Scammers are impersonating the FBI’s Internet Crime Complaint Center (IC3) in order to infect users with malware and/or steal their personally identifiable information (PII).
On 1 February, the real IC3 issued a public service announcement warning users of three scams that are impersonating the multi-agency task force. Here’s the FBI on the first ruse, for which it has received numerous victim complaints:
In a recent scam, the unknown actors emailed victims requesting the recipients provide additional information in order to be paid restitution. In an attempt to make the emails appear legitimate, the scammers included hyperlinks of news articles which detailed the arrest or apprehension of an internet fraudster. The unknown actors also attached a text document (.txt) to download, complete, and return to the perpetrators. The text file contained malware which was designed to further victimize the recipient.
Users have reported several other IC3 impersonation ploys. One involves an attempt by a fake IC3 social media page to trick people into handing over their personal information. Another email claims that a user is entitled to receive $10.5 million in restitution following dubious treatment by foreign banks and courier companies.
Still another claims that the recipient has been a victim of a “federal cyber crime” and urges them to contact the IC3 at an attacker-controlled phone number. It even provides the user with a fake case number to make the scheme appear legitimate.
Users should be on the lookout for all types of email-based scams. If they think they’ve fallen victim to one, they should report it to the IC3 at www.ic3.gov. To augment the efficacy of an investigation, victims should gather as much information about the scam including the names of subjects and (Read more...)
*** This is a Security Bloggers Network syndicated blog from The State of Security authored by David Bisson. Read the original post at: https://www.tripwire.com/state-of-security/latest-security-news/scammers-impersonating-fbis-ic3-distribute-malware-steal-pii/