappears.

Months later, after no loan payments are received, the lending institution starts foreclosure proceedings on the property and the unknowing owner. The homeowner must then hire a lawyer and seek a court order to overturn the fraudulent deed. The actual homeowners, through no fault of their own, are at risk of losing their home to foreclosure. Correcting the problem and clearing the cloud off the title could cost the homeowners thousands of dollars.

WHAT STEPS SHOULD YOU TAKE? Homeowners with questions can contact their local recorder’s or clerk’s office to verify deed information. Consumers may also want to check with their county clerk’s office periodically. If you have a problem with a debt collection agency based on this type of fraud, file a complaint with the New York State Department of State Division of Consumer Protection.

TOPIC: Small Business Administration Letter Scam

WHO IS THE TARGETED VICTIM? Small business owners

WHAT IS THE SCAM? Small businesses are receiving letters falsely claiming to have been sent by the U.S. Small Business Administration (SBA) asking for bank account information in order to qualify them for federal tax rebates.

The fraudulent letters were sent out on what appears to be an SBA letterhead to small businesses across the country, advising recipients that they may be eligible for a tax rebate under the Economic Stimulus Act, and that the SBA is assessing their eligibility for such a rebate. The letter asks the small business owner to provide the name of his/her bank and account number. WHAT STEPS SHOULD YOU TAKE? These letters have not been sent or authorized by the SBA, and all small businesses are strongly advised not to respond to them.

The scheme is similar in many ways to phishing e-mail scams that seek personal data and financial account information to enable con artists to access an individual’s bank account or to engage in identity theft.

The SBA is working with the SBA Office of Inspector General to investigate this matter. The Office of Inspector General asks that anyone who receives such a letter to report it to its Fraud Line at 1 -800-767-0385, or by e-mail.

TOPIC: Odometer Fraud

WHO IS THE TARGETED VICTIM? Consumers looking to purchase a used or pre-owned car

WHAT IS THE SCAM? Odometer fraud is up 57 percent since 2004, according to Carfax, a provider of vehicle history reports. Each year in America, con artists tamper with the odometers on about half a million used cars. The typical rollback takes 30,000 miles off the life of a car. Since mileage is used as a gauge of how much wear and tear a used car has, rolling back the odometer translates into pure profit for the seller. For instance, the difference in price between a car with 40,000 miles and one with 70,000 miles can be about $3,600, according to the American Automobile Association (AAA). According to the National Highway Traffic Safety Administration, odometer fraud causes consumers to lose $4 billion a year.

Scammers cover up odometer rollbacks through "title washing." They get a new title for a vehicle from the Department of Motor Vehicles (DMV) and they lie about the mileage. Often they pose as mechanics or tow truck drivers, since these professionals may, at times, take possession of a vehicle if the owner fails to claim it. The State then issues a new title in the name of the mechanic or tow truck driver. The "washed" title can be used to cover up odometer fraud and other vehicle issues.

WHAT STEPS SHOULD YOU TAKE? Computer databases are making it easier for consumers to catch odometer rollbacks. Consumers should conduct research before buying any used car. Keep in mind, these databases are not foolproof. They're based on government records. They can tell you if an odometer reading is lower than it was the last time the car was titled. Some con artists have now started carefully rolling odometers back below their true mileage but above the mileage last recorded by the DMV.

Please note: There are situations where an odometer stops working or reaches its limit and starts over. In this situation, a permanent notice on the title is required. That notice will either explain the situation in detail or state "not actual mileage" or words to that effect.

Here are some signs to look out for or consider:

12,000 miles a year is average for a car. If the mileage is much lower than that, the car could be problematic.
Before you buy a used car, ask to see the title, not a copy. Beware if it's a brand new title, a duplicate or from an out-of-state entity. If so, this could be a case of title washing.
Missing screws or other parts on and around the dashboard can be a sign that an odometer was "spun."
A badly worn brake pedal or floor mat may also tip you that a car's been on the road longer than the seller says.
If the numbers on the odometer itself are not lined up straight, that may be a sign it's been altered.
General Motors mechanical odometers have black spaces between the numbers. If these spaces are silver or white, the odometer's been altered.
Some manufacturers make electronic odometers that display an asterisk or some other symbol if the odometer was changed. Also, look at the driver’s side doorframe to see if a label is present to indicate if the odometer has been replaced or repaired (this is a federal law requirement).
Look for old oil change stickers, inspection certificates or service records left in the car. They may tell you the true story.
High mileage can cause engine, suspension and steering wear. Emission problems also come with more miles. Have a trusted mechanic inspect the vehicle.

Odometer fraud is a federal crime. Report this immediately to the New York State Department of Motor Vehicles.

TOPIC: Telephone Fraud Involving Jury Duty

WHO IS THE TARGETED VICTIM? Telephone users

WHAT IS THE SCAM? Individuals identifying themselves as U.S. Court employees have been contacting people by telephone to inform them that they have been selected for jury duty. The caller seeks to verify names and Social Security numbers and then asks for credit card numbers. If the request is refused, citizens are then threatened with fines and prosecution for failing to comply with jury duty.

WHAT STEPS SHOULD YOU TAKE? Federal courts do not require anyone to provide sensitive information in a telephone call, such as Social Security numbers or credit card numbers. Most contact between a federal court and a prospective juror will be through the U.S. Mail.

If you receive one of these phone calls, do not provide any personal or confidential information to these individuals. This is an attempt to steal or to use your identity by obtaining your name, Social Security number, and potentially to apply for credit or credit cards or other loans in your name.

If you have already been contacted and have given out your personal information, please monitor your account statements and credit reports, and contact your local FBI office. It is a crime for anyone to falsely represent himself or herself as a federal court official.

TOPIC: FDIC Scam

WHO IS THE TARGETED VICTIM? E-mail users

WHAT IS THE SCAM? The Federal Deposit Insurance Corporation (FDIC) has received numerous reports of a fraudulent e-mail that has the appearance of being sent from the FDIC. The subject line of the e-mail states: "Inquiry about your bank account." The e-mail tells recipients that,

due to many fraud and money laundering attempts made by non-US residents in the past 2 months using fake information to open US bank accounts, and using them for illegal purposes, we require all FDIC member's banks customers to update some information on their bank accounts as soon as possible in order to confirm their identities."

The e-mail then asks recipients to follow a hyperlink and then to click on their bank’s logo. It then informs recipients that they will be redirected to their bank’s website "through a specialized link" and that, once logged in, they will need to "fill some information."

WHAT STEPS SHOULD YOU TAKE? This e-mail is fraudulent. Recipients should consider the intent of this e-mail as an attempt to collect personal or confidential information, some of which may be used to gain unauthorized access to on-line banking services or to conduct identity theft.

The FDIC does not issue unsolicited e-mails to consumers. Financial institutions and consumers should NOT follow the link in the fraudulent e-mail and contact their banks.

TOPIC: Web Hosting Scam

WHO IS THE TARGETED VICTIM? Small business owners using e-mail

WHAT IS THE SCAM? Small business consumers are receiving spam from “WebHosting” saying: “Dear Customer, we have received your order and will be processing it shortly. The details of the order are below.”

The e-mail claims that the consumer will be billed $4.99 a month for the Web hosting and $14.95 annually for domain name registration. The e-mail has a link to “log in,” but consumers who click on it will instead end up with spyware installed on their computers. In addition to collecting information about a computer user’s browsing habits, malicious spyware can install additional, unwanted software, redirect Web browser activities and change computer settings, resulting in slow connection speeds, different home pages, and a loss of Internet functioning.

WHAT STEPS SHOULD YOU TAKE? To lower your risk of spyware infections:

Update your operating system and Web browser software, and set your browser security high enough to detect unauthorized downloads.
Use anti-virus and anti-spyware software, as well as a firewall, and update them all regularly.
Download free software only from sites you know and trust. Enticing free software downloads frequently bundle other software, including spyware.
Don't click on links inside pop-ups.
Don't click on links in spam or pop-ups that claim to offer anti-spyware software; you may unintentionally be installing spyware.

The Federal Trade Commission’s website has more information about what to do if consumers are victimized by spyware.

TOPIC: Oprah Millionaire Contest Show scam

WHO IS THE TARGETED VICTIM? E-mail recipients

WHAT IS THE SCAM? A fraudulent e-mail, purportedly from The Oprah Winfrey Show, is sent to notify consumers of their nomination for the “Oprah Millionaire Contest Show.” To participate, recipients are requested to e-mail their contact information such as full name, address, telephone number, and e-mail address. Verified contestants are required to purchase airfare and a ticket to attend The Oprah Winfrey Show, as well as complete a forthcoming form containing personal questions. The contestants are promised a seat for The Oprah Winfrey Show in April and asked to provide their responses to the personal questions for a chance to win a million dollars.

WHAT STEPS SHOULD YOU TAKE? Consumers should stay alert to unsolicited e-mails. Do not open unsolicited e-mails or click on any embedded links, as they may contain viruses or malware. Providing your personally identifiable information will compromise your identity. Individuals who receive such e-mails are encouraged to file a complaint with the Federal Bureau of Investigation (FBI) at the Internet Crime Complaint Center (IC3).

TOPIC: Secured Credit Card Marketing Misrepresentation

WHO IS THE TARGETED VICTIM? Consumers with no or poor credit history

WHAT IS THE SCAM? Companies misrepresent offers for major credit cards through television, newspapers and postcards advertisements. The ads may offer unsecured or secured credit cards. The ads usually lead you to believe you can get a card simply by calling the number listed, which is sometimes not toll-free. A ‘900’ number service, for which you are billed just for making the call, may instruct you to give your name and address to receive a credit application, or give you a list of banks offering secured cards. It also may tell you to call another ‘900’ number -- at an additional charge -- for more information. These ads often leave out important information such as the cost of the ‘900’ call which can range from $2 to $50 or more; the required security deposit, application, processing and annual fees; eligibility requirements like income or age; or that the secured card has a higher than average interest rate on any balance.

WHAT STEPS SHOULD YOU TAKE? Keep these tips in mind:

No one can guarantee you credit. Before deciding whether to give you a credit card, legitimate credit providers examine your credit report.
Be wary of offers asking consumers to call a ‘900’ number as part of the application process for credit or a credit card. You pay for calls with a ‘900’ prefix -- and you may never receive a credit card.
Keep an eye out for credit cards offered by “credit repair” companies or “credit clinics.” These businesses also may offer to clean-up your credit history for a fee. However, you can correct genuine mistakes or outdated information yourself by contacting credit bureaus directly. Remember, only time and good credit habits will restore your credit worthiness.

If you think you’ve had an experience with these ads, report it to the Federal Trade Commission (FTC). To file a complaint or to get free information on consumer issues, visit ftc.gov or call toll-free, 1-877-FTC-HELP (1-877-382-4357); TTY: 1-866-653-4261.

TOPIC: Advance-Fee Loan (“Easy Cash Offers’) Scams

WHO IS THE VICTIM? Consumers seeking loans or credit cards

WHAT IS THE SCAM? More and more advertisements and websites guarantying loans or credit cards, regardless of your credit history, are tempting consumers. These ads and websites require consumers applying for the loan or credit card to pay a fee in advance for the promise of the credit. More than likely, you’ll get an application, or a stored value or debit card, instead of the loan or credit card.

WHAT STEPS SHOULD YOU TAKE? The following are signs or red flags of an advance-fee loan scam:

A lender who isn’t interested in your credit history. A lender may offer loans or credit cards for many purposes -- for example, so a borrower can start a business or consolidate bill payments. But one who doesn’t care about your credit record should give you cause for concern. Ads that say “Bad credit? No problem” or “We don’t care about your past. You deserve a loan” or “Get money fast” or even “No hassle -- guaranteed” may indicate a scam.
Banks and other legitimate lenders generally evaluate creditworthiness and confirm the information in an application before they provide you with a firm offer of credit -- even to creditworthy consumers.
Fees that are not disclosed clearly or prominently. Scam lenders may say you’ve been approved for a loan, then call or e-mail demanding a fee before you can get the money. Any up-front fee that the lender wants to collect before granting the loan is a signal to walk away, especially if you’re told it’s for “insurance,” “processing,” or just “paperwork.”

Legitimate lenders may charge application, appraisal, or credit report fees. The differences? They disclose their fees clearly and prominently; they take their fees from the amount you borrow; and, the fees usually are paid to the lender or broker after the loan is approved.

It’s also a warning sign if a lender says they won’t check your credit history, yet asks for your personal information, such as your Social Security number or bank account number. They may use your information to debit your bank account to pay a fee they’re hiding.
A loan that is offered by phone. It is illegal for companies doing business in the U.S. by phone to promise you a loan and ask you to pay for it before they deliver.
A lender who uses a name resembling a company you know. Scam artists give their companies names that sound like well-known or respected organizations, create slick-looking websites, produce forged paperwork, and pay people to pretend to be references. Always get a company’s phone number from the phone book or directory assistance, and verify their credentials. Get a physical address, too: a company that advertises a PO Box as its address is one to check out with the appropriate authorities.
A lender who is not registered in your state. Lenders and loan brokers are required to register in the states in which they do business. To check registration, call or visit online the NYS Department of State or the State’s Banking Department. While checking registration does not guarantee that you will be happy with a lender, it can help weed out scam artists.
A lender who asks you to wire money or pay an individual. Don’t make a payment for a loan or credit card directly to an individual; legitimate lenders don’t ask for that. In addition, don’t use a wire transfer service or send money orders for a loan. You have little recourse if there’s a problem with a wire transaction. Note that legitimate lenders don’t pressure their customers to wire funds.

If you’re asked to pay a fee for the promise of a loan or credit card, you’re dealing with a scam artist and should terminate the transaction. If you think you’ve had an experience with an advance-fee loan scam, report it to the Federal Trade Commission (FTC). To file a complaint or to get free information on consumer issues, visit ftc.gov or call toll-free, 1-877-FTC-HELP (1-877-382-4357); TTY: 1-866-653-4261.

TOPIC: Credit Repair Scams

WHO IS THE VICTIM? Consumers with poor credit histories seeking to repair their credit

WHAT IS THE SCAM? Advertisements placed by scammers in newspapers, on TV, on the Internet, radio, fliers in the mail, and even calls offering credit repair services making the same claims: “Credit problems? No problem!”, “We can remove bankruptcies, judgments, liens, and bad loans from your credit file forever!”, and “We can erase your bad credit -- 100% guaranteed.”

There are no quick fixes for creditworthiness. You can improve your credit report legitimately, but it takes time. Stick to a personal debt repayment plan. After you pay hundreds or thousands of dollars in fees, you’re left with the same credit report and someone else has your money.

If you follow illegal advice and commit fraud, you may find yourself in legal troubles. It’s a federal crime to lie on a loan or credit application, to misrepresent your Social Security number, and to obtain an Employer Identification Number from the Internal Revenue Service under false pretenses. You could be charged and prosecuted for mail or wire fraud if you use the mail, telephone, or Internet to apply for credit and provide false information.

WHAT STEPS SHOULD YOU TAKE? If you see a credit repair offer, here’s how to tell if it is questionable:

The company wants you to pay for credit repair services before they provide any services. Under the Credit Repair Organizations Act, credit repair companies cannot require you to pay until they have completed the services they have promised.
The company doesn’t tell you your rights and what you can do for yourself for free.
The company recommends that you do not contact any of the three (3) major national credit reporting companies directly.
The company tells you they can get rid of most or all the negative credit information in your credit report, even if that information is accurate and current.
The company suggests that you try to invent a “new” credit identity -- and then, a new credit report -- by applying for an Employer Identification Number to use instead of your Social Security number.
The company advises you to dispute all the information in your credit report, regardless of its accuracy or timeliness.>

Don’t be embarrassed to report a problem with a credit repair company. Contact the New York State Department of State Division of Consumer Protection or the NYS Office of the Attorney General (OAG) for assistance.

In addition, the Federal Trade Commission (FTC) works to prevent fraudulent, deceptive, and unfair business practices in the marketplace and to provide information to help consumers spot, stop, and avoid them. To file a complaint or to get free information on consumer issues, visit ftc.gov or call toll-free, 1-877-FTC-HELP (1-877-382-4357); TTY: 1-866-653-4261.

TOPIC: Bank Failures, Mergers, and Takeovers

WHO IS THE VICTIM? Financial Institution Account Holders

WHAT IS THE SCAM? Phishers may send attention-getting e-mails that look like they’re coming from the financial institution that recently acquired your bank, savings and loan, or mortgage. Their intent is to collect or capture your personal information, like your credit card numbers, bank account information, Social Security number, passwords, or other sensitive information. Their messages may ask you to “update,” “validate,” or “confirm” your account information. The messages direct you to a website that looks like the actual site of your new financial institution or lender. But it isn’t. It’s a bogus site whose purpose is to trick you into divulging your personal identifiable information so the operators can steal your identity and run up bills or commit other crimes in your name.

WHAT STEPS SHOULD YOU TAKE?

Don’t reply to unsolicited e-mail or a pop-up message asking for personal or financial information, and don’t click on links in the message -- even if it appears to be from your bank. Don’t cut and paste a link from the message into your Web browser, either. Phishers can make links look like they go one place, but actually redirect you to another.
Some scammers call with a recorded message, or send an e-mail that appears to be from an institution, and ask you to call a phone number to update your account. Because they use Voice over Internet Protocol technology, the area code you call does not reflect where the scammers are. To reach an institution you do business with, call the number on your financial statements.
Use anti-virus and anti-spyware software, as well as a firewall, and update them regularly.
Don’t e-mail personal or financial information. E-mail is not a secure way to send sensitive information.
Be cautious about opening any attachment or downloading any files from e-mails you receive, regardless of who sent them. These files can contain viruses or other software that can weaken your computer’s security.
Forward phishing e-mails to spam@uce.gov -- and to the institution or company imitated in the phishing e-mail. You may also report phishing e-mail to reportphishing@antiphishing.org. The Anti-Phishing Working Group, a consortium of ISPs, security vendors, financial institutions and law enforcement agencies, uses these reports to fight phishing.

TOPIC: Spear Phishing Scam

WHO IS THE VICTIM? Consumers with something in common

WHAT IS THE SCAM? Phishing is a virtual trap set by cyber thieves that uses official-looking e-mails to lure you to fake websites and trick you into revealing your personal information. Spear phishers target select groups of people with something in common -- they work at the same company, bank at the same financial institution, attend the same college, order merchandise from the same website, etc. The e-mails are ostensibly sent from organizations or individuals from whom the potential victims would normally get e-mails. Spear Phishers hack into an organization’s network to obtain inside information on their targets or sometimes by combing through other websites, blogs, and social networking sites.

Subsequently, they send e-mails that look like the real thing to targeted victims, offering urgent and legitimate-sounding explanations as to why they need your personal data. The victims are asked to click on a link inside the e-mail that takes them to a phony but realistic-looking website, where they are asked to provide information such as passwords, account numbers, user IDs, access codes, and PINs. Once criminals have your personal data, they can access your bank account, use your credit cards, and create a whole new identity using your information.

Spear Phishing can also trick you into downloading malicious codes or malware after you click on a link embedded in the e-mail, an especially useful tool in crimes like economic espionage where sensitive internal communications can be accessed and trade secrets stolen. Malware can also hijack your computer, and hijacked computers can be organized into enormous networks called botnets that can be used for denial of service attacks.

WHAT STEPS SHOULD YOU TAKE? Keep in mind that most companies, banks, agencies, etc., don’t request personal information via e-mail. If in doubt, give them a call (but don’t use the phone number contained in the e-mail -- that’s usually phony as well). You should use a phishing filter. Many of the latest web browsers have them built in or offer them as plug-ins. Lastly, never follow a link to a secure site from an e-mail -- always enter the URL manually.

TOPIC: Medicare Scam

WHO IS THE VICTIM? Medicare recipients and all senior citizens

WHAT IS THE SCAM? Senior citizens are being telephoned by a person claiming to be from Medicare, who asks to set up an at-home appointment to discuss your plan.

WHAT STEPS SHOULD YOU TAKE? Medicare administrators will never call or e-mail asking to come to your home. They will not request personal identifiable information, especially over the phone or over the Internet. If you are contacted via any of the above methods by an individual claiming to be from Medicare, do not respond.

TOPIC: Home Foreclosure Rescue Scams

WHO IS THE VICTIM? Distressed homeowners

WHAT IS THE SCAM? Individuals and companies are offering to assist homeowners in the foreclosure process, often referring to themselves as a “foreclosure consultant” or a “mortgage consultant.” At times, these individuals market themselves as a “foreclosure service” or a “foreclosure rescue agency” offering to pay your mortgage and rent your home back to you. They may also collect up-front fees and the homeowner’s mortgage payments, but fail to contact the lender. This scheme frequently involves signing the deed to your home over to the scammer. The con artist may promise to sell your home back to you, but this may be very difficult, if not impossible, under the terms of the agreement.

Signing over the deed gives the scammer the power to evict you, raise your rent, sell the house, or steal the equity you have built in your home. You will still be responsible for paying your mortgage. Thus, if the scammer stops paying the mortgage, your lender would have the right to foreclose on your home, and the foreclosure would appear on your credit report.

In a similar scheme, several scammers attempt to abuse the bankruptcy laws. For example, a scammer may ask you to give a partial interest in your home to one or more individuals. Each holder of a partial interest can then file bankruptcy, one after another. The bankruptcy court will issue a “stay” order each time to stop foreclosure temporarily. However, the stay does not excuse you from making payments or from repaying the full amount of your loan. A scammer may offer to obtain refinancing or negotiate a payment plan with your lender. If you make payments to the scammer, he or she may keep the money rather than pay the lender on your behalf. The con artist may even file for bankruptcy in your name, without your knowledge, as a part of the scam.

Bankruptcy laws provide important protections to consumers. Scams will only temporarily delay foreclosure, and they may keep you from using bankruptcy laws legitimately to address your financial problems. Signing over ownership of your home, or even partial ownership, can result in serious financial harm.

WHAT STEPS SHOULD YOU TAKE? New York State law prohibits individuals who promise to help save your home from foreclosure from charging up-front fees (Chapter 308 of the Laws of 2006). The State law also provides a right of cancellation. If there are any documents that you do not understand, seek advice from a lawyer or an approved, trusted financial counselor. To avoid foreclosure scams, be aware of these red flags:

A promise that your home can be saved
A demand for an up-front fee
A request that the mortgage payment be sent to the rescue company, not the lender.

If you are having problems making your mortgage payments or are in default or foreclosure, contact your lender immediately. Lenders would almost always rather work out a new payment plan than proceed with the complex process of foreclosure.

Never do business with anyone who calls, mails or e-mails you, or knocks on your door with offers to help fix your foreclosure or default. Do not respond to advertisements or fliers making similar offers. Read and make sure you understand every document you are given before signing. Never sign documents with blank spaces that can be filled in later.

Foreclosure scams often require you to sign over ownership of your home to a con artist or another third party. Never sign over your deed without getting the advice of your own lawyer, financial advisor, or other independent person whom you trust. Understand the terms of the deal you are making. By signing over your deed, you lose your rights to your home and any equity you have built up in it.

Do not sign a document containing errors or false statements, even if someone promises to correct them later. Further, note that oral promises relating to your home are usually not legally binding. Protect your rights with a written document or contract signed by the person making the promise or representation. Do not sign any papers or contracts and never enter into any agreement without first consulting your own lawyer -- not a lawyer provided by the individual offering to “help.” If you do not have your own lawyer, call the New York State Bar Association’s Lawyer Referral Program at 1-800-342-3661 to find one. Or, call the Banking Department’s Consumer Helpline at 1-877-BANK-NYS (1-877-226-5697) for assistance in locating free legal services in your area. Keep copies of all documents.

Make your mortgage payments directly to your lender or the mortgage servicer. Do not trust anyone else to pay your mortgage on your behalf.

Additionally, conduct research to identify legitimate help for your financial problems. Contact your mortgage lender or mortgage servicer as soon as you think you will be unable to make your mortgage payment. If you are facing foreclosure, contact a certified housing counselor; you can find one in your area by calling the Banking Department’s Consumer Helpline at 1-877-BANK-NYS (1-877-226-5697). You can also identify legitimate housing or financial counseling to help you work through your financial problems by visiting the New York State Division of Housing & Community Renewal website. Housing counselors can help you; unlike scammers, they can give you advice on your options and resources, can help you find free legal services, and can help you negotiate better financing for your loan. Additional assistance is available through the Homeownership Preservation Foundation at (888) 995-HOPE.

TOPIC: Koobface Virus Attacks Social Networking Sites in New Form (See “New Scams Hit Social Networking Site” for the first Division Alert)

WHO IS THE VICTIM? Facebook.com users

WHAT IS THE SCAM? The “Koobface” worm is spreading by tricking users into responding to a message apparently sent from one of their friends. The latest version of Koobface arrives as an invitation from a user’s friend or contact, inviting the recipient to click on a link and view a video at a counterfeit Youtube.com site. Visitors are told they need to install an Adobe Flash plug-in to view the video. The bogus plug-in instead installs a Trojan horse program that gives Koobface author(s) control over the infected user’s computer. The worm also hijacks the victim’s social networking account, by sending out additional invites in order to spread the worm to the victim’s friends and contacts. The worm currently is spreading across multiple networks.

WHAT STEPS SHOULD YOU TAKE? The CPB urges users to be cautious about clicking on links in unsolicited messages, even if they appear to have been sent by a friend or acquaintance. Consumers should also refrain from installing applications or programs that they did not seek out directly. Before you install anything, take a few minutes to research the program and its vendor. If you decide to install the application, make sure to download it directly from the vendor’s website, if possible.

TOPIC: Fake Military Twist on Vehicle Sale Scam

WHO IS THE VICTIM? Purchasers of Vehicles over the Internet

WHAT IS THE SCAM? Victims find attractively-priced vehicles advertised at different Internet classified sites. Most of the scams include some type of third-party vehicle protection program to ensure a safe transaction. After receiving convincing e-mails from the phony vehicle protection program, the victims are directed to send either the full payment or a percentage of the payment to the third-party agent via a wire payment service. No vehicles are delivered to the victims.

In a new twist, scammers are posing as members of the United State military. The fictitious military personnel in the scam have either been sent to a foreign country to improve military relations, or they need to sell a vehicle quickly and cheaply because of their upcoming deployment to either Iraq or Afghanistan.

WHAT STEPS SHOULD YOU TAKE? Consumers are advised to conduct research and pursue other due diligence efforts before purchasing vehicles advertised online. Consumers are also cautioned to be aware of the rules or warnings posted by the Internet site they visit. If someone is asking you as a consumer to break or avoid the rules of the website, it is possible that person is trying to scam you. If you have fallen victim to this type of scam, please notify the Internet Crime Complaint Center (IC3) by filing a complaint at www.ic3.gov.

TOPIC: McDonalds and Walgreens Survey Scam

WHO IS THE VICTIM? E-mail users

WHAT IS THE SCAM? In separate scams, McDonalds, Walgreens and the New York State Department of State Division of Consumer Protection had been contacted by concerned customers who received an e-mail containing a fraudulent offer to credit their bank account with $75 to $80 in exchange for participation in a survey which required disclosure of personal identifiable information. As is typical with phishing scams, the e-mail looks legitimate, and even includes a copyright symbol attributed to McDonalds or to Walgreens.

WHAT STEPS SHOULD YOU TAKE? The Division, McDonalds and Walgreens urged consumers who received this e-mail not to respond, and McDonalds and Walgreens posted warnings to consumers on their websites regarding the scam. Consumers should install, update and use anti-virus and anti-spyware software, as well as firewalls to help reduce the number of phishing e-mails received. Firewalls are especially important with broadband connections as computers are open to the Internet whenever they’re active. Go to onguardonline.gov or staysafeonline.org to learn more about how to keep your computer secure. Read the Division’s Phishing Prevention Tips for further assistance.

TOPIC: Twitter.com Scam

WHO IS THE VICTIM? Twitter users

WHAT IS THE SCAM? Some users of the microblogging website Twitter have experienced a new type of account phishing-like scam. Users have noticed links from accounts they “follow” prefaced by the words, “Don't click.” The links take you to a website employing a technique called clickjacking where an embedded code or script executes a command without the user's knowledge. In this case, that script posts a link to the user’s Twitter account so that more people could be tricked and the cycle perpetuates.

WHAT STEPS SHOULD YOU TAKE? The harm is currently restricted to constant reposting of the link. Twitter has updated its platform to block this particular clickjacking technique. However, you should remain alert to this and other similar scams. Twitter maintains a blog on its webpage with updated information on these matters.

TOPIC: MobileMe Phising Scam

WHO IS THE VICTIM? MobileMe users

WHAT IS THE SCAM? Users of MobileMe, a subscription-based collection of online services and software offered by Apple Inc. for Mac OS X, Microsoft Windows, the iPhone, and iPod Touch, are being victimized in a phishing scam designed to steal their credit card information. The criminals distribute an e-mail disguised as genuine communication from Apple. The recent e-mail told readers their annual subscription was up for renewal, but that "attempts to charge your credit card have failed." The provided link then navigated to a malicious site asking for credit card information. Thieves have taken great care to produce messages that appear to be genuine, including courteous and professional wording, and even a number of legitimate Apple links in the e-mail.

WHAT STEPS SHOULD YOU TAKE? After receiving any message, users should carefully examine the address field in their browser to check if they are in fact on an official me.com site, as online thieves often go to extreme lengths to purchase domain and subdomain names that differ from the official site only by a single letter or two. This is the second time Apple's online service has become the victim of phishing attacks. Customers are urged to be very cautious of any links or e-mail messages asking for credit card or banking information.

TOPIC: FBI Phising and Spoofing Scam

WHO IS THE VICTIM? All consumers

WHAT IS THE SCAM? Consumers continue to be inundated by spam purportedly from the Federal Bureau of Investigation (FBI). The latest versions use the names of several high ranking executives within the FBI to attempt to defraud consumers. Many of the spam e-mails currently in circulation claim to be informing recipients that they have been named the beneficiary of millions of dollars from an inheritance or from winning the lottery. To claim the large sum, recipients are instructed to furnish their personally identifiable information. Other spam e-mails state that the recipient has extorted money and will be given a limited amount of time to refund amount or face prosecution. These e-mails, purported to be an "official order" from the FBI's Anti-Terrorist and Monetary Crimes Division or from an alleged FBI unit in Nigeria, request personally identifiable information to rectify the matter. Specific personally identifiable information requested includes, but is not limited to, the recipient's name, banking information, telephone number, and a copy of their passport. The spam e-mail threatens the user with some type of penalty, such as prosecution, if they fail to comply with the “order.”

WHAT STEPS SHOULD YOU TAKE? Consumers should be aware that the FBI does not send e-mail of this nature. They should not respond to any unsolicited e-mails or click on any embedded links associated with such e-mails, as they may contain viruses or malware. If you have been a victim of Internet crime, please file a complaint at IC3.gov.

TOPIC: Tax Season Scam

WHO IS THE VICTIM? Consumers filing taxes in 2009

WHAT IS THE SCAM? A legitimate-looking e-mail purporting to come from the IRS claims the recipient could receive an additional "rebate" or "return" on their taxes if they complete a form. This phishing scam directs consumers to the form via a link to a spoof (fake) website.

WHAT STEPS SHOULD YOU TAKE? Consumers should be aware that the IRS does not send e-mails to consumers regarding rebates or their returns. Remember: The IRS will never ask for personal information in an e-mail and any tax returns will be sent to your last known address. Taxpayers who receive unsolicited e-mail claiming to be from the IRS can forward the message to a special electronic mailbox, phishing@irs.gov. The only official IRS Web site is located at IRS.gov.

TOPIC: Immigration Scam

WHO IS THE VICTIM? Immigrants with Foreign Status certification

WHAT IS THE SCAM? The USCIS (US Citizenship & Immigration Services) Community Relations Program has been contacted by the Internal Revenue Service (IRS) in New York City to warn immigrants about a scam involving recertification. The scam instructs consumers to complete a fraudulent “IRS Request for Recertification of Foreign Status” PDF form. Information requested includes biographical information typically used for identity theft, as well as bank account information.

WHAT STEPS SHOULD YOU TAKE? Do not respond to this e-mail or complete the form. The IRS addresses this topic on their website at IRS.gov. Click on Phishing and e-mail Scams.

TOPIC: Work-At-Home Scams

WHO IS THE VICTIM? Online job seekers

WHAT IS THE SCAM? Work-at-home schemes attract otherwise innocent individuals, causing them to become part of disreputable operations without realizing they are engaging in illegal behavior. Victims are often hired to "process payments", "transfer funds" or "reship products,” which involves receiving and cashing fraudulent checks, transferring illegally obtained funds for criminals, or receiving and shipping stolen merchandise. Other victims sign up to be "mystery shoppers", who then receive fraudulent checks with instructions to cash the checks and wire the funds to "test" a company's services. Victims are told they will be compensated with a portion of the merchandise or funds. Job scams often provide criminals the opportunity to commit identity theft when victims provide their personal information, including bank account information to their potential "employer." The criminal/employer can then use the victim's information to open credit lines, post online auctions, register websites and open other types of accounts in the victim's name to commit additional fraud.

WHAT STEPS SHOULD YOU TAKE? Verify that the business with which you are dealing is legitimate by contacting the authorities, including the State Department of Labor and/or the Better Business Bureau. Be wary of potential employers who ask for personal information such as your Social Security number or financial information prior to an interview. Also, be wary of employers asking for placement fees or other charges as a condition of your employment.

TOPIC: Wal-Mart Consumer Satisfaction Survey Scam

WHO IS THE VICTIM? Retail consumers

WHAT IS THE SCAM? An e-mail advertises that Wal-Mart will send $150 to consumers who complete and return an attached survey. The e-mail goes on to direct consumers to provide account information for their preferred credit or debit card for payment. “Helping us better understand how our customers feel, benefits everyone,” the e-mail claims.

WHAT STEPS SHOULD YOU TAKE? Wal-Mart has informed the State that it does not participate in this type of promotion and has no affiliation with the sender. If you receive a survey, please contact your local authorities as well as the Federal Trade Commission. Do not provide personal or financial information.

TOPIC: Grandparents Scam

WHO IS THE VICTIM? Parents and grandparents

WHAT IS THE SCAM? Officials in Iowa are warning of an increase in phony "emergency" calls asking grandparents to wire money to help a grandchild who is "in trouble." Recently, a southwest Iowa grandmother lost $2,900 to the scam. She received a call purporting to be from her grandson, who said he was in trouble with the law and asked 'Gramma' to send money so he could post bond. The grandmother wired the money to Canada, only to find out that the call was a hoax. There are several warning signs of the "grandparent scam" of which New Yorkers should be aware so they do not fall victim:

An urgent call for financial help with an emergency such as a car crash, medical emergency, or trouble with the law.
A request to send $3-4,000 by wire transfer via a money wiring service.
A request to keep the call confidential -- and not tell parents or other family members.

In a “Grandparent scam,” con-artists sometimes trick their victims into mentioning names, or they might already have information gleaned from social networking websites like MySpace or Facebook.

WHAT STEPS SHOULD YOU TAKE? Consumers should be skeptical if they receive such a call. Ask questions to verify the caller's identity. Call parents or other family members. Don't be rushed and wire money, which is like sending cash. Remember not to give out credit card or bank account information over the phone if someone calls you.

TOPIC: Charity Foundation Fax Scam

WHO IS THE VICTIM? Consumer with functioning fax machines

WHAT IS THE SCAM? A fax purportedly from Holland-widow Mother Helena Daline seeks a recipient to take possession and act as a conduit for distribution of an amount of money before she passes away from lung cancer. The fax, with the title “Charity Foundation,” goes on to say that the money was left to Daline by her husband before passing away in a tsunami disaster and for willing recipients to contact her attorney Peter Struk to confirm their interest. Contact information for the attorney, including a telephone number, fax and e-mail, are included in the fax.

WHAT STEPS SHOULD YOU TAKE? Numerous complaints have been made to consumer protection agencies around the country regarding this scam. Consumers are advised not to respond to the sender and to lodge a complaint with the Federal Trade Commission.