Scams, Frauds & Viruses

IRS has been targeted again by phishers and is warning taxpayers about a series of fraudulent e-mails sent in its name in an effort to obtain sensitive information.

According to a notice posted on the IRS Web site, there are slight variations to the bogus e-mails. For example:

· One version claims that the recipient is eligible to receive a federal tax refund for a given amount (often $63.80) and sends the recipient to a phony Web site address where they can complete a form to “submit the tax refund request.” The form then asks for the personal and financial information.

· Another states that the IRS’s “Antifraud Comission” (sic) has discovered that a third party has attempted to pay the recipient’s taxes but some of the funds have been lost or blocked. The recipient must enter personal information to unblock the funds.

· A third e-mail asks the recipient to wire thousands of dollars in order to retrieve the winnings from a lottery.

The IRS said it does not initiate contact with taxpayers via e-mail or handle lottery distributions. Also, there is no such thing as an antifraud commission, it noted.

“Don’t be fooled by these shameless scam artists,” warned IRS Commissioner Mark Everson in a statement on the agency’s Web site. “Always exercise caution when you receive unsolicited e-mails or e-mails from senders you don’t know, and always verify the source.”

The IRS is advising recipients of questionable “IRS” e-mails against opening any attachments or clicking on any links in the e-mails. Instead, they should forward the e-mails to phishing@irs.gov (the instructions may be found on IRS.gov by entering the term phishing in the search box) or notify the Treasury Inspector General for Tax Administration s toll-free hotline at (800) 366-4484.

Since the establishment of the e-mail box last year, the IRS has received more than 17,700 e-mails from taxpayers reporting more than 240 separate phishing incidents.

The IRS and TIGTA work with the U.S. Computer Emergency Readiness Team and various Internet service providers and international CERT teams to take down phishing sites as they are reported.

CUNA and Shell New Orleans Federal Credit Union are aware of new phishing emails in the form of surveys asking for feedback on your financial institution. These messages are scams and should be deleted. There is no monetary award for filling out the form -- this is an identity theft scam.

Neither CUNA nor Shell New Orleans Federal Credit Union will solicit e-mails requesting your credit union username, password, pin number, or other personal identity information.

The fraudulent e-mail that was sent out to members of all three credit unions states that “different computers have tried to login into your bank account, and multiple password failures were present.” The email then asks Members visit a link to “confirm your account and secure it with a new password.” The message goes on to threaten that if account confirmation is not completed by a specified date, “we will be forced to suspend your account indefinitely until your renewed data is verified.”

For more information, including how to file a report of this crime, go to http://www.cybercrime.gov. You may also contact the NCUA Fraud Hotline at 1-800-827-9650. For tips to protect your identity and personal information, click here.

Ever written a check? Your account could be targeted, too
By Bob Sullivan
Technology correspondent
MSNBC

Armed with just a checking account number and bank routing number, criminals can create checks at whim, experts and law enforcement authorities say. In fact, as the Urban Age Institute found out, at least one Internet site makes the process even easier. All the fraudulent checks drawn on the organization's checking account were printed and mailed by Qchex.com, a Web site whose stated aims are to make sending and e-mailing check payments easy for anyone connected to the Internet.

"The scope of the problem is potentially breathtaking," said Mary McNamara, who helps run the Urban Age Institute with her husband Gordon Feller.

At Qchex.com, users who sign up to print checks must provide only a working e-mail address. No other attempt is made to verify their identity. In fact, the site urges people to register their checking accounts at Qchex before someone else does.

James Danforth, chief operating officer of Neovi Data Corp., which owns Qchex.com, said that while some fraud has occurred at the site, it is no more common than fraud at other Internet payment services such as eBay's PayPal. Qchex is largely used by legitimate businesses looking for a low-cost way to send money and make payments, he said.

Recently, there have been multiple "Phishing” scams that were initiated via email sent to both the general public and to some credit union members that appeared to be from NCUA (National Credit Union Administration). This false email asked for the recipient to click on a link to verify their account registration. If the recipient proceeded to do so, the link directed them to a false website and asked for their credit union account number and PIN.

If you responded to such an email and provided any confidential account information, please notify your credit union immediately of the scheme. You should also change your account’s PIN, and take any additional action recommended by your credit union to protect your account.

For more information, including how to file a report of this crime, go to http://www.cybercrime.gov. You may also contact the NCUA Fraud Hotline at 1-800-827-9650.

A different Internet scam called ‘pharming’ may eventually replace phishing. While phishing scams have to persuade victims to click on links to transport them to fake websites, pharming automatically directs users to phony sites by hijacking their Internet browsers. Though pharming attacks are currently not as commonplace as phishing scams, they are in some ways more alarming because they are harder to detect.

You probably have heard the new term pharming. Similar to phishing, pharming is a means for criminals to fraudulently gain access to your personal information. While phishing requires the victim, in some fashion, to voluntarily come to the criminal’s website, pharming is more insidious. As you may know, phishing is a means to trick the user to come to a fraudulent website, usually by sending links to the fake site in emails purporting to be from the victim’s financial institution. Pharming, however, redirects the victim to the fraudulent website without assistance, often regardless of whether the victim is security-conscious.

Pharming works by subverting a basic service of the Internet known as the ‘Domain Name Service,’ or ‘DNS.’ Each machine connected to the Internet knows the location of one or more DNS servers. Usually this is provided by your ISP and is part of your network settings. This is often invisible to the computer user. This service translates the human, easily understood URL name into an IP address.

To perform a pharming exploit, the criminal first must gain access to the DNS server that is used by many people, such as the DNS server of an ISP. Once access is gained, the suspect will replace the IP number for the bank’s URL with the IP number of his or her fraudulent website. When this happens any person using that DNS server will be redirected, silently, to the fraudulent website. For example, the suspect with a pharming website arranged as http://badcriminal.net at IP address 10.10.1.2 exploits the DNS server at smallisp.com and replaces the valid IP address of mybank.com with his or her own IP address. Then any customer of smallisp.com who tries to use their browser to visit mybank.com will instead be sent to badcriminal.net. There will be no notification to the user.

The good news is pharming requires either an unpatched software/server vulnerability to exist on the DNS server itself, or the criminal needs to convince or bribe an insider at the ISP or financial institution to make unauthorized changes to the DNS server for them. This is an extremely rare occurrence.

Practically all major ISPs and financial institutions, including Shell New Orleans Federal Credit Union, are actively safeguarded against pharming attacks. The primary exploits used against DNS servers are well known and protections have been established for quite some time.

All known pharming attacks have been against small ISPs whose DNS servers have not been properly configured or maintained. To date we know of no successful pharming attack which has used a major ISP or financial institution’s DNS server.

Therefore pharming, though effective, is extremely rare as it requires the successful penetration of a typically well-protected network resource.

Shell New Orleans Federal Credit Union website and online Home Banking are protected from pharming that would result from a compromise of the DNS servers that we host. Like any reputable ISP or financial institution, Shell New Orleans Federal Credit Union manages and updates their DNS server’s software to maintain a high level of security.

Fortunately, the Member was informed enough to know not to provide personal or financial information over the phone unless you have initiated the call. For more tips on preventing identity theft, click here.

Security Bulletin from our Home Banking Provider
There are organizations on the Internet that offer 'free services' such as Internet acceleration or e-mail virus scanning. Some of those organizations have 'privacy policies' that are so loosely defined as to allow them to harvest and share information that is universally considered to be personal and highly sensitive by Internet users. Such organizations ask unwitting end users to configure their browsers to cause all web traffic, including highly sensitive encrypted secure traffic to be decrypted, pass through that organization's servers to be harvested and then continue on to its intended destination. Hence, information that is thought by the end user to be inaccessible to everyone except the intended recipient is collected, and according to liberal privacy policies, may be shared by the intermediaries with unnamed third parties. We believe such organizations may rely upon the fact that many inexperienced Internet users don't understand the ramifications of such a situation (referred to in information security circles as a 'man-in-the-middle' exploits), or that they will carelessly click through acceptance terms without reading the fine print of the privacy policy. In our opinion, this dangerous situation is made worse by the fact that end users' efforts to uninstall such software on their computers has been designed so that it will often fail, leaving what amounts to a back door by the organization to usurp what are supposed to be private communications in the future.

Consider MarketScore, (formerly known as NetSetter) which we believe follows this sort of business model. MarketScore installs its own trusted root certificates, so that it can intercept secure (SSL) connections made by the end user machine.

"...Marketscore monitors all of your Internet behavior, including both the normal web browsing you perform, and also the activity you may have through secure sessions, such as when filling a shopping basket or filling out an application form that may contain personal financial and health information...

... We monitor the Internet connections of our users so we can not only accurately and anonymously model the browsing habits of Internet users, but also their shopping, registration, and other interactions as well...

... In addition to the monitoring of your Internet behavior, we may also combine the information that you provide us with information such as credit or prescription information that we obtain from third parties such as consumer preference reporting companies, credit reporting agencies, and prescription benefits managers....

... There are some limited cases in which we share personally identifiable information with third parties. Specifically, we provide personally identifiable information to third parties for the purpose of conducting the secure and confidential matches discussed more fully above..."

It is important for Internet Banking to be aware that those Internet companies that use technologies to intercept encrypted communications have full access to end users' personal information and have publicly stated that they can share users' information with third parties.

The latest type of virus capable of invading your computer originates from pop-up ads that appear on your browser, specifically on sites for some financial institutions. The virus is designed to capture personal information, although it has been reported that Internet administrators have shut down the websites designed to receive the stolen information.

Your Credit Union
Fortunately, Shell New Orleans Federal Credit Union's website has never used pop-up advertising, which is the current method that the data collection virus uses to invade a computer. In addition, Shell New Orleans Federal Credit Union's Home Banking provider continually strives to keep networks and servers secure.

Other Security Measures
A spokesperson for Microsoft has indicated that the software company is looking into the attacks and is considering release of a security patch to address the problem. Once tested, Shell New Orleans Federal Credit Union's Home Banking Provider will install the patch.

Your Computer
For your computer, it's always important to keep your computer updated with the most current anti-virus software. Anti-virus software providers will offer updates on a continual basis, especially if a new type of virus or worm has been reported. For the rankings and reviews of anti-virus software check out ZD Net* or Software-AntiVirus.com*, an independent antivirus source.

Also, you may want to acquire a reputable pop-up blocker, many of which can be downloaded for free. To view CNet Download's reviews and rankings of pop-up blocker downloads, click here.*

What is Phishing?
Phishing is a term coined by Internet hackers who use e-mail lures to 'fish' passwords and financial data from the sea of Internet users. E-mail messages designed to look like they came from a merchant or financial institution are mailed to Internet users. The emails direct the recipient to update or provide information back to the company's web site by instructing the user to click on a URL embedded within the e-mail. The embedded URL links the user to a counterfeit web site or pop-up box designed to look like the company's legitimate web site. Passwords and other personal information are then solicited and collected and used by the scammer to defraud the user.

A study conducted by MessageLabs (a security services firm) reports that phishing scam e-mails have increased more than tenfold in less than twelve months. They intercepted more than 4.5 million phishing e-mails in November 2004 alone, and over 18 million during the course of 2004.

Banking institutions are the top target of most phishing scams. The Anti-Phishing Working Group’s (APWG) research shows that during December 85% of spam scams were directly focused on financial services firms – an increase of 70-80% normally targeting this sector.

Typically, phishing attacks require users to click on a URL within an email, which appears to have come from a legitimate source. Then, the unsuspecting consumer is prompted to enter personal account information into a fraudulent Web site, putting them at risk for identity theft.

MessageLabs Intelligence Annual Email Security Report goes on to say that phishing scams are getting more sophisticated. More recent phishing emails are designed to capture online banking details automatically when a computer user opens the email. Script runs silently in the background when opened, attempting to rewrite the host files of targeted machines. Some emails in this scam are received completely blank. The next time the computer user attempts to access their online banking site, they are rerouted automatically to a fraudulent site where their login credentials are stolen.

Here are some suggestions to keep you from becoming a victim of a phishing scam:

If you receive an e-mail claiming to be from your financial institution, but which you suspect is aimed at defrauding you, contact your financial institution and the FBI's Internet Fraud Complaint Center at www.ifccfbi.gov.*

A team of organized criminals is installing equipment on legitimate bank ATMs in at least 2 regions to steal both the ATM card number and the PIN. The team sits nearby in a car receiving the information transmitted wirelessly over weekends and evenings from equipment they install on the front of the ATM (see photos). If you see an attachment like this, do not use the ATM and report it immediately to the bank using the 800 number or phone on the front of the ATM.

The equipment used to capture your ATM card number and PIN is cleverly disguised to look like normal ATM equipment. A "skimmer" is mounted to the front of the normal ATM card slot that reads the ATM card number and transmits it to the criminals sitting in a nearby car.

At the same time, a wireless camera is disguised to look like a leaflet holder and is mounted in a position to view ATM PIN entries.

The thieves copy the cards and use the PIN numbers to withdraw thousands from many accounts in a very short time directly from the bank ATM.


Equipment being installed on front of existing bankcard slot.	The equipment as it appears installed over the normal ATM bank slot.

PIN reading camera being installed on the ATM is housed in an innocent looking leaflet enclosure.	The camera shown installed and ready to capture PINs by looking down on the keypad as you enter your PIN.

Telemarketing Scams

With the record high gas prices, crooks have started offering deals to take advantage of you. Two weeks ago, a local man received a phone call offering him a free gas card. The caller informed the man that he had won a free gas card and all he needed to do to collect his winnings was pay $3.95 in shipping and handling charges. This fee would be drafted from his checking account. The caller will then ask for your checking account number to draft the fee from.

The Better Business Bureau reports that it has received a significant number of calls and e-mails from people who say the same thing happened to them. In some instances, solicitors claimed to represent Shell or Mobile Gas Company. The true companies are not going to call you. They are not going to offer you free gas.

Tips for Protecting Your Identity

Do not trust or act upon unsolicited emails that request personal information such as passwords, credit card numbers, ATM PINs, social security numbers, etc. This includes clicking on links or opening attachments within the e-mail
Do not fill out forms contained in e-mail messages requesting sensitive information.
Only provide personal information if you have called your financial institution directly or logged into their secure website by typing the URL (web address) into your browser.
Type in your financial institution's URL into your browser and bookmark it. Use this bookmark derived from hand typing for all subsequent visits.
Regularly log in to your accounts. If you see anything unusual, report it immediately to your financial institution.
Pay close attention to your bank, credit card and debit card statements. If you see anything suspicious, immediately contact your financial institution and the card issuer.
If you feel you have given out personal information you should not have, file a police report immediately and contact your financial institution as well as all three major credit bureaus.
Never provide personal or financial information over the phone unless you have initiated the call.

*Link Disclaimer Information
This site provides links to external websites strictly as a Web Resource for our Members. When clicking links within our site, you may leave the credit union's website and enter a site owned by another company or organization. This site may not be operated by the credit union and the credit union accepts no responsibility for the content. The credit union does not represent the entities or you, as a member of the credit union, if a transaction is entered into. Privacy policies may differ from those practiced by the credit union.

Spammers phish for iPhone fans