Category: Cyber-Crimes

BBB Warns About Sharing Your Senior Photo on Facebook, other Social Media


On Monday, the Better Business Bureau (BBB) cautions everyone on social media to be aware of what they are sharing, even if you think it’s just going to your friends, it could also be going somewhere else.

It seems harmless and fun! A bunch of friends on Facebook or other social media are sharing their senior portraits, including the high school name and graduation year, to support the graduating class of 2020 (most of whom are at home because of the coronavirus pandemic). 

Watch out, scammers or hackers who surf through social media sites will see these #ClassOf2020 posts, and will now have the name of your high school and graduation year, which are common online security questions.

All it takes is an internet search to reveal more information about you, such as family members, your real name, and birth date or even where you live.

Other recent viral personal list posts include all the cars you’ve owned (including makes/model years), favorite athletes, and top 10 favorite television shows.

What most people forget is that some of these “favorite things” are commonly used passwords or security questions. If your social media privacy settings aren’t high, you could be giving valuable information away for anyone to use.

BBB has the following tips to keep you safe on social media:

Resist the temptation to play along. While it’s fun to see other’s posts, if you are uncomfortable participating, it is best to not do it.

Review your security settings. Check your security settings on all social media platforms to see what you are sharing and with whom you are sharing.

Change security questions/settings. If you are nervous about something you shared possibly opening you up to fraud, review and change your security settings for banking and other websites. 

For more information about privacy concerns online, see BBB’s scam alert on Facebook quizzes.

For tips for staying safe online, read BBB’s tips on staying cybersecure.

Report scams to BBB Scam Tracker.

BBB.org (April 2020) BBB Tip: Thinking of sharing your senior photo on Facebook? Think twice!

FBI Warns of Money Mule Schemes Exploiting the COVID-19 Pandemic


Fraudsters are taking advantage of the uncertainty and fear surrounding the COVID-19 pandemic to steal your money, access your personal and financial information, and use you as a money mule.

When criminals obtain money illegally, they have to find a way to move and hide the illicit funds.

They scam other people, known as money mules, into moving this illicit money for them either through funds transfers, physical movement of cash, or through various other methods. Money mules are often targeted through online job schemes or dating websites and apps.

Save 45.0% on select products from bofeifs with promo code 456BA8GH, through 4/30 while supplies last.

Acting as a money mule—allowing others to use your bank account, or conducting financial transactions on behalf of others—not only jeopardizes your financial security and compromises your personally identifiable information, but is also a crime.

Protect yourself by refusing to send or receive money on behalf of individuals and businesses for which you are not personally and professionally responsible. The FBI advises you to be on the lookout for the following:

Work-from-home schemes

Watch out for online job postings and emails from individuals promising you easy money for little to no effort. Common red flags that you may be acting as a money mule include:

  • The “employer” you communicate with uses web-based services such as Gmail, Yahoo, Hotmail, Outlook, etc.
  • You are asked to receive funds in your personal bank account and then “process” or “transfer” funds via wire transfer, ACH, mail, or money service businesses, such as Western Union or MoneyGram
  • You are asked to open bank accounts in your name for a business
  • You are told to keep a portion of the money you transfer

Individuals claiming to be located overseas asking you to send or receive money on their behalf

Watch out for emails, private messages, and phone calls from individuals you do not know who claim to be located abroad and in need of your financial support. Criminals are trying to gain access to U.S. bank accounts in order to move fraud proceeds from you and other victims to their bank accounts. Common fictitious scenarios include:

  • Individuals claiming to be U.S. service members stationed overseas asking you to send or receive money on behalf of themselves or a loved one battling COVID-19
  • Individuals claiming to be U.S. citizens working abroad asking you to send or receive money on behalf of themselves or a loved one battling COVID-19
  • Individuals claiming to be U.S. citizens quarantined abroad asking you to send or receive money on behalf of themselves or a loved one battling COVID-19
  • Individuals claiming to be in the medical equipment business asking you to send or receive money on their behalf
  • Individuals affiliated with a charitable organization asking you to send or receive money on their behalf

If you are looking for accurate and up-to-date information on COVID-19, the CDC has posted extensive guidance and information that is updated frequently.

The best sources for authoritative information on COVID-19 are http://www.cdc.gov and http://www.coronavirus.gov. You may also consult your primary care physician for guidance.

If you believe you, or someone you know, has been solicited to be a money mule, please contact your local FBI field office. To report suspicious activity, please visit the FBI’s Internet Crime Complaint Center at ic3.gov.

FBI.gov (April 2020) FBI Warns of Money Mule Schemes Exploiting the COVID-19 Pandemic

FBI takes down Russian-Based Hacker Platform; Arrests suspected Russian Site Administrator


A Russian-based cyber platform known as DEER.IO was shut down by the FBI today, and its suspected administrator – alleged Russian hacker Kirill Victorovich Firsov – was arrested and charged with crimes related to the hacking of U.S. companies for customers’ personal information.

DEER.IO was a Russian-based cyber platform that allowed criminals to purchase access to cyber storefronts on the platform and sell their criminal products or services.  DEER.IO started operations as of at least October 2013, and claimed to have over 24,000 active shops with sales exceeding $17 million. The platform was shut down pursuant to a seizure order issued by the Southern District of California Court.

FBI agents arrested Firsov, a Russian cyber hacker, on March 7 in New York City. Firsov not only managed the DEER.IO platform, he also advertised it on other cyber forums, which catered to hackers. Firsov is next scheduled to appear on April 16, 2020, before U.S. Magistrate Judge Allison H. Goddard.

According to a federal complaint, DEER.IO virtual stores offered for sale a variety of hacked and/or compromised U.S. and international financial and corporate data, Personally Identifiable Information (PII), and compromised user accounts from many U.S. companies. Individuals could also buy computer files, financial information, PII, and usernames and passwords taken from computers infected with malicious software (malware) located both in the U.S. and abroad. Law enforcement found no legitimate business advertising its services and/or products through a DEER.IO storefront. Store operators and customers accessed the storefront via the Internet.  Specifically, in this case, the FBI made purchases from DEER.IO storefronts hosted on Russian servers.

Soffe Men’s 3 Pack-USA Poly Cotton Military Tee

The DEER.IO platform offered a turnkey online storefront design and hosting platform, from which cybercriminals could advertise and sell their products (such as harvested credentials and hacked servers) and services (such as assistance performing a panoply of cyber hacking activities). The DEER.IO online stores were maintained on Russian-controlled infrastructure. The DEER.IO platform provided shop owners with an easy-to-use interface that allowed for the automated purchase and delivery of criminal goods and services.

Once shop access was purchased via the DEER.IO platform, the site then guided the newly-minted shop owner through an automated set-up to upload the products and services offered through the shop and configure crypto-currency wallets to collect payments for the purchased products and/or services.

As of 2019, a cybercriminal who wanted to sell contraband or offer criminal services through DEER.IO could purchase a storefront directly from the DEER.IO website for 800 Rubles (approximately $12.50) per month. The monthly fee was payable by Bitcoin or a variety of online payment methods such as WebMoney, a Russian based money transfer system similar to PayPal.

A cybercriminal who wanted to purchase from storefronts on the DEER.IO platform could use a web browser to navigate to the DEER.IO domain, which resolved to DEER.IO storefronts. DEER.IO contained a search function, so individuals could search for hacked accounts from specific companies or PII from specific countries, or the user could navigate through the platform, scanning stores advertising a wide array of hacked accounts or cyber-criminal services for sale. Purchases were also conducted using cryptocurrency, such as Bitcoin, or through the Russian-based money transfer systems.

On or about March 4, 2020, the FBI purchased approximately 1,100 gamer accounts from the DEER.IO store ACCOUNTS-MARKET.DEER.IS for under $20 in Bitcoin. Once payment was complete, the FBI obtained the gamer accounts, including the user name and password for each account. Out of the 1,100 gamer accounts, 249 accounts were hacked Company A accounts. Company A confirmed that if a hacker gained access to the user name and password of a user account, that hacker could use that account. A gamer account provides access to the user’s entire media library. The accounts often have linked payment methods, so the hacker could use the linked payment method to make additional purchases on the account. Some users also have subscription-based services attached to their gamer accounts.

On or about March 5, 2020, the FBI purchased approximately 999 individual PII accounts from the DEER.IO store SHIKISHOP.DEER.IS for approximately $170 in Bitcoin.  On that same date, the FBI purchased approximately 2,650 individual PII accounts from the DEER.IO store SHIKISHOP.DEER.IS for approximately $522 in Bitcoin. From those identities, the FBI identified names, dates of birth and U.S. Social Security numbers for multiple individuals who reside in San Diego County, including G.V. and L.Y.

“There is a robust underground market for hacked stolen information, and this was a novel way to try to market it to criminals hoping not to get caught,” said U.S. Attorney Robert Brewer. “Hackers are a threat to our economy, and our privacy and national security, and cannot be tolerated.”

FBI Special Agent in Charge Omer Meisel stated, “Deer.io was the largest centralized platform, which promoted and facilitated the sale of compromised social media and financial accounts, personally identifiable information (PII) and hacked computers on the internet. The seizure of this criminal website represents a significant step in reducing stolen data used to victimize individuals and businesses in the United States and abroad.  The FBI will continue to be at the forefront of protecting Americans from foreign and domestic cyber criminals.”

The office extends its appreciation to the New York Division of U.S. Customs and Border Protection operating at John F. Kennedy International Airport and to private sector cyber-security company Black Echo LLC, which provided assistance throughout the investigation.

Report cyber crimes by filing a complaint with the FBI’s Internet Crime Complaint Center, by calling your local FBI office or 1800 CALL FBI.

DEFENDANT                                    Case Number20MJ1029

Kirill Victorovich Firsov                    Age: 28

SUMMARY OF CHARGE

Unauthorized Solicitation of Access Devices, 18 USC Sec. 1029(a)(6)(A)

Maximum Penalty: Ten years in prison, $250,000 fine, restitution.

FBI.gov (March 2020) FBI Takes Down a Russian-Based Hacker Platform; Arrests Suspected Russian Site Administrator

Trend Micro: Coronavirus Used in Malicious Campaigns


(Developing Story) The coronavirus disease (COVID-19) is being used in a variety of malicious campaigns including email spam, BEC, malware, ransomware, and malicious domains, Trend Micro has reported.

As the number of those afflicted continue to surge by thousands, campaigns that use the disease as a lure likewise increase. Trend Micro researchers are periodically sourcing for samples on coronavirus-related malicious campaigns. This report also includes detections from other researchers.

Trend Micro:

The mention of current events for malicious attacks is nothing new for threat actors, who time and again use the timeliness of hot topics, occasions, and popular personalities in their social engineering strategies.

We analyzed coronavirus-related malware and spam attacks that our customers encountered globally in the first quarter (Q1) of 2020, from January to the present. We then categorized them according to region, namely the Asia Pacific Region (APAC), Latin America Region (LAR), North American Region (NABU), and Europe, Middle East, & Africa Region (EMEA).

The data came from our Smart Protection Network mechanism and are detected based on heuristic patterns. The number of spam corresponds to spam emails with the word “coronavirus” in the subject. The malware count is composed mostly of the accompanying malware files in these spam messages.

Figure 1. Coronavirus-related malware and spam attacks in Q1 2020 (Global)

As seen in the chart above, customers in the EMEA region had the most attacks at around 130,000 for both malware and spam. APAC saw around 28,000 attacks for both. NABU has over 21,000 for malware and over 22,000 for spam, while LAR has over 18,000 for malware and 19,000 for spam.

Figure 2. Countries with the most coronavirus-related malware and spam attacks in Q1 2020 (EMEA)

For EMEA, customers in the UK received almost a third of all malware and spam attacks for the region at over 41,000 for both. Next is France at almost 24,000 for malware and almost 23,000 for spam. Italy, one of the countries most affected by the coronavirus, has been hit by over 11,000 spam and malware cases, making it the country in EMEA that has seen the third-most coronavirus-related campaigns.

Read more at Trend Micro.

Trendmicro.com (March 2020) Developing Story: Coronavirus Used in Malicious Campaigns

CISA Releases Guidance on Essential Critical Infrastructure Workers During COVID-19 Outbreak


On Thursday, the Cybersecurity and Infrastructure Security Agency (CISA) released guidance to help state and local jurisdictions and the private sector identify and manage their essential workforce while responding to COVID-19.  

As the Nation comes together to slow the spread of COVID-19, on March 16, the President issued updated Coronavirus Guidance for America. This guidance states that:   

“If you work in a critical infrastructure industry, as defined by the Department of Homeland Security, such as healthcare services and pharmaceutical and food supply, you have a special responsibility to maintain your normal work schedule.”   

CISA executes the Secretary of Homeland Security’s responsibilities as assigned under the Homeland Security Act of 2002 to provide strategic guidance, promote a national unity of effort, and coordinate the overall Federal effort to ensure the security and resilience of the Nation’s critical infrastructure. 

The list of Essential Critical Infrastructure Workers was developed in coordination with Federal agencies and the private sector as a guide to help decision-makers within communities understand how to ensure continuity of essential functions and critical workforce as they consider COVID-related restrictions in certain communities (e.g., shelter-in-place). The list can also inform critical infrastructure community decision-making to determine the sectors, sub sectors, segments, or critical functions that should continue normal operations, appropriately modified to account for Centers for Disease Control (CDC) workforce and customer protection guidance.

These critical functions include, but are not limited to, systems that support healthcare personnel (e.g., doctors, nurses, laboratory personnel, etc.), the food industry (e.g., retail groceries and pharmacies), communication providers (e.g., operator, call centers, IT data centers), defense systems support, law enforcement, public works, and other essential operations. Workers who support these critical functions are necessary to keep critical systems and assets working.  

“As the nation comes together to slow the spread of COVID-19, everyone has a role to play in protecting public health and safety. Many of the men and women who work across our nation’s critical infrastructure industries are hard at work keeping the lights on, water flowing from the tap, groceries on the shelves, among other countless essential services,” said Christopher Krebs, CISA Director. “As the nation’s risk advisor, this list is meant to provide additional guidance to state and local partners, as well as industry, building on the President’s statement that critical infrastructure industries have a special responsibility to keep normal operations.  We’re providing recommendations for these partners as they carry out their mission to keep their communities safe, healthy, and resilient. And on behalf of CISA, we thank the brave men and women who continue these essential jobs in challenging times.”   

The list of Essential Critical Infrastructure Workers was developed using existing data and analysis, including publicly available analysis done by the President’s National Infrastructure Advisory Council in 2007. The list does not impose any mandates on state or local jurisdictions or private companies. 

CISA will use this list to support federal, state, local, tribal, and territorial government response to COVID-19. To view the full list of Essential Critical Infrastructure Workers and to learn more about our efforts, visit www.cisa.gov/coronavirus.  

Cisa.gov (March 2020) CISA RELEASES GUIDANCE ON ESSENTIAL CRITICAL INFRASTRUCTURE WORKERS DURING COVID-19