IRS warns of rise in smishing attacks. The Internal Revenue Service (IRS) warned Americans of an exponential rise in IRS-themed text message phishing attacks trying to steal their financial and personal information. The scam texts redirect taxpayers to phishing landing pages designed to collect sensitive information using various bait such as unpaid bills or bank account problems. Some of the most convincing lures in smishing are links to pages impersonating bank sites and asking them to verify a purchase or unlock frozen credit cards.
Online Shopping Scams:
▪ Scammers often offer too-good-to-be-true deals via phishing e-mails or advertisements. Such schemes may offer brand-name merchandise at extremely low prices or offer gift cards as an incentive. Other sites may offer products at a great price, but the products being sold are not the same as the products advertised.
▪ Consumers should steer clear of untrustworthy sites or ads offering items at unrealistic discounts or with special coupons. The victims end up paying for an item, give away personal information and credit card details, then receive nothing in return except a compromised or stolen identity.
Social Media Shopping Scams:
▪ Consumers should beware of posts on social media sites that appear to offer vouchers or gift cards. Some may appear as holiday promotions or contests. Others may appear to be from known friends who have shared the link. Often, these scams lead consumers to participate in an online survey that is designed to steal personal information.
▪ If you click an ad through a social media platform, do your due diligence to check the legitimacy of the website before providing credit card or personal information.
▪ Consumers should beware of sites and posts offering work they can do from home. These opportunities rely on convenience as a selling point but may have fraudulent intentions. Consumers should carefully research the job posting and individuals or company offering employment.
Gift Card Scams:
▪ During the holiday season, consumers should be careful if someone asks them to purchase gift cards for them. In these scams, the victims received either a spoofed e-mail, a spoofed phone call, or a spoofed text from a person in authority requesting the victim purchase multiple gift cards for either personal or business reasons.
▪ As an example, a victim receives a request to purchase gift cards for a work-related function or as a present for a special occasion. The gift cards are then used to facilitate the purchase of goods and services, which may or may not be legitimate.
▪ Fraudulent charity scams, in which perpetrators set up false charities and profit from individuals who believe they are making donations to legitimate charitable organizations, are common after disasters, which the FBI has seen during the COVID pandemic. Charity fraud also rises during the holiday season, when individuals seek to make end-of-year tax deductible gifts or are reminded of those less fortunate and wish to contribute to a good cause. Seasonal charity scams can pose greater difficulties in monitoring because of their widespread reach, limited duration and, when done over the Internet, minimal oversight.
▪ Charity scam solicitations may come through cold calls, e-mail campaigns, crowdfunding platforms, or fake social media accounts and websites. They are designed to make it easy for victims to give money and feel like they’re making a difference. Perpetrators may divert some or all the funds for their personal use, and those most in need will never see the donations.
▪ These scams involve fraudsters who use stolen credit cards to buy items—usually expensive items—online. Instead of having the items shipped to the billing address, the fraudster sends them to what’s called a “reshipper.” At the “reshipper” location, the items
are repackaged and usually sent overseas. There, they can often be sold at a high price on the black market.
▪ Fraudsters will convince unwitting individuals to be money mules and accept the deliveries and become the “reshipper.” That person has now become part of their criminal enterprise without knowing it. Don’t be a money mule!
Tips to Avoid Being Victimized
▪ Do your homework on the retailer/website/person to ensure legitimacy.
▪ Conduct a business inquiry of the online retailer on the Better Business Bureau’s website (www.bbb.org).
▪ Check other websites regarding the company for reviews and complaints.
▪ Check the contact details of the website on the “Contact Us” page, specifically the address, e-mail, and phone number, to confirm whether the retailer is legitimate.
▪ Be wary of online retailers offering goods at significantly discounted prices.
▪ Be wary of online retailers who use a free e-mail service instead of a company e-mail address.
▪ Don’t judge a company by their website; flashy websites can be set up and taken down quickly.
▪ Beware of purchases or services that require payment with a gift card.
▪ Beware of providing credit card information when requested through unsolicited e-mails.
▪ Do not click on links contained within an unsolicited e-mail or respond to them.
▪ Check credit card statements routinely. If possible, set up credit card transaction auto alerts, or check balance after every online purchase. It is important to check statements after the holiday season, as many fraudulent charges can show up even several weeks later.
▪ Avoid filling out forms contained in e-mail messages that ask for personal information.
▪ Be cautious of e-mails claiming to contain pictures in attached files, as the files may contain viruses. Only open attachments from known senders. Scan all attachments for viruses if possible.
▪ Verify requests for personal information from any business or financial institution by contacting them using the main contact information on their official website.
▪ Secure credit card accounts, even rewards accounts, with strong passwords. Change passwords and check accounts routinely.
▪ Make charitable contributions directly, rather than through an intermediary, and pay via credit card or check; avoid cash donations, if possible.
▪ Beware of organizations with copycat names similar to reputable charities; most legitimate charity websites use .org (NOT .com).
▪ Don’t be a money mule; it’s illegal!
Tips to Protect You Against Cybercrimes
Avoid phishing, smishing, vishing, and other scams
Criminals are constantly trying to steal consumers’ personal data using fake emails, websites, phone calls, and even text messages. They use a variety of ways to try to trick people into providing Social Security numbers, bank account numbers, and other valuable information. In many cases, their goal is to steal money from you. This article defines some terms used for different online scams and how they work, so you can protect your money.
How do scammers contact their victims?
Phishing is a term for scams commonly used when a criminal uses email to ask you to provide personal financial information. The sender pretends to be from a bank, a retail store, or government agency and makes the email appear legitimate. Criminals often try to threaten, even frighten people by stating “you’re a victim of fraud” or some other urgent-sounding message to trick you into providing information without thinking. Don’t do it.
Smishing is similar to phishing, but instead of using email, the criminal uses text messaging to reach you. Same idea, they pretend they are from an organization you might know and trust (such as a bank or the IRS) and try to get your personal information.
Vishing, similar to phishing and smishing, is when scammers use phone services such as a live phone call, a “robocall,” or a voicemail to try to trick you into providing personal information by sounding like a legitimate business or government official.
Here are some tips on how to protect yourself or someone you love from cybercrimes:
· If you use social media, limit the amount of personal information you post and only add people that you know.
· Resist the scammer’s urge for you to act quickly. Scammers are very skilled at manipulating emotions and will fabricate an emergency to persuade a victim to act without thinking.
· Search for information about the proposed offer and any contact information given by the scammer. There are people and agencies online or in your community who can tell you if an individual or business is a scam. Never be afraid to ask other people for help.
· Never send money or personally identifiable information to unverified people or businesses. Be suspicious about anyone who demands gift cards as payment.
· Use reputable antivirus software and firewalls and make sure you regularly update them. If possible, configure your device to automatically download and install updates.
· Disconnect from the internet and shut down your device if you see unusual pop-ups or get a locked screen. Pop-ups are often used by criminals to spread malicious software.
· Be cautious what you download. Never open email attachments from someone you don’t know.
What is ransomware?
Ransomware is a type of malware threat actors use to infect computers and encrypt computer files until a ransom is paid. (See Protecting Against Malicious Code
for more information on malware.) After the initial infection, ransomware will attempt to spread to connected systems, including shared storage drives and other accessible computers.
If the threat actor’s ransom demands are not met (i.e., if the victim does not pay the ransom), the files or encrypted data will usually remain encrypted and
unavailable to the victim. Even after a ransom has been paid to unlock encrypted files, threat actors will sometimes demand additional payments, delete a victim’s data, refuse to decrypt the data, or decline to provide a working decryption key to restore the victim’s access. The Federal Government does not support paying ransomware demands. (See the FBI’s ransomware article.)
How does ransomware work?
Ransomware identifies the drives on an infected system and begins to encrypt the files within each drive. Ransomware generally adds an extension to the
encrypted files, such as
.petya, to show that the files have been encrypted—the file extension used is unique to the ransomware type.
Once the ransomware has completed file encryption, it creates and displays a file or files containing instructions on how the victim can pay the ransom. If the
victim pays the ransom, the threat actor may provide a cryptographic key that the victim can use to unlock the files, making them accessible.
How is ransomware delivered?
Ransomware is commonly delivered through phishing emails or via “drive-by downloads.” Phishing emails often appear as though they have been sent from a legitimate organization or someone known to the victim and entice the user to click on a malicious link or open a malicious attachment. A “drive-by download” is a program that is automatically downloaded from the internet without the user’s consent or often without their knowledge. It is possible the malicious code may run after download, without user interaction. After the malicious code has been run, the computer becomes infected with ransomware.
What can I do to protect my data and networks?
- Back up your computer. Perform frequent backups of your system and other important files, and verify your backups regularly. If your computer becomes
- infected with ransomware, you can restore your system to its previous state using your backups.
- Store your backups separately. Best practice is to store your backups on a separate device that cannot be accessed from a network, such as on an external hard drive. Once the backup is completed, make sure to disconnect the external hard drive, or separate device from the network or computer. (See the Software Engineering Institute’s page on Ransomware).
- Train your organization. Organizations should ensure that they provide cybersecurity awareness training to their personnel. Ideally, organizations will have regular, mandatory cybersecurity awareness training sessions to ensure their personnel are informed about current cybersecurity threats and threat actor techniques. To improve workforce awareness, organizations can test their personnel with phishing assessments that simulate real-world phishing emails.
What can I do to prevent ransomware infections?
- Update and patch your computer. Ensure your applications and operating systems (OSs) have been updated with the latest patches. Vulnerable applications and OSs are the target of most ransomware attacks. (See Understanding Patches and Software Updates.)
- Use caution with links and when entering website addresses. Be careful when clicking directly on links in emails, even if the sender appears to be someone you know. Attempt to independently verify website addresses (e.g., contact your organization's helpdesk, search the internet for the sender organization’s website
- or the topic mentioned in the email). Pay attention to the website addresses you click on, as well as those you enter yourself. Malicious website addresses often appear almost identical to legitimate sites, often using a slight variation in spelling or a different domain (e.g.,
.com instead of
- (See Using Caution with Email Attachments.)
- Open email attachments with caution. Be wary of opening email attachments, even from senders you think you know, particularly when attachments are compressed files or ZIP files.
- Keep your personal information safe. Check a website’s security to ensure the information you submit is encrypted before you provide it. (See Protecting Your Privacy.)
- Verify email senders. If you are unsure whether or not an email is legitimate, try to verify the email’s legitimacy by contacting the sender directly.
- Do not click on any links in the email. If possible, use a previous (legitimate) email to ensure the contact information you have for the sender is authentic before you contact them.
- Inform yourself. Keep yourself informed about recent cybersecurity threats and up to date on ransomware techniques. You can find information about known phishing attacks on the Anti-Phishing Working Group website. You may also want to sign up for CISA product notifications, which will alert you when a new
- Alert, Analysis Report, Bulletin, Current Activity, or Tip has been published.
- Use and maintain preventative software programs. Install antivirus software, firewalls, and email filters—and keep them updated—to reduce malicious
- network traffic. (See Understanding Firewalls for Home and Small Office Use.)
How do I respond to a ransomware infection?
- Isolate the infected system. Remove the infected system from all networks, and disable the computer’s wireless, Bluetooth, and any other potential networking capabilities. Ensure all shared and networked drives are disconnected whether wired or wireless.
- Turn off other computers and devices. Power-off and segregate (i.e., remove from the network) the infected computer(s). Power-off and segregate any other computers or devices that shared a network with the infected computer(s) that have not been fully encrypted by ransomware. If possible, collect and secure all infected and potentially infected computers and devices in a central location, making sure to clearly label any computers that have been encrypted.
- Powering-off and segregating infected computers and computers that have not been fully encrypted may allow for the recovery of partially encrypted files by specialists. (See Before You Connect a New Computer to the Internet for tips on how to make a computer more secure before you reconnect it to a network.)
- Secure your backups. Ensure that your backup data is offline and secure. If possible, scan your backup data with an antivirus program to check that it is free of malware.
What do I do if my computer is infected with ransomware?