Latest FBI and Homeland Security Scam Alerts – By Ron Benvenisti

US_Department_of_Homeland_Security_Seal_2By Ron Benvenisti. 1.) Affordable Care Act Phishing Campaign. Right on the heels of the complexities of the new IRS form filing requirements and the virtual impossibility of receiving assistance in doing so from the overburdened IRS and HHS systems due to budget cuts comes this malicious scam.

Original release date: January 15, 2015.

The Department of Homeland Security’s United States Computer Emergency Readiness Team (US-CERT) is aware of a phishing campaign purporting to come from a U.S. Federal Government Agency. The phishing emails reference the Affordable Care Act in the subject and claim to direct users to health coverage information, but instead direct them to sites which attempt to elicit private information or install malicious code.

US-CERT encourages users to take the following measures to protect themselves:

•· Do not follow links or download attachments in unsolicited email messages.
•· Maintain up-to-date antivirus software.
•· Refer to the Avoiding Social Engineering and Phishing Attacks (https://www.us-cert.gov/cas/tips/ST04-014.html) Security Tips for additional information on social engineering attacks.

If affected by the campaign, users should report the incident to appropriate parties within their organization and notify US-CERT: (https://www.us-cert.gov/report-phishing)

The Department of Homeland Security’s United States Computer Emergency Readiness Team (US-CERT) leads efforts to improve the nation’s cybersecurity posture, coordinate cyber information sharing, and proactively manage cyber risks to the Nation while protecting the constitutional rights of Americans. US-CERT strives to be a trusted global leader in cybersecurity – collaborative, agile, and responsive in a dynamic and complex environment.

2.) University Employee Payroll Scam

This scam extends to any educational institution that is using an online human resources management system.

The NY Electronic Crimes Task Force Coordinator (United States Secret Service New York Field Office) today reports the following alert posted to The National Cyber Awareness System:

Original release date: January 15, 2015.

The FBI Internet Crime Complaint Center (IC3) has issued an alert (I-011315b-PSA) addressing a spear phishing scam targeting university employees and their payroll accounts. Scam operators use fraudulent e-mails and websites to entice employees to reveal login credentials. University employees are receiving fraudulent e-mails indicating a change in their human resource status. The e-mail contains a link directing the employee to login to their human resources website to identify this change. The website provided appears very similar to the legitimate site in an effort to steal the employee’s credentials. Once the employee enters his/her login information, the scammer takes that information and signs into the employee’s official human resources account to change the employee’s direct deposit information. This redirects the employee’s paycheck to the bank account of another individual involved in the scam.

Consequences of this Scam:

•· The employee’s paycheck can be stolen.
•· The money may not be returned in full to the employee.
•· The scammers can take the employee’s log-in credentials and attempt to log into other accounts that belong to the employee.
•·

Tips on how to Protect Yourself from this Scam:

•· Look for poor use of the English language in e-mails such as incorrect grammar, capitalization, and tenses. Many of the scammers who send these messages are not native English speakers.
•· Roll your cursor over the links received via e-mail and look for inconsistencies. If it is not the website the e-mail claims to be directing you to then the link is to a fraudulent site.
•· Never provide credentials of any sort via e-mail. This includes after clicking on links sent via e-mail. Always go to an official website rather than from a link sent to you via e-mail.
•· Contact your personnel department if you receive suspicious e-mail.

If you have been a victim of this scam, you may file a complaint with the FBI’s Internet Crime Complaint Center at www.IC3.gov. Please reference this PSA number in your complaint: I-011315b-PSA

As always feel free to contact me at rbenvenistiATintegrissecurity.com

For free security tools and insights visit: https://www.integrissecurity.com/SecurityTools and http://integrissecurityinsights.blogspot.com/

This content, and any other content on TLS, may not be republished or reproduced without prior permission from TLS. Copying or reproducing our content is both against the law and against Halacha. To inquire about using our content, including videos or photos, email us at [email protected].

Stay up to date with our news alerts by following us on Twitter, Instagram and Facebook.

**Click here to join over 20,000 receiving our Whatsapp Status updates!**

**Click here to join the official TLS WhatsApp Community!**

Got a news tip? Email us at [email protected], Text 415-857-2667, or WhatsApp 609-661-8668.

1 COMMENT

Comments are closed.