FBI Warns of Technical Support Scams

The FBI’s Internet Crime Complaint Center has issued an advisory on increased complaints for Technical Support Scams.  The scammer claims to be an employee of a major computer software or security company offering technical support to the victim.  Some of these scammers claim to be from cable and internet companies to assist with cable boxes, modems and routers.  The scammer claims that they are seeing viruses or security issues from the victim’s internet connection or computer.  Some scammers are even claiming to work on behalf of government agencies to resolve threats from possible foreign countries or terrorist organizations.

The initial contact by the scammer is usually by phone, but has also been seen in pop-up messages or locked screens (Blue Screen of Death) with a message to call a number or go to a URL for assistance.  After the subject makes verbal contact, they try to get the victim to provide remote access to their device.  Once they get access to your device, they will ask for a fee to remove the virus from the computer, attempt to access personal files that may have passwords, financial data, or personal data, or they may install malware on the device.

To guard against this scam:

  • Recognize the attempt and cease all communication with the subject.
  • Ignore the pressure from the scammer to act quickly.
  • Do not give an unknown/unverified person remote access to your computer or accounts.

Additionally:

  • Remember that a legitimate software company will not contact an individual unless it is initiated by the customer.
  • Be sure to install anti-virus, security and malware protection applications and make sure it is updated on a regular basis.

If you find that a scammer has gained access to your device or accounts:

  • Contact your financial intuitions to alert them and monitor your accounts for suspicious activity.
  • If the device is owned by UT Arlington, contact the Information Security Office – security@uta.edu.
  • Complaints may also be filed with the FBI’s Internet Crime Complaint Center at ic3.gov. (You may be required to be specific with details; name of company, phone numbers and email addresses used by the subject, websites used, account names and numbers, financial institutions that received any funds, and a description of the interaction with the subject).

Keep any original documentation, emails, faxes and logs of all communications with the subjects.

To view this and other FBI Public Service Announcements or Scam Alerts go to www.ic3.gov/media/default.aspx.

Crypto-Malware Attacks

Beware of suspicious email attachments

Ransomware attacks have been reported from faculty and staff over the past few days.  This particular ransomware is spread through emails that have an infected attachment, but navigating to infected websites may also be a source of infection.  Once a user has clicked on an infected attachment, the ransomware will encrypt all files on your computer and rename the file extensions to “.lockey”.  The ransomware may also encrypt any network drives you may have mapped (J and K Drives, etc.).  If you notice you have been infected by the ransomware, disconnect the computer from the network, leave it turned on and contact the UTA Help Desk at 817-272-2208.

All faculty, staff, and students are urged to

  • Avoid clicking on any suspicious attachments in emails
  • Never click on links in emails that you’re not expecting. Signs that an email or website is not legitimate:
    • Sender’s address or website address does not match the organization listed in the content of the message.
    • Grammar in the message or website is poor.
    • Format of the email or website is poor or inconsistent with what you’ve seen from the organization.
    • Hovering your mouse over the links reveals web addresses inconsistent with the content of the message.
  • Ensure your computer has anti-malware software configured and set to automatically run updates
  • Keep your computer operating system and applications (Web Browsers,  MS Office applications, Adobe Acrobat, etc.) patched and up-to-date
  • Ensure you have properly backed up your files.
    • UTA Faculty and Staff can use CrashPlan to automatically backup files on their computers.  Contact your department’s desktop support associate or Help Desk at 817-272-2208 for installation assistance.
    • Other methods include copying files to Network drives, use encrypted external drives (encrypted to prevent unauthorized access), faculty and staff may use approved cloud storage like UTA box (https://uta.app.box.com). Contact the help desk for assistance in setting your box account up or go to http://www.uta.edu/oit/cs/software/box/up for more information.
  • Send suspicious emails with attachments to phish@uta.edu as an attachment.  This allows the Office of Information Technology and the Office of Information Security to evaluate the threat.

See the Information Security website for additional information and tips http://www.uta.edu/security/

New Phone Scam

The Information Security Office wants to alert students, faculty, and staff of a type of phone scam called Vishing (voice phishing) which uses fake caller-ID data to give the appearance that calls come from a trusted organization (such as UT Arlington). The caller tells people they owe money to the University and a warrant has been issued for their arrest. Next, the caller solicits immediate payment for the alleged debts.

University officials will not contact you in this manner or threaten arrest for non-payment of debts. Verifying UT Arlington debts, including citations, can be done by checking MyMav or visiting the Bursar directly.  Be aware that this is a type of social engineering wherein someone uses influence, deception, and persuasion to get information that would otherwise be unavailable to them (which is also known as fraud).

Caller ID is far from proof positive of a caller’s identity or authentication. Don’t trust incoming calls based on Caller ID. Make 100% sure you know to whom you are speaking. If any incoming calls from supposedly legitimate companies ask for any personal information of any kind… it is a scam. It is fraud. Period.

If you receive an unexpected call like this from someone claiming to be from UTA DO NOT provide your credit card information.  If you fall victim to the call, contact UT Arlington’s Police Department at 817-272-3381.  For information on preventing social engineering and theft, please contact the ISO at security@uta.edu or call us at 817-272-5487.

For more information about Identity Theft, go to:

http://www.uta.edu/security/identity_theft/

For more information about Social Engineering, go to:

http://www.uta.edu/security/socialengineering/

Holiday Season Cyber Scams and Malware Campaigns

As we approach the holidays, the Information Security Office (ISO) would like to remind the UT Arlington community to be aware of seasonal scams, phishing and malicious software (malware) distribution campaigns.

Every year, cyber criminals take advantage of the increase in online purchases and electronic seasonal greeting cards to trick victims into believing they’ve received packages or personal messages. They often use multiple methods to attract victims, such as posing as legitimate websites and/or using fraudulent emails that are crafted to look legitimate; they steal the logos, email or web templates of legitimate businesses *e.g. FedEx, DHL UPS, Amazon.com, etc.) in an effort to entice victims into clicking links or opening attachments.

These phishing and malware campaigns may come in the form of :

  • Fake shipping/courier notifications.
  • Electronic greeting cards or links to holiday screensavers or other forms of media.
  • Request for charitable contributions that may appear to be for legitimate causes but originate from illegitimated sources claiming to be charities.
  • Credit card or gift card applications or enticing discounts in online shopping advertisements that lead to websites you’re unfamiliar with.

In addition, be aware of social engineers who may call you on your personal or work phone using a themed pretext (holiday offers, package pickup, etc.).

Don’t be a victim!  The ISO advises caution when you encounter these types of email messages or websites by:

  • Looking for tell-tale signs that a website or email is not legitimate:

………….– The senders address or website address does not match the organization listed in the content of the message.
………… – The grammar in the message or website is poor.
………… – Format of the email or website is poor or inconsistent with what you’re used to seeing from the organization.
………… – Hovering over the links with your mouse reveals web address inconsistent with the content of the message.

  • Never clicking on links in emails that you’re not expecting.
  • Never opening attachments in emails that you’re not expecting.
  • Never providing your personal information in an email or on a website unless you are completely sure.

The United States Computer Emergency Readiness Team encourages users and administrators to use caution when encountering these types of email messages and take the following preventative measures to protect themselves from phishing scams and malware campaigns: