The FBI published a PSA on February 1st warning, “cyber actors are scamming victims into providing personal information and downloading malicious files by impersonating the Internet Crime Complaint Center (IC3)”. Three different ICS3 scam emails have been reported over the last year, each one utilizing a different method to trick people into handing over their personal information.
The FBI found out about the first ruse in July 2017 after receiving numerous complaints from victims about spoofed emails supposedly from the IC3, telling them that they were “eligible to receive restitution for one or more of the internet fraud schemes you’ve been a victim of”. The scam emails included links to news stories about the arrest of an Internet fraudster in an attempt to make them seem more legitimate. A text document (.txt) was attached and victims were encouraged to download, complete the form with their personal information included, and return it to a supposed law firm. If downloaded, malware within the text file would further victimize the recipient.
The second type of scam email says that following unfair treatment by foreign banks and courier companies, the recipient is entitled to restitution of $10.5M. Ironically, the email includes a warning to the recipient to “be very careful to avoid being a victim to fraudsters any longer”. The email concludes by telling the recipient to “get back to me ASAP for further directives or kindly contact the USA delegate from the Internet Crimes Complaint Center (IC3)in charge to handle your fund via these email address (various email addresses used)”.
The third type of email pretends to be from the Internet Crime Investigation Center/Cyber Division, issuing an address in Minneapolis, Minnesota. It includes a supposed case reference number in the subject line of the email. In its body (shorter than the other two), it tells the recipient that their IP address has been referred to the IC3 as a potential victim of federal cyber-fraud, and they should call a given number via telephone. As of December 2017, the IC3 had taken over 100 complaints about this particular scam; however, no monetary losses had yet been reported.
The FBI’s PSA includes full examples of each type of email scam, and tells people who believe they may have been a victim of one of these (irrespective of the dollar amount) to file a complaint with the IC3 via its website. The FBI tells victims to be as descriptive as possible in their complaints and to keep records of all original fraudulent communications to help them in their investigations.
At the start of last year, the IC3 issued a PSA encouraging college students to be wary of rampant employment scams. Phony job opportunities were listed on college employment websites or sent via phishing emails to students. Once a student had applied for a job, they received a counterfeit check and were encouraged to deposit the checks into their accounts then transfer a portion, via wire transfer, to another “vendor” for administrative costs; subsequently, the bank confirms that the checks themselves were fraudulent.