Around holidays, look out for spam e-mails spreading Storm Worm malicious software (malware). An e-mail directs the recipient to click a link to retrieve an electronic greeting card (e-card). Once the user clicks the link, malware is downloaded to the computer, which becomes infected as part of the Storm Worm botnet.
A botnet is a network of compromised machines under the control of a single user. Botnets are typically set up to facilitate criminal activity such as spam e-mail, identity theft, denial of service attacks and spreading malware to other machines through the Internet.
The FBI reports that cybercriminals are sending fraudulent e-mails to unsuspecting recipients about a complaint that has been filed with the Department of Justice, the Internal Revenue Service, the Social Security Administration or the Better Business Bureau. They claim that the complaint names the recipient or their company.
The e-mails appear to be legitimate messages from the above departments. They address the recipients by name, and other personal information may be contained within the e-mail. The scam appears to be an effort to secure Personally Identifiable Information (PII), such as Social Security numbers and birthdates. The nature of these scams is to create a sense of urgency for the recipient to provide a response by clicking on a hyperlink, opening an attachment or initiating a telephone call.
The FBI suspects this e-mail refers to a complaint that is in the form of an attachment, which actually contains virus software designed to steal passwords from the recipient. The virus is wrapped in a screensaver file, which most anti-virus programs are unable to detect as malicious in intent. Once downloaded, the virus is designed to monitor user name and password logins as well as other password-type information entered on the compromised machine.
Many people have received an e-mail, text message or telephone call, supposedly from their credit card or debit card company directing them to call a telephone number to re-activate their card due to a "security issue." The Internet Crime Complaint Center (IC3) has received multiple reports of variations of this scheme known as "vishing."
Vishing operates like phishing with scammers trying to persuade consumers to divulge their Personally Identifiable Information (PII), claiming that their account was suspended, deactivated or terminated. Recipients are directed to contact their financial institution via a telephone number provided in the e-mail or by an automated recording. Upon calling the telephone number, the recipient is greeted with "Welcome to the (name of bank or credit union) …" and asked to enter their card number in order to resolve the pending security issue.
For authenticity, some fraudulent e-mails claim the bank or credit union would never contact customers to obtain their PII by any means, including e-mail, mail or instant messenger (but not by telephone). These e-mails further warn recipients not to provide sensitive information when requested in an e-mail and not to click on embedded links, claiming they could contain "malicious software aimed at capturing login credentials."
A new version recently reported involves sending text messages to cell phones, claiming the recipients' online banking account has expired. The message instructs the recipients to renew their online banking account by using the link provided.