Scam of the day – September 18, 2016 – Work at home reshipping scams

Postal inspectors are again warning people about reshipping scams. Reshipping scams sound appealing.  You get to work at home and all you have to do is receive goods your new employer sends you, which are often electronics, inspect them and reship them to an address provided to you by your new employer.  The problem is that these goods have been purchased with stolen credit cards and you have just become an accomplice to the crime when you ship them to someone else who will then sell them to turn the merchandise into cash.  The term scammers use to describe the people doing the reshipping is a “mule” and it can get you into a lot of trouble.  It makes you an accomplice to the crime and participating in money laundering.   The companies offering this type of work may seem legitimate, but they are not.   Often the advertisements for these work at home scams appear in legitimate media that have not properly checked out the legitimacy of the advertisements they run so you can’t rely on the fact that the advertisement  appears in a trusted media source.

TIPS

As always, if it sounds too good to be true, it usually is.  Check out any work at home scams with the big three – your local attorney general, the Better Business Bureau and the FTC.  And as always, you can Google the name of the particular company offering you the work at home program with the word “scam” next to it and see what turns up.  You also can use Google Earth to look into the physical address of the potential employer to see if it matches what the advertisement and communications with this employer indicate.  As for reshipping scams, they are always a scam and you should steer clear of them.

Scam of the day – March 12, 2016 – Hackers steal 81 million dollars from Bangladesh bank

Early last month cybercriminals hacked into Bangladesh’s central bank and managed to steal approximately 81 million dollars, however, it could have been worse.  If it weren’t for a spelling error, the theft could have approached a billion dollars.   Although the investigation into this crime is still in its early stages, it appears that as with so many types of cybercrimes, this one started with social engineering spear phishing which lured bank employees to unwittingly download the malware used by the hackers to infiltrate the bank’s computers and obtain not just the passwords and cryptographic keys used for electronic fund transfers, but also the emails of bank employees so that they could copy and adapt the emails by which they made their transfers appear legitimate.    Armed with this information, the cybercriminals sent dozens of account transfer requests from the Bangladesh central bank to the Federal Reserve Bank of New York where the Bangladesh central bank has accounts containing billions of dollars.  The account transfer requests processed by the Federal Reserve Bank of New York electronically sent about 81 million dollars to accounts in the Philippines where the funds were transferred multiple times including transfers to Philippine casinos in an effort to launder the money.

Four transfer requests totaling approximately 81 million dollars were processed in this cyber bank heist when the fifth transfer request to a supposed Sri Lankan non-profit organization aroused suspicion with Deutsche Bank, a routing bank in the transaction due to the misspelling of “foundation” as “fandation” prompting  a closer investigation of the transfer request.  At the same time, the Federal Reserve also became suspicious at the large number of transfer requests being made to private entities instead of banks, halted the remaining transfer requests and contacted the Bangladesh central bank.

TIPS

All businesses and governmental agencies have got to do a better job at cybersecurity in general.  In particular, greater attention has to be paid to the dangers of social engineering spear phishing which has been at the root of the almost all of the major data breaches at both companies like Target and governmental agencies, such as the Office of Personnel Management.

Scam of the day – August 13, 2015 – Nine charged with hacking and securities fraud

Earlier this week, five Americans and four Ukrainians were indicted in the largest hacking and securities fraud enterprise in American history.  The nine defendants are made up of rogue stock traders including hedge fund manager and former Morgan Stanley employee Vitaly Korchevsky along with four computer hackers based in the Ukraine.  The hackers used simple phishing tactics to gain access to more than 150,000 press releases issued by Marketwired, PR Newswire in New York and Business Wire of San Francisco on behalf of numerous American companies including Panera, Caterpillar, Inc and Align Technology that contained earnings and other corporate information prior to their public release.  This enabled the stock traders to make trades based on this inside information before it became known to the public.  It is estimated that between 2010 and 2015, the defendants made profits of 100 million dollars on 800 trades during this time.

TIPS

One of the biggest takeaways from this case is how easy it is to still use phishing emails to lure people into clicking on links tainted with malware that permits hackers to steal a person’s or company’s data.  Apparently corporations still have not learned to train their employees to recognize phishing emails nor have they learned to encrypt and segregate sensitive data from hackers.  This lesson is one that each of us as individuals should also learn in our own lives because identity thieves and hackers use the same phishing technique to steal the identities of individual victims.  Never click on links in emails regardless of from whom they appear to come unless you are absolutely sure that the link is legitimate.  It well could contain keystroke logging malware that will steal all of the information from your computer.  Also, it is important to remember that you cannot rely on your anti-malware software to protect you because the best anti-malware software is always at least a month behind the latest malware.