Page 1


And how you can prevent it

Table of Contents Stories……………………………………..3 Advice Column…………………………5 Fun Game………………………………..6 Trivia………………………………………..7

Stories 1. 11/05/13 Five individuals have been added to the FBI’s Cyber Most Wanted list for their roles in domestic and international hacking and fraud crimes collectively involving hundreds of thousands of victims and tens of millions of dollars in losses. In announcing the addition of the new subjects—along with rewards of up to $100,000 for information leading to their arrests—Executive Assistant Director of our Criminal, Cyber, Response, and Services Branch Richard McFeely said, “Throughout its history, the FBI has depended on the public’s help and support to bring criminals to justice. That was true in the gangster era, and it’s just as true in the cyber era. We need the public’s help to catch these individuals who have made it their mission to spy on and steal from our nation and our citizens.” The new fugitives on our Cyber’s Most Wanted list are:

Pakistani nationals Farhan Arshad and Noor Aziz Uddin, wanted for their alleged involvement in an international telecommunications hacking scheme. Between 2008 and 2012, the pair gained unauthorized access to business telephone systems, resulting in losses exceeding $50 million. Arshad and Uddin are part of an international criminal ring that the FBI believes extends into Pakistan, the Philippines, Saudi Arabia, Switzerland, Spain, Singapore, Italy, Malaysia and elsewhere.

Podcast: Cyber’s Most Wanted

Carlos Perez-Melara, wanted for a variety of cyber crimes—including running a fraudulent website in 2003 that offered customers a way to “catch a cheating lover.” Those who took the bait downloaded spyware that secretly installed a program on their computers that allowed scammers to steal the victims’ identities and personal information.

Syrian national Andrey Nabilevich Taame, wanted for his alleged role in Operation Ghost Click, a malware scheme that compromised more than four million computers in more than 100 countries between 2007 and October 2011; there were at least 500,000 victims in the United States alone.

Russian national Alexsey Belan, wanted for allegedly remotely accessing the computer networks of three U.S.-based

companies in 2012 and 2013 and stealing sensitive data as well as employees’ identities. Rewards are being offered for each of the five fugitives, all of whom are believed to be living outside the U.S. See the accompanying “Wanted By the FBI” posters for more information. The Internet Crime Complaint Center, or IC3, had received dozens of complaints about a St. Louis woman who was selling what she claimed were designer handbags. Buyers spent as much as $100,000 for a single bag, but ended up with either knock-off bags or sometimes nothing at all…and the woman refused to refund their money. The IC3 forwarded the complaints to the St. Louis FBI Field Office, and, after an investigation, the woman was charged with selling counterfeit goods and ultimately pled guilty last year. This case is an example of the effectiveness of the IC3—a partnership between the FBI and the National White Collar Crime Center. Submissions to this central hub for Internet-related crime complaints can not only lead to culprits getting caught, but also help identify trends that are then posted on the IC3’s websiteto educate the public about constantly evolving cyber threats and scams. 2. Today, as part of its ongoing education and prevention mission, the IC3 released its latest annual snapshot of online crime and fraud—the 2012 Internet Crime Report. While there is no end to the variety of cyber scams, the report highlights some of the most frequent ones from 2012. Here are a few examples of what to look for to help keep you from being victimized: Report Highlights  Auto fraud: Criminals attempt to sell vehicles that they really don’t own, usually advertising them on

- The IC3 received nearly 290,000 complaints from victims. - Dollar losses arising from the 2012 complaints totaled almost $525.5

various online platforms at prices below market value.


Often the fraudsters claim they must sell the vehicles

- Most complaints came from the U.S., but some were sent from Canada, the United Kingdom, Australia, India, and other countries.

quickly because they are relocating for work, are being

- California had the highest percentage of complaints (13.41), followed

deployed by the military, or have a tragic family

by Florida, Texas, New York, New Jersey, Pennsylvania, Illinois, Virginia, Ohio, and Washington.

circumstance and are in need of money. And in a new

- Victims who reported losing money lost an average of nearly $4,600.

twist, criminals are posing as dealers rather than

- More than 82 percent of complainants were ages 20-50, while 14 percent were 60 and over, and just over 3 percent were under the age of

individual sellers.


—————————————— FBI impersonation e-mail scam: The names of various government agencies and government officials

Fraud Advice for Consumers

have been used in spam attacks for some time, and - Be suspicious if the seller only accepts wire transfers or cash.

complaints related to spam e-mail purportedly sent by

- If purchasing merchandise, ensure it is from a reputable source.

the FBI continue to be reported with high frequency.

- Be wary of businesses that operate from P.O. boxes or mail drops. - If you receive an unsolicited e-mail, be very cautious when responding

These scams, which include elements of Nigerian scam

to offers and giving out personal or financial information. Also, do not

letters, incorporate get-rich inheritance scenarios,

click on the links in these e-mails; instead, go directly to the organization’s official website.

bogus lottery winning notifications, and occasional

For more tips, go to the IC3’s 2012 Internet Crime Report and

extortion threats.

our Internet Fraud webpage.

Intimidation/extortion scams: More popular ones involve payday loan scams (harassing phone calls to victims claiming they are delinquent on loan payments), process server scams (a supposed process server shows up at a victim’s house or place of employment but is willing to take a debit card number for payment in order to avoid court), and grandparent scams

(fraudsters contacting elderly victims pretending to be a young family member in some sort of legal or financial crisis).

Scareware/ransomware: There are different variations of these scams, but one involves victims receiving pop-up messages on their computers alerting them to purported infections that can only be fixed by purchasing particular antivirus software. Another involves malware that freezes victims’ computers and displays a warning of a violation of U.S. law and directions to pay a fine to the U.S. Department of Justice.

Read more on these and other scams—as well as online crime prevention tips—in the IC3’s latest report. An educated consumer is the most effective weapon against Internet fraudsters. 3. 02/14/12

Millions of Americans visit online dating websites every year hoping to find a companion or even a soul mate. But today, on Valentine’s Day, we want to warn you that criminals use these sites, too, looking to turn the lonely and vulnerable into fast money through a variety of scams. These criminals—who also troll social media sites and chat rooms in search of romantic victims—usually claim to be Americans traveling or working abroad. In reality, they often live overseas. Their most common targets are women over 40 who are divorced, widowed, and/or disabled, but every age group and demographic is at risk. Here’s how the scam usually works. You’re contacted online by someone who appears interested in you. He or she may have a profile you can read or a picture that is e-mailed to you. For weeks, even months, you may chat back and forth with one another, forming a connection. You may even be sent flowers or other gifts. But ultimately, it’s going to happen—your new-found “friend” is going to ask you for money. Recognizing an Online Dating Scam Artist Your online “date” may only be interested in your money if he or she: - Presses you to leave the dating website you met through and to communicate using personal e-mail or instant messaging; - Professes instant feelings of love; - Sends you a photograph of himself or herself that looks like something from a glamour magazine; - Claims to be from the U.S. and is traveling or working overseas; - Makes plans to visit you but is then unable to do so because of a tragic event; or - Asks for money for a variety of reasons (travel, medical emergencies, hotel bills, hospitals bills for a child or other relative, visas or other official documents, losses from a

So you send money…but rest assured the requests won’t stop financial setback or crime victimization). there. There will be more hardships that only you can help One way to steer clear of these criminals all together is to alleviate with your financial gifts. He may also send you checks stick to online dating websites with nationally known to cash since he’s out of the country and can’t cash them reputations. himself, or he may ask you to forward him a package. So what really happened? You were targeted by criminals, probably based on personal information you uploaded on dating or social media sites. The pictures you were sent were most likely phony, lifted from other websites. The profiles were fake as well, carefully crafted to match your interests. In addition to losing your money to someone who had no intention of ever visiting you, you may also have unknowingly taken part in a money laundering scheme by cashing phony checks and sending the money overseas and by shipping stolen merchandise (the forwarded package). While the FBI and other federal partners work some of these Listen: Special Agent cases—in particular those with a large number of victims or Nicholas Savage describes so-called “sweetheart scammers” large dollar losses and/or those involving organized criminal and the dangers they pose on the Internet.” groups—many are investigated by local and state authorities. We strongly recommend, however, that if you think you’ve More: Inside the FBI been victimized by a dating scam or any other online scam, file a complaint with ourInternet Crime Complaint Center. Before forwarding the complaints to the appropriate agencies, IC3 collates and analyzes the data—looking for common threads that could link complaints together and help identify the culprits. Which helps keep everyone safer on the Internet. For specific tips on how to keep from being lured into an online dating scam, see the sidebar above. Awareness is the best tool for preventing crime…and in this case, even for preventing a broken heart. 4. 01/22/14

He made a living stealing other people’s identities…and then their money. And what a living it was—more than enough to bankroll luxury homes, fancy cars, expensive clothes and jewelry, and nights spent in clubs and casinos. When law enforcement was about to swoop in and arrest the thief, he managed to flee the country and continue his extravagant lifestyle abroad for about four years. Eventually, thanks to investigators who wouldn’t give up and international partners who provided vital support, this man was found and returned to the U.S. to face justice. Last month, Tobechi Onwuhara, of Dallas, Texas—the ringleader of a multi-million-dollar fraud scheme and a former FBI wanted cyber fugitive—was sentenced to federal prison. Seven additional co-conspirators have either pled guilty or been convicted. There’s no shortage of schemes that identity thieves perpetrate to line their own pockets—from stealing credit card numbers and fraudulently applying for loans and refunds to breaking into online bank accounts. Onwuhara’s specialty? He targeted home equity line of credit accounts, a form of revolving credit in which your home serves as collateral.





How the scheme worked: Onwuhara Identity Theft: How to Protect Yourself and his co-conspirators identified potential victims—people who had home Tobechi Onwuhara led a multi-million-dollar home equity line of credit equity line of credit accounts with large fraud scheme that involved hundreds of victims in the U.S. Often times, balances—by accessing certain feepeople didn’t even realize they had been victimized until they got calls based websites often used in the real from their financial institutions about a late payment on a home equity line estate for customer leads (one of of credit loan, until they applied for another kind of loan and were turned Onwuhara’s associates was a real estate down, or until they checked their credit report. agent). After collecting bits of personally identifiable information from those Fortunately, these victims—because their financial institutions were websites—like names, addresses, dates insured—were reimbursed for their financial losses. But for all victims of of birth, and Social Security numbers— identity theft, there are long-term challenges to face, including credit and then using other online sites to rating damage, the time and effort to repair damaged credit, and financial obtain personal information to help with hardship. Here are a few tips to help you protect yourself and your loved passwords and security questions, they ones from identity thieves: were able to access victims’ credit reports online, which contained loan · Review your credit report at least once a year. balances and other financial and · Monitor your bank accounts and credit card accounts routinely and personal information. report any unauthorized or suspicious activity to your financial institution Armed with this information, Onwuhara immediately. would either call a customer service representative at a victim’s financial · Use strong passwords for your online financial accounts. institution while impersonating the victim—or gain access to the victim’s · Make sure you have up-to-date security software on your computer and online account—and request a transfer of other devices. funds from the home equity line of credit account into the victim’s checking or · Limit sharing of personal information on social networking sites. savings account. From those accounts, he’d request that the money be wired to another bank account—usually overseas and always one that he controlled. To help with the impersonation, Onwuhara would use caller ID spoofing services to display the customer’s legitimate phone number. And in case the financial institution needed to call the customer back for some reason before the money was wired, Onwuhara—again impersonating the victim—would call the victim’s telephone company and request call forwarding to another phone (which of course belonged to a member of his criminal group). Once the money was transferred, Onwuhara paid money mules in several different countries to withdraw the money and get it back to Onwuhara’s criminal enterprise. Our investigation of Onwuhara’s scheme— This expensive watch was one of many luxury items seized from Tobechi Onwuhara, the fugitive identity thief who was which involved hundreds of victims nationwide, apprehended abroad and returned to the U.S. attempts to steal more than $38 million, and losses of $13 million—began in late 2007 after we received a complaint from a victim in the Washington, D.C. area. We were ultimately able to identify and gather evidence against Onwuhara and his crew, and federal charges were handed down in August 2008. After he fled the U.S., ongoing international law enforcement efforts continued until December 2012, when he was located in Sydney, arrested by the Australian National Police, and returned to this country.


Advice Column Q: How can I protect my social network accounts from being hacked and having my identity stolen? A: Make sure you choose strong passwords! Try to include both uppercase and lowercase letters, numbers, and symbols. The harder it is to guess, the better! Q: What can I do besides choosing a strong password that will prevent my identity from being stolen? A: Make sure you choose good security questions that no one knows the answer to except for you, and make sure you answer them honestly. You never know when you’ll need to remember what you said! Q: Help! Someone’s hacked into my Facebook account and is pretending to be me! What should I do? A: Contact Facebook Support immediately. Email them and tell them that someone else is on your account and you’d like to disable the account for a while.

Fun Game

Trivia Section What’s the best way to prevent someone from hacking into your social networking accounts? a. b. c. d.

Post a status asking everyone to please not hack into your account Hack into other people’s accounts Choose strong passwords that are hard for others to guess Tell everyone your password so they won’t try to guess it

Cyber Law Magazine  
Cyber Law Magazine