FBI Tech Tuesday: Business Email Compromise (BEC) Fraud

Source: Federal Bureau of Investigation (FBI) State Crime News

PHOENIX, AZ—The FBI Phoenix Field Office is warning the public about business email compromise (BEC) scams which accounts for the number one scam in Arizona for 2020 when it comes to money lost, according to the FBI’s Internet Crime Complaint Center (IC3). Business email compromise (BEC) is the most financially damaging online crime nationally.

According to the FBI’s Internet Crime Complaint Center (IC3), Arizona reported 365 victims with losses of more than $30 million in 2020 in Arizona.

This scam also took the number one spot nationally in 2020, with IC3 receiving 19,369 complaints with adjusted losses of over $1.8 billion.

In a BEC scam, criminals send an email message that appears to come from a known source making a legitimate request. For example, a vendor a company regularly works with sends an invoice with a new address, or a company CEO asks their assistant to purchase gift cards and then asks for the serial numbers to use for themselves.

The following tips may help protect you and/or your company from BEC scams:

  • Look at the email header of the sender. Keep an eye out for email addresses that look similar to, but not the same as the ones used by your work supervisors or peers (abc_company.com vs. abc-company.com).
  • Set up two-factor (or multi-factor) authentication on any account that allows it, and never disable it.
  • Be wary of requests to buy multiple gift cards, even if the request seems ordinary.
  • Be especially wary if the requestor is pressuring you to act quickly.
  • Watch out for grammatical errors or odd phrasing.
  • Be wary if the sender asks you to send the gift card number and PIN back to him.
  • Don’t rely on email alone. Contact the person or the company directly to verify any payment changes
  • Be cognizant of what you are posting on social media. Attackers will look for things on social media to lend credibility to what they are saying and the person they are pretending to be.

IC3 says that while this kind of fraud can happen to any company, there are a variety of sectors most at risk. They include the real estate, legal, medical, and distribution and supply parts of our economy as well as religious organizations.

If you believe you’ve been the victim of a BEC scheme or other cyber fraud activity, please contact FBI Phoenix at (623) 466-1999. Victims are also highly encouraged to file a complaint with the FBI at ic3.gov.

For more information on BEC scams and how you can protect yourself, visit https://www.fbi.gov/scams-and-safety/common-scams-and-crimes/business-e-mail-compromise

Information Sought in Suspicious Death of Tohatchi, New Mexico Man

Source: Federal Bureau of Investigation (FBI) State Crime News

The FBI is asking for the public’s assistance in identifying the circumstances surrounding the death of Watson Ben Watchman.

On August 1, 2020, Watchman was found deceased in his residence located 3.5 miles south of the Tohatchi Speedway store on Highway 491 in Tohatchi, New Mexico.

The cause of death was blunt head trauma.

Watchman was 43 years old at the time of his death.

The FBI and Navajo Nation Division of Public Safety are investigating.

Anyone with information is asked to call the FBI at 505-889-1300 or go online at tips.fbi.gov.

An FBI poster with a photo of Watchman can be found at: https://www.fbi.gov/wanted/seeking-info/watson-ben-watchman

The FBI also is seeking information on other cases: https://www.fbi.gov/contact-us/field-offices/albuquerque/wanted

Scam PACs Are on the Rise

Source: Federal Bureau of Investigation FBI Crime News

First, Taub never registered them. PACs pool contributions from donors and then contribute that money to support or defeat a candidate for office or further a cause or policy position. Election laws mandate that they be registered with the Federal Election Commission (FEC).

Second, the former Navy secretary wasn’t even part of the PAC. “Taub was using his name and likeness without the official’s permission,” said FBI Special Agent Eric Miller, who investigated the Taub case and now supervises a federal public corruption squad out of the Washington Field Office.

There was still another element to Taub’s scheme. “He told donors that 100% of their contributions were going to the cause when, in fact, he was spending that money on personal expenditures—things like excessive travel, wine, cigars, trips to Las Vegas, gambling,” Miller said.

After pleading guilty to wire fraud and willfully violating the Federal Election Campaign Act by operating fraudulent and unregistered political action committees, Taub was sentenced to 36 months in federal prison. He was also ordered to pay more than $1.1 million in restitution to the victims.

There are many reputable, well established PACs that are properly supporting causes and candidates. But Miller warns that it is easy for a fraudster to establish a group, create a website, and begin asking for contributions.

“It’s fairly easy to start reaching out to potential donors to say, ‘We are backing this candidate or this political issue—please donate,’” Miller said. “The groups can look and sound legitimate, and that’s one of the tough parts of keeping people from being victimized. The red flags aren’t always obvious.”

Russian Foreign Intelligence Service Exploiting Five Publicly Known Vulnerabilities to Compromise U.S. and Allied Networks

Source: Federal Bureau of Investigation FBI Crime News

The National Security Agency (NSA), the Cybersecurity and Infrastructure Security Agency (CISA), and the Federal Bureau of Investigation (FBI) jointly released a Cybersecurity Advisory, “Russian SVR Targets U.S. and Allied Networks,” today to expose ongoing Russian Foreign Intelligence Service (SVR) exploitation of five publicly known vulnerabilities. This advisory is being released alongside the U.S. government’s formal attribution of the SolarWinds supply chain compromise and related cyber espionage campaign. We are publishing this product to highlight additional tactics, techniques, and procedures being used by SVR so that network defenders can take action to mitigate against them.  

Mitigation against these vulnerabilities is critically important as U.S. and allied networks are constantly scanned, targeted, and exploited by Russian state-sponsored cyber actors. In addition to compromising the SolarWinds Orion software supply chain, recent SVR activities include targeting COVID-19 research facilities via WellMess malware and targeting networks through the VMware vulnerability disclosed by NSA. This was highlighted in NSA’s Cybersecurity Advisory, “Russian State-Sponsored Actors Exploiting Vulnerability in Workspace ONE Access Using Compromised Credentials.”

NSA, CISA, and FBI strongly encourage all cybersecurity stakeholders to check their networks for indicators of compromise related to all five vulnerabilities and the techniques detailed in the advisory and to urgently implement associated mitigations. NSA, CISA, and FBI also recognize all partners in the private and public sectors for comprehensive and collaborative efforts to respond to recent Russian activity in cyberspace.

NSA encourages its customers to mitigate against the following publicly known vulnerabilities:

  • CVE-2018-13379 Fortinet FortiGate VPN
  • CVE-2019-9670 Synacor Zimbra Collaboration Suite
  • CVE-2019-11510 Pulse Secure Pulse Connect Secure VPN
  • CVE-2019-19781 Citrix Application Delivery Controller and Gateway
  • CVE-2020-4006 VMware Workspace ONE Access

For more information, review the advisory or visit NSA.gov/cybersecurity-guidance.

View the infographic on understanding the threat and how to take action.

46-Year Fugitive Arrested Thanks to NTOC Tip

Source: Federal Bureau of Investigation FBI Crime News

When someone calls the FBI to report a tip, it’s the National Threat Operations Center staff who picks up the phone and receives that information. The center’s threat intake examiners also receive the online tips sent in through tips.fbi.gov.

Threat intake examiners work around the clock to assess and forward information to the Bureau’s field offices and other law enforcement partners.

Below are two recent examples of NTOC’s work.

Longtime Fugitive Arrested

In June 2020, NTOC received a call about a wanted fugitive who shot a police officer in the early 1970s. The subject was imprisoned after the shooting but escaped when he was transferred to a hospital in 1974.

The caller provided the fugitive’s current address, which was in New Mexico.

No Average Call

The FBI’s National Threat Operations Center works day and night to ensure each of the calls and electronic tips it receives is evaluated rapidly and handled appropriately.