FBI Identifies Recurring Fraudulent E-mail Scam

February 6, 2008

February 5, 2008 – The FBI has recently developed information indicating cyber criminals are attempting to once again send fraudulent e-mails to unsuspecting recipients stating that someone has filed a complaint against them or their company with the Department of Justice or another organization such as the Internal Revenue Service, Social Security Administration, or the Better Business Bureau.

Information obtained during the FBI investigation has been provided to the Department of Homeland Security (DHS). DHS has taken steps to alert their public and private sector partners with the release of a Critical Infrastructure Information Notice (CIIN).

The e-mails are intended to appear as legitimate messages from the above departments, and they address the recipients by name, and other personal information may be contained within the e-mail. Consistent with previous efforts, the scam will likely be an effort to secure Personally Identifiable Information. The nature of these types of scams is to create a sense of urgency for the recipient to provide a response through clicking on a hyperlink, opening an attachment, or initiating a telephone call.

It is believed this e-mail refers to a complaint that is in the form of an attachment, which actually contains virus software designed to steal passwords from the recipient. The virus is wrapped in a screensaver file wherein most anti-virus programs are unable to detect its malicious intent. Once downloaded, the virus is designed to monitor username and password logins, and record the activity, as well as other password-type information, entered on the compromised machine.

Through FBI investigations we frequently uncover information about ongoing cyber attacks and scams. We share this information through our partnership with DHS to alert the public and the private sector, noted James E. Finch, Assistant Director of the FBI’s Cyber Division.

Be wary of any e-mail received from an unknown sender. Do not open any unsolicited e-mail and do not click on any links provided. To receive the latest information about cyber scams please go to the FBI website and sign up for e-mail alerts by clicking on one of the red envelopes. If you have received a scam e-mail please notify the IC3 by filing a complaint at www.ic3.gov. For more information on e-scams, please visit the FBI’s New E-Scams and Warnings webpage.