Justice Department Officials Raise Awareness of Disaster Fraud Hotline Following Typhoon Haiyan
WASHINGTON—The Department of Justice, the FBI, and the National Center for Disaster Fraud (NCDF) remind the public that there is a potential for disaster fraud in the
aftermath of a natural disaster. Suspected fraudulent activity pertaining to relief efforts associated with Typhoon Haiyan should be reported to the
toll-free NCDF hotline at 866-720-5721. The hotline is staffed by a live operator 24 hours a day, seven days a week, for the purpose of reporting
suspected scams being perpetrated by criminals in the aftermath of disasters. NCDF was originally established in 2005 by the Department of Justice to investigate,
prosecute, and deter fraud associated with federal disaster relief programs following Hurricanes Katrina, Rita, and Wilma. Its mission has expanded to
include suspected fraud related to any natural or man-made disaster. More than 20 federal agencies—including the Justice Department’s Criminal Division, U.S.
Attorney’s Offices, Department of Homeland Security Office of Inspector General, FBI, U.S. Postal Inspection Service, and the U.S. Secret
Service—participate in the NCDF, allowing the center to act as a centralized clearinghouse of information related to disaster relief fraud.
In the wake of natural disasters, many individuals feel moved to contribute to victim assistance programs and organizations across the country. The Department of
Justice and the FBI remind the public to apply a critical eye and conduct due diligence before giving to anyone soliciting donations on behalf of hurricane
victims. Solicitations can originate as e-mails, websites, door-to-door collections, mailings, telephone calls and similar methods. Before making a
donation of any kind, consumers should adhere to certain guidelines, including the following: Do not respond to any unsolicited (spam) incoming e-mails, including by
clicking links contained within those messages, because they may contain computer viruses. Be cautious of individuals representing themselves as victims or officials
asking for donations via e-mail or social networking sites. Beware of organizations with copycat names similar to but not exactly the same as those of reputable charities.
Rather than following a purported link to a website, verify the existence and legitimacy of non-profit organizations by using Internet-based resources. Be cautious of e-mails that claim to show pictures of the disaster areas in attached files, because those files may contain viruses. Only open attachments from known senders. To
ensure that contributions are received and used for intended purposes, make donations directly to known organizations rather than relying on others to make the donation on your behalf. Do not be pressured into making contributions; reputable charities do not use coercive tactics. Do not give your personal or financial information to anyone who solicits contributions. Providing such information may compromise your identity and make you vulnerable to identity theft. Avoid cash donations if possible. Pay by debit or credit card or write a check directly to the charity. Do not make checks payable to individuals. Legitimate charities do not normally solicit donations via money transfer services. Most legitimate charities maintain websites ending in .org rather than .com. If you believe that you have been a victim of fraud by a person or organization soliciting relief funds on behalf of disaster victims, contact the NCDF by phone at (866) 720-5721, fax at (225) 334-4707, or e-mail at email@example.com.
You can also report suspicious e-mail solicitations or fraudulent websites to the FBI’s Internet Crime Complaint Center at www.ic3.gov
5 ways to deter credit card fraud
(MoneyWatch) Credit card fraud, particularly "card-not-present" fraud where the crook uses stolen data to buy things over the phone or via the web, is soaring, according to FICO, the credit-scoring giant that also runs fraud prevention programs for banks.
Overall credit card fraud incidents jumped 17 percent between January 2011 and September 2012, according to FICO. But card-not-present fraud rose 25 percent in that nine-month stretch.
Consumers are generally held liable for no more than $50 in fraudulent transactions, and most banks won't hold you liable for a fraudulent
charge if it's reported promptly. But if a fraudulent transaction gets past your bank, you've got to spot it to get it reversed. Consumers would be wise to
employ a few simple measures to protect themselves to prevent getting ripped off.
Check your statements. It takes just a few minutes to look over your credit card charges each month. If there's a charge you don't recognize, call your credit card company and ask what it is. It may be a corporate name for a company you regularly do business with. If so, you're likely to remember that and not waste your time
calling again. But if the representative identifies the company and you still don't recognize the charge, the same person can tell you how to dispute the
charge and potentially have it reversed.
Password-protect your phone. Consumers do a lot of things to save time, including saving passwords and authorizing automatic sign-ins at third-party sites like Facebook, email, and often bank and brokerage accounts. If you're among the growing number of people who bank by phone, this time-saving device can make you vulnerable to having your bank account cleaned out by an enterprising crook. Since phones are commonly forgotten in cabs, left unwatched on counters and desks while
charging, and, of course, frequently stolen, make sure your phone (and iPad and office computer) is password- or fingerprint-protected so your accounts can't
be easily purloined by a crook.
Vary passwords. Think you are safe from bank fraud because you don't bank by phone? If you use the same passwords for your email, Facebook, Twitter and other accounts as you do for your bank accounts -- or if you provide hints to your passwords by posting too much information on social media sites -- you make yourself almost
as vulnerable as the person who leaves an unprotected phone lying around. Make sure that your financial accounts don't use the same passwords as your social
media accounts. And watch what you share publicly.
Install security software. If you don't have security software on your computer, a visit to a malicious site could allow criminals to watch every move you make, including
logging your every keystroke when you enter passwords for your bank and credit card accounts. If you use your phone to go to financial sites, the phone needs
security software, too.
Beware "spear phishing." The latest criminal trend is to take personal information that you share on Facebook, Instagram or Twitter and use it to
"spear-phish." This refers to crooks who send a personalized contact via email or social media that urges you to sign-in or click on a link to a
malicious site. Naturally, if you bite you've just given the crook keys to your financial life. Because spear-phishers use your name and other personal data to
make the contact appear more credible, it's easy to be fooled.
The simple advice is to never click on a link that you don't recognize, and certainly never "sign in" to any account from a link sent to you via email or social media. If you think the contact might be legitimate, go to the relevant site and sign in. Meanwhile, if the link is attempting to take you to a malicious site, your security software should warn you before you get there. Don't be fooled into overriding that warning. If you think a friend sent a link
to a funny site, message that friend independently and ask.
Dear RapidSSL Customer,
This is a reminder that your RapidSSL Domain Validation SSL certificate for the domain named below expires on 24.04.2013
17:55. You must renew your SSL certificate in order to continue securing your website. Please, immediately inform your Webmaster/System
administrator or Hosting provider.
View all renewal options on our website: http://www.gogetssl.com
Don't hesitate to contact us for any questions.
Have a nice day and Best Regards,
Premium Support manager
Fraudsters Are Setting Up Bogus Hotel Websites,
If you’re searching the web for a hotel room or if you’re looking for a job in
this field, you’re advised to be extra careful, since fraudsters have started
setting up fake hotel websites.
Experts from security firm Bitdefender inform that these sites can help the crooks in accomplishing
various malicious tasks, including identity theft and money laundering. In other cases, they might simply ask individuals who want to book a room to pay a
certain amount of money upfront.
The fake websites usually leverage the names and reputations of famous brands. For instance, if the legitimate company’s domainis sheratonskyline.com, the crooks will likely set up their site on a domain that looks something like sheraton-skyline.com.
Most major companies have purchased all the variations of their domain names to protect themselves against typosquatters, but it’s likely that hotels haven’t taken
such fraud sites into consideration.
Unlike phishing sites, these fraud websites aren’t promoted via email or social media spam. Instead, they’re kept secret to ensure that the domain will not be seized by authorities. Also, such scammy webpages don’t necessarily replicate the design of the genuine hotel. Users are advised to rely on common sense and a decent security solution to protect themselves against such threats.
The simplest way to identify fake hotel sites is by typing their names into a search engine followed by the words “scam” or “fraud.” In many cases, you’ll
find professional advisories or posts published by other users. Another way to check out a hotel’s legitimacy is to check out the domain registrant’s details. If the
domain is registered to a private e-mail address or if it’s newer than one year, it’s likely part of a scheme.
Finally, if the domain is registered to an individual whose phone number starts with +4470, you’re likely dealing with a scam, since although +44 looks like a
legitimate UK number, the 70 prefix shows that call forwarding is set in place.
What is AnnualCreditReport.com?
AnnualCreditReport.com is the ONLY authorized source for the free annual credit report that's yours by law. The Fair Credit Reporting Act guarantees you access to your credit report for free from each of the three nationwide credit reporting companies — Experian, Equifax, and TransUnion — every 12 months. The Federal Trade Commission has received complaints from consumers who thought they were ordering their free annual credit report, and yet couldn't get it without paying fees or buying other services. TV ads, email offers, or online search results may tout "free" credit reports, but there is only one authorized source for a truly free credit report.
I’ve seen a box at the top of some websites saying:
"You have the right to a free credit report from AnnualCreditReport.com or 877-322-8228, the ONLY authorized source under federal law."
What’s this about?
A new law requires commercial websites that say they offer free credit reports to include a box letting you know you can get a free credit report at www.AnnualCreditReport.com. Click on the link to www.AnnualCreditReport.com, the only place to get the free report that's yours by law.
Many companies claim to offer free credit reports – and some do. But others give you a report only if you buy other products or services. Still others say they’re giving you a “free” report and then bill you for services you have to cancel. If you go to www.AnnualCreditReport.com and follow the prompts for your free credit report, you can be sure the reports you get really are free.
How do I request my free credit report?
You can request your free report online, by phone or by mail. Visit AnnualCreditReport.com, call 1-877-322-8228, or fill out the Annual Credit Report Request form and mail it to Annual Credit Report Request Service, P.O. Box 105281, Atlanta, GA 30348-5281. No matter how you request your report, you have the option to request all three reports at once or to order one report at a time. By requesting the reports separately, you can monitor your credit more frequently throughout the year.
Why should I request my credit report?
Because the information in your credit report is used to evaluate your applications for credit, insurance, employment, and renting a home, you should be sure the information is accurate and up-to-date. In addition, monitoring your credit is one of the best ways to spot identity theft. Check your credit report at least once a year to correct errors and detect unauthorized activity.
What should I look for when I review my credit report?
If you see accounts you don’t recognize or information that is inaccurate, contact the credit reporting agency and the information provider. For more information, read the FTC’s tips on how to dispute credit errors.
If you suspect identity theft, you may need to place a fraud alert on your credit report, close compromised accounts, file a complaint with the FTC, or file a police report. Start by visiting the FTC’s identity theft website.
The FTC wants to hear from you if you paid for what you thought was your free annual credit report.
The FTC also wants you to forward us any unsolicited emails you've received offering you a free credit report. Send them to firstname.lastname@example.org.
AnnualCreditReport.com will NEVER send you an email solicitation for your free annual credit report or use pop up ads.
Joint FBI and DHS Public Service Announcement: Best Practices For Recovery From the Malicious Erasure of Files
Cyber criminals can damage their victim's computer systems and data by changing or deleting files, wiping hard drives, or erasing backups to hide some or all of their malicious activity and tradecraft. By wiping, or "zeroing out," the hard disk drives, which overwrites good data with zeros or other characters, the criminals effectively erase or alter all existing data, greatly impeding restoration. This sort of criminal activity makes it difficult to determine whether criminals merely accessed the network, stole information, or altered network access and configuration files. Completing network restoration efforts and business damage assessments may also be hampered.
The FBI and DHS encourage businesses and individuals to employ mitigation strategies and best practices such as:
- Implement a data back-up and recovery plan to maintain copies of sensitive or proprietary data in a separate and secure location. Backup copies of sensitive data should not be readily accessible from local networks.
- Regularly mirror and maintain an image of critical system files.
- Encrypt and secure sensitive information.
- Use strong passwords, implement a schedule for changing passwords frequently, and do not reuse passwords for multiple accounts.
- Enable network monitoring and logging where feasible.
- Be aware of social engineering tactics aimed at obtaining sensitive information.
- Securely eliminate sensitive files and data from hard drives when no longer needed or required.
The US-CERTWeb page at www.us-cert.gov hosts a wide range of tips, best practices, and threat information for business and home users.
If you have been a victim of cyber crime, please file a report with the Internet Crime Complaint Center at www.IC3.gov.
*ALERT: Fraudulent Website - Helpwithmybank.com
The Office of the Comptroller of the Currency (OCC) has been informed that the Web site, “helpwithmybank.com,” is attempting to masquerade as the legitimate Web site, “helpwithmybank.gov,” and contains potentially damaging malware. The illegitimate site redirects the user to the legitimate site “helpwithmybank.gov” in an attempt to convince users that they are connecting to a legitimate site. Attempts to connect to the fake Web site could expose the user to harmful malware.
Any information concerning this matter should be sent to: email@example.com