FBI: Investment scams, Blackhole exploit kit lead cybercrime wave

Internet Crime Complaint Center spots new online property rental, CPA schemes

The FBI's Internet Crime Complaint Center's (IC3) warns of a rise in what it calls "new twists to previously-existing cyber scams."  The warnings center on investment and advertising scams as well as a release of exploit software as the latest trends in trying to separate you from your money or personal information.

Investment scam: The IC3 continues to receive complaints involving subjects who have obtained the names and social security numbers of individuals for illegal purposes. Subjects use the information to defraud the US government by electronically submitting a fraudulent tax return to Internal Revenue Service for a hefty refund. The prevalence of such complaints mirrors the recent surge in tax fraud cases involving identity theft.

More: FTC: Identity theft still top consumer blight

The IRS also reported complaints of fraudsters incorporating the use of bogus IRS documents to perpetrate this scheme. "One example of how subjects are using bogus IRS documents to commit investment fraud and steal victims' identities is by the subjects posing as a tax consulting firm. The subjects engage potential victims via telephone and attempt to convince them to sell their underperforming shares in a company. The potential victim is advised to sell their corporate shares, applicable taxes must be paid. Some of the victims were also advised they had to buy other certain shares with their profit. Documents such as share certificates and invoices for federal and state taxes were exchanged via e-mail. After the funds were wired, the subjects became unresponsive to the victim's inquiries. An open source search also revealed multiple complaints concerning this scheme. It is unknown at this time how the subjects obtained knowledge that the victims actually owned underperforming stocks."

Blackhole exploit kit updated:  According to the IC3, Blackhole is currently the most widely purchased exploit pack in the underground market. An exploit pack is a software toolkit that is injected into malicious and/or compromised websites, allowing the attacker to push a variety of exploits targeting vulnerabilities of popular applications like Java and Flash.

More: From Anonymous to Hackerazzi: The year in security mischief-making

On March 25, 2012, the Blackhole Exploit Kit 1.2.3 was released, IC3 stated. This kit included the latest critical vulnerability in Java, allowing the bypassing of Java's sandbox environment. Java's sandbox is designed to provide security for downloading and running Java applications, while preventing them access to the hard drive or network. New malware samples appearing in the wild have been highly successful at exploiting this flaw and it is estimated at least 60% of Java users have not yet patched against it.

CPA malware: The IC3 reported an increase in unsolicited e-mails titled "[BULK] Termination of your CPA license." One example of the many e-mail addresses used was support@aicpa.org. The IC3 has also received complaints reporting this spam campaign. The e-mails were purportedly from The American Institute of Certified Public Accountants concerning a complaint filed against the recipient for filing fraudulent tax refunds for their clients. A link was provided for the recipient to view the complaint. Recipients were advised to provide feedback within a specific period of time and threatened with possible termination of their accountant licenses if they failed to do so, the IC3 stated. 

Analysis conducted by  IC3 found the e-mails were pushing out a Blackhole exploit kit containing a Trojan redirector. It was also determined that the IP addresses used in this campaign have been involved in large volumes of DDoS activity from the same botnet and appear to have originated from Brazil.

Scamming your own car? The IC3 said it received several complainants reported about a scam involving the advertising of a company's logo on personal vehicles.  

"Although legitimate offers exist, those scammed reported to the IC3 that initial contact with the subject was mostly through online ad postings. The posting offered an easy way to earn extra income by allowing businesses to advertise their logo on the complainant's personal vehicle through a vinyl decal or "auto wrap." The fraudsters were using company names such as Coca Cola, Monster Energy drink, Carlsberg beer, Heineken Co., and Red Bull. Individuals were advised they would be paid an average of $400-$600 per week in exchange for driving around with vinyl advertising signs wrapped around their vehicle. Those interested in participating were asked to provide their contact information and vehicle details. They were promised an up-front payment, which would be sent by check or money order," the IC3 stated.

According to the IC3 those who fell for the scam got a check or money order for more than the promised amount. They were directed to cash it and wire the difference to a third party, who was supposed to be the graphics designer to pay for the cost of the design. The checks and money orders turned out to counterfeit and the criminals, once again, were able to convert fraudulent checks and money orders into untraceable cash, leaving the victim responsible for the bank's losses, the IC3 stated.

Online property rental fraud:  The IC3 said it continues to get complaints regarding rental property scams from victims and real estate agencies. Several real estate agencies reported that their listings are being duplicated to perpetrate fraudulent online postings.

Below are a couple scenarios of the scheme recently reported to the IC3:

  • A fraudster posted rental property online. When the prospective renter inquired about the property via e-mail, the fraudster requested detailed personal information, as well as a security deposit of $1000 to hold the home. Payment, in the form of a money order, was requested because of the "online scams." After the deposit was received, the fraudster claimed that he mailed the keys and lease agreement for a hard copy to be signed. Later, the victim received an e-mail from an individual posing as the fraudster's "lawyer" stating a hold had been placed on the package containing the key until the full amount of the first and last month's rent is paid. The victim realized it was a scam after they contacted the realtor who advised the home had been foreclosed.
  • A complainant had inquired about a condo rental advertised online. The complainant was advised to go to the condo and call the fraudster so he could meet her with the keys. Upon placing the call, no one answered. Later, the fraudster provided the complainant an excuse for not being available and requested the deposit be made through an online payment service. After the deposit was made, the complainant realized it was a scam and contacted the online payment service. Upon an investigation, the receiver of the deposit advised they had been defrauded as well and was only acting as the "pay agent" for the true fraudster.

Follow Michael Cooney on Twitter: nwwlayer8 and on Facebook

Layer 8 Extra

Check out these other hot stories:

DARPA building test bed for virtual satellite clusters

Hypersonic test aircraft peeled apart after 3 minutes of sustained Mach 20 speed

Massively controversial revenge site IsAnyoneup.com shuttered

One busy fraudster - Man charged with hacking securities accounts for $1M; IRS fraud scheme

DARPA exploring miniature, atomic sensor systems as alternative to GPS

Intellectual property worth over 27 million jobs, $5.6 trillion to US economy

Creepy: FBI wants to advance the science of interrogation

Expect a flood of competitions as US tries to spur public inventions

US offers $12M to develop wireless charging stations for electric vehicles

Copyright © 2012 IDG Communications, Inc.

The 10 most powerful companies in enterprise networking 2022