Tag Archives: Indiana

State Attorney General warns phishing scams targeting firms

The Indiana Attorney General’s Office is warning businesses about fraudsters posing as IT staff to lure employees into phishing scams.

“Scam artists are increasingly posing as work colleagues, supervisors, or members of companies’ IT staffs” in e-mails to harvest sensitive information about employees or the business, the AG’s Office said. “Before clicking on e-mail links or sending personal information over e-mail, confirm for yourself that the e-mail is legitimate.”

“In these e-mail attacks, fraudsters pose as supervisors or other employees and dupe people into providing their computer credentials, sensitive information about themselves or other employees, or simply into clicking on malicious files,” the AG’s Office said. “Information gained by criminals can be used to commit identity theft, file fraudulent tax returns in the name of a company’s employees, hack into a company’s databases, and more.

This year, the Indiana AG’s Office has identified 113 e-mail phishing scams affecting 8,530 Hoosiers, while in 2015 the FBI’s Internet Crime Complaint Center received 5,716 complaints of Internet fraud from victims in Indiana, many of which involved phishing.

“Unfortunately, it’s very easy for a thief to send an e-mail that appears to have been sent by anyone, and it’s difficult to trace who the email actually came from,” the AG’s Office said. “In addition, information about staff at companies is easily available. A thief can easily find out who a company’s owner or IT director is, making his or her efforts to gain information that much more convincing.”

Steps to take to combat phishing scams:

* Don’t e-mail personal or financial information. E-mail is not a secure method of sending such information.

* Be wary of clicking on links, opening attachments, or downloading files from e-mails, especially if you’re not sure who sent the email. These files can contain viruses or other malware that can weaken your computer’s security.

* Only provide personal or financial information through an organization’s website if you typed in the web address yourself and if the URL begins with httpsÊ(the “s” stands for secure).

Companies should do the following:

* Install malware scanning and spam filtering to decrease the number of malicious e-mails received by employees.

* Utilize filtering mechanisms to ensure that employees have access only to approved websites.

* Implement the Sender Policy Framework, which permits a company to verify that every incoming e-mail is from a host that has been vetted by the sender’s domain owner.

* Train employees about proper e-mail security and safety.

* Implement incident response plans in order to react quickly and systematically to any type of phishing scam.

* If you believe your company has experienced a security breach in which employees’ or consumers’ sensitive information has been compromised, report it to the AG’s Office immediately.



Posted 7/14/2016




http://www.chestertontribune.com/Indiana News/state_attorney_general_warns_phi.htm

European charged in phishing scam set for court

Pittsburgh • An Eastern European man was set to face a federal judge in Pittsburgh on Friday on charges he ran an international email phishing scheme that enabled him and others to steal banking information from U.S. companies.

Andrey Ghinkul, 30, is from Moldova. He was arrested in August while on vacation in Cyprus and was extradited to Pennsylvania last week.

Prosecutors plan to ask that he remain jailed until trial because they say he a risk to flee prosecution.

U.S. victims of the Bugat malware that infected computers of those who opened the phishing emails lost about $10 million, the FBI said. The charges were filed in Pittsburgh partly because the greatest threats involved a bank and a school district in western Pennsylvania. Worldwide, businesses and others have lost at least $25 million, U.S. Attorney David Hickton said.

An employee of Penneco Oil Company Inc. in Delmont opened an email that attacked the computer and enabled Ghinkul and others to attempt bank transfers in the company’s name.

The hackers moved nearly $2.2 million from a Penneco account to a bank in Krasnodar, Russia, in August 2012 and moved $1.35 million from a Penneco account to a bank in Minsk, Belarus, in September 2012, authorities said. Another attempted transfer of about $76,000 to a Philadelphia bank account that same month failed, the indictment said.

Penneco’s senior vice president, D. Marc Jacobs, said the company learned they’d been hacked after an employee’s email went berserk in May 2012. The company’s computer consultant referred them to the FBI.

The company’s bank, First Commonwealth based in Indiana, Pennsylvania, is now considered the victim in the case because it restored the stolen funds. Any restitution will go to the bank.

The Sharon City School District was also a victim of the scheme. Hackers tried and failed to transfer $999,000 from one of its bank accounts to an account in Kiev, Ukraine, in December 2011, the indictment said.



Arkansas Attorney General joins comment letter to FTC about spam and phishing text messages

LITTLE ROCK, Ark. (Legal Newsline) – Arkansas Attorney General Leslie Rutledge announced she has joined other state attorneys general in a comment letter to the Federal Communications Commission asking it to maintain its current safeguards and filters for protecting consumers from spam and phishing text messages.

“As I continue to work with my colleagues to reduce annoying telemarketing calls to Arkansans, I want to make sure that wireless carriers do not lose their ability to protect consumers’ messaging,” Rutledge said. “Taking this ability away would make consumers increasingly vulnerable to dangerous spam and phishing schemes.”

Rutledge signed the comment letter, led by Idaho Attorney General Lawrence Wasden, along with attorneys general from Alabama, Colorado, Connecticut, Georgia, Indiana, Maine, Michigan, Montana, New Hampshire, New Mexico, North Dakota, Ohio, Oklahoma, South Dakota, Utah, West Virginia and Wyoming.

“Text messaging spam would be a major annoyance to consumers and would be a vehicle for various fraudulent activities,” the attorneys general said in the letter. “We believe, and our citizens desire, that this unique wireless service should be kept ‘spam free.’”