figure14In an age when people across the world can communicate with the push of a button or a few clicks of a mouse, it appears we are more connected than ever. We readily publish details concerning our personal lives on various social media websites and use email to transmit private messages. The internet, for many of us, is simply a necessity in our everyday lives. Yet while we may feel in charge of our individual internet domains, we are, in fact, far from it.

Every day, thousands of scams are sent out, luring people to disclose personal information or give money. These scams come in all forms. Currently, the Citadel Malware scam is perhaps the most common. This technique uses the Citadel Malware platform to input Reveton ransomware. The criminal’s main intent is to lure victims to easy-to-access download websites. Rather than getting a program that will clean up the computer drive, Reveton ransomware is installed. After the ransomware has been installed, the computer automatically freezes and displays a warning that the victim’s computer activities have violated United States Federal Law. Acting under the guise of the Internet Crime Complaint Center, the ransomware instructs the victim to pay a fine using a prepaid money card service. Once the money has been paid, the computer unfreezes. Citadel malware however, continues to operate on the computer and will reappear as online banking and credit card fraud.

Not all internet scams are the same of course. Employing fear as a means to obtain payment, scams like the Nigerian Letter, also known as the 419 fraud, appeal to the basic desire for money. The letter, generally in the form of an email, notifies the recipient of an “opportunity” to earn money. Generally, the criminal uses the guise of a government official who wants to transfer millions of dollars out of Nigeria. The victim is asked to send personal information via fax or email along with several monetary installments all with the promise of reimbursement once the funds can be transferred out of Nigeria. These funds of course, do not actually exist and the victim is left empty handed.

With an increasing number of people using smartphones, phones have become vulnerable as well. Android operating systems are currently the most targeted. Loozfon and FinFisher are two established malware operators. Though criminals use different methods to lure the victim in, the purpose is the same: to connect the victim to a website that will push Loozfon or FinFisher onto the mobile device. Loozfon extracts the user’s personal data and contact details while FinFisher enables the device to be remotely controlled and monitored wherever the target is located.

Internet scams attack from all angles. Using fake programming and alternative identities, internet scams are able to manipulate the victim into providing payment. Thus, caution is much advised. Phrases like “you must act now,” “you must send money (via credit card or bank account number),” or “high-profit, no-risk offer,” should raise red flags. If concerned, always ask about the individual or company’s credentials as well as physical evidence if you believe you are wrongly being charged for something. With your computer and smartphone, be aware of what programs or applications you download. Should you believe you have been scammed, contact your bank and the local authorities immediately. Finally, always follow up by filing a complaint at www.IC3.gov.

Back to Crime Library