New Technique Utilizing Private Branch Exchange (PBX) Systems To Conduct Vishing Attacks

The FBI has received information concerning a new technique used to conduct vishingi attacks. The recent attacks were conducted by hackers exploiting a security vulnerability in Asterisk software. Asterisk is free and widely used software developed to integrate PBXii systems with Voice over Internet Protocol (VoIP), digital Internet voice calling services; however, early versions of the Asterisk software are known to have a vulnerability. The vulnerability can be exploited by cyber criminals to use the system as an auto dialer, generating thousands of vishing telephone calls to consumers within one hour.

The vulnerability referred to in this alert is a known vulnerability. Digium, the original creator and primary developer of Asterisk, released a Security Advisory, AST-2008-003, in March of 2008, which contains the information necessary for users to configure a system, patch the software or upgrade the software to protect against this vulnerability.

If a consumer falls victim to this exploit, their personally identifiable information (PII) will be compromised. To prevent further loss of consumers' PII and to reduce the spread of this new technique, it is imperative businesses, using Asterisk, upgrade their software to a version that has had the vulnerability fixed.

Further, consumers should not release personal information in response to unsolicited telephone calls. Providing your PII will compromise your identity!

If you have been a victim of Internet crime, please file a complaint at www.IC3.gov.

i Vishing utilizes caller ID spoofing via VoIP to contact potential victims in order to gain access to their PII by convincing the victim that the criminal is associated with a legitimate business with a need to know the victim's PII.

ii PBX Systems are used by companies to allow telephone calls between VoIP enterprise users on local lines while allowing all users to share a limited number of external lines.

This information obtained from FBI web page

The FBI has released a comprehensive new report on mortgage fraud—now posted in full. And, as you might expect given the downturn in the economy and all the troubles in the lending industry, it isn’t a pretty picture.

The information can get quite technical, with plenty of charts, graphs, and hard numbers. But we invite you to take a read if you’re interested in getting educated on the issue—and on emerging schemes that might impact your own pocketbook.

Among the key findings:

... Mortgage fraud is clearly on the rise. Although there is no central way to track the total extent of the problem, we received 46,717 Suspicious Activity Reports related to mortgage fraud last year—compared to 35,617 in 2006 and just 6,936 in 2003. Only seven percent of these reports documented an exact dollar amount in terms of losses, but even so, the total loss from this seven percent was $813 million. Our caseload has also escalated. By the end of fiscal year 2007, we were handling just over 1,200 mortgage fraud investigations—a 47 percent increase from 2006 and a whopping 176 percent increase from 2003.

... The downward trend in the housing market will continue (see forecasts provided by the Mortgage Bankers Association in the report), providing further incentive for shady real estate industry insiders to look for dishonest ways to turn a profit and growing opportunities for scam artists to prey on vulnerable homeowners.

... The subprime lending crisis is a contributing factor to mortgage fraud, both directly and indirectly. Subprime loans, designed for people with poor or limited credit histories, now represent more than 13 percent of all outstanding loans—double the percentage of five years ago. These high-interest, high-risk loans contributed to the 2.2 million foreclosures filed during 2007, up 75 percent from 2006. The trouble actually began when home prices were rising a few years ago, leading to relaxed lending practices throughout the industry and the exaggeration of assets by borrowers anxious to qualify for loans, both of which contributed to fraud.

... The top 10 hotspots nationwide for mortgage fraud in 2007, carefully mapped from multiple public and private sources, were: Florida, Georgia, Michigan, California, Illinois, Ohio, Texas, New York, Colorado, and Minnesota. The north-central region had the largest share of mortgage fraud, followed by the west and southeast regions. 

.. The latest mortgage scams run the gamut: from “builder-bailout” schemes where developers unload excess inventory through financial trickery…to foreclosure rescue frauds that trick homeowners into signing over the deed to their house; from seller-assistance scams that use false appraisals to sell homes…to identity theft that leads to home equity credit lines being opened and drained. See the report for more details.

The report also briefly recounts our proactive response to the problem, including our participation in the Department of Justice's Mortgage Fraud Working Group, through which we are helping to identify large-scale industry insiders and criminal enterprises conducting systemic mortgage fraud...our work in multi-agency mortgage fraud task forces and working groups around the country...and our recent “Mortgage Fraud Summit” to discuss the issue with special agents nationwide. 

For more information:
- The 2007 Mortgage Fraud Report
- FBI Mortgage Fraud webpage

information obtained from the FBI web page

The FBI has recently developed information indicating cyber criminals are attempting to once again send fraudulent e-mails to unsuspecting recipients stating that someone has filed a complaint against them or their company with the Department of Justice or another organization such as the Internal Revenue Service, Social Security Administration, or the Better Business Bureau.

This information was obtained from the FBI web page.

Have you received a suspicious e-mail from FBI Director Robert Mueller or another FBI official? If so, it is a fake. The FBI and the Internet Crime Complaint Center (IC3) have increasingly received reports of fraudulent schemes misrepresenting FBI agents, officials, and/or FBI Director Robert S. Mueller, III. The fraudulent e-mails give the appearance of legitimacy due to the usage of pictures of the FBI Director, seal, letterhead, and/or banners. The types of schemes utilizing the names of FBI agents, officials, or the Director's name are typically lottery endorsements and inheritance notifications.

Other fraudulent schemes representing the FBI claim to be from our domestic as well as overseas offices. The schemes cover a range from threat and extortion e-mails, website monitoring containing malicious computer program attachments (malware), and online auction scams.

The social engineering technique of utilizing the FBI's name is to intimidate and convince the recipient the e-mail is legitimate.

The FBI does not send out e-mails soliciting personal information from citizens.

Please be cautious of any unsolicited e-mail referencing the FBI, FBI Director Mueller, or any other FBI official endorsing any type of Internet activity.

To receive the latest information about cyber scams please go to the FBI website and sign up for e-mail alerts by clicking on one of the red envelopes. If you have received a scam e-mail please notify the IC3 by filing a complaint at www.ic3.gov. For more information on e-scams, please visit the FBI's New E-Scams and Warnings webpage.

Bay View residents beware. This scam has been verified by the FBI (their link is included below). Please pass this on to everyone in your e-mail address book and social network. 

It is spreading fast so be prepared should you get this call. Most of us good citizens take  these summons for jury duty seriously . 

A new and ominous kind of fraud has surfaced. The caller claims to be a jury coordinator. If you protest that you never received a summons for jury duty,  the scammer asks you for your Social Security number and date of birth so he or she can verify the information and cancel the arrest warrant. 

If you give out this information - bingo -  your identity has just been stolen. The type of fraud has been reported in 11 states.

This is particularly insidious because they use intimidation over the phone  to try to bully people into  giving information by pretending they are with the court system. 

The FBI  and the Federal Court System have issued nationwide alerts on their web sites, warning consumers about the fraud.

Snopes site: says this is real fraud.
http://www.snopes.com/crime/fraud/juryduty.asp

FBI site: warns about the fraud.
http://www.fbi.gov/page2/june06/jury_scams060206.htm

To ALL Veterans - It has come to my attention that there is a phone scam that is targeting veterans.  The caller will ask you to join the Patriot Guard, and tell you there are “membership fees" involved. 

The caller will say something about the Patriot Guard having "over 7000 members" nationwide, which is obviously untrue.  DO NOT give out ANY personal information or credit card numbers.

THIS IS A SCAM!!!   PLEASE, if you receive such a call, call  John Curran at (608) 935-3231, and he will gather information for local authorities, as well as the Better Business Bureau, to try to put a stop to this scam.

Please pass on this informnation to your friends.

Each year hundreds of people become victims of a scam. They unknowingly become a victim because of their lack of knowledge about such scams. Last year consumers in Wisconsin lost more than $188,000 to advanced fee loan scams. I will attempt to explain some of the top scams and a basic tip on how to avoid becoming a victim of these scams.

ADVANCED FEE LOAN SCAM - A company guaranteed a consumer loan but required the person asking for the loan to first wire a collateral payment to Canada. Requiring an upfront payment is a red flag to a scam.

TIP TO AVOID THIS SCAM: You should never pay in advance to secure a loan. If you need a quick loan, check with your bank or credit union. All of the victims of these types of scams applied for their loans online.

CHECK SCAMS - Check scams are camouflaged a number of different ways. However, they all have one thing in common: the scam artists send you a cashier’s check, ask you to deposit it into your bank account and wire the money out of the country. The check deposited is a counterfeit check and you become the victim personally liable for the amount of the check deposited into your account.

Some of the common scams are employment opportunities, secret of mystery shopping jobs, online auctions, and fake class action lawsuits.

TIP TO AVOID THE SCAM: DO NOT accept checks from unknown persons. If you receive a cashier’s check, submit it to your bank “for collection”. Even though the check looks real and the bank initially accents it could be bogus. Or, just throw the check away and forget about it.

FOREIGN LOTTERY SCAMS - The lottery scam is another version of the Check Scam. Her too you receive a check in the mail for asking you to deposit it in your account. Unfortunately the check is counterfeit and the victim is left owing the bank for the amount deposited.

TIP TO AVOID THE SCAM: It is illegal in the US to play foreign lotteries. So if any companies claim to be legitimate for such activity . . . they are not. Throw the winner letter in the trash and do not respond.

IDENTITY THEFT - ID thieves may use the following means to secure your identity: rummage through your trash, pretending to need to know information to claim a prize, stealing your mail, placing bogus newspaper ads for jobs and sending unsolicited e-mails posing as your financial institution. The last is known as spoofing, vishing, or phising.

TIP TO AVOID THE SCAM: Check you credit report annually. This will ensure you that there have been no unauthorized transactions on your report. Shred any information that has your personal details. Never respond to unsolicited e-mail or phone calls requesting personal information.

Check your credit reports with:

EQUIFAX – www.equifax.com or 1-800-525-6285

TRANSUNION – www.transunion.com or 1-800-680-7289

EXPERIAN – www.experian.com or 1-800-397-3742

The information for this article was found on the Wisconsin Better Business Bureau website, www.wisconsin.bbb.org

In the Milwaukee metro area you can direct inquires and complaints to 414-847-6000. For toll free information from elsewhere call 1-800-273-1002.