FBI - Oregon
Emergency Messages as of 3:39 am, Tue. Jun. 27
No information currently posted. Operating as usual.
Subscribe to receive FlashAlert messages from FBI - Oregon. Please use any browser other than Internet Explorer.
Primary email address for a new account:

Emergency Alerts News Releases  
And/or follow our FlashAlerts via Twitter

About FlashAlert on Twitter:

FlashAlert utilizes the free service Twitter to distribute emergency text messages. While you are welcome to register your cell phone text message address directly into the FlashAlert system, we recommend that you simply "follow" the FlashAlert account for FBI - Oregon by clicking on the link below and logging in to (or creating) your free Twitter account. Twitter sends messages out exceptionally fast thanks to arrangements they have made with the cell phone companies.

Click here to add FBI - Oregon to your Twitter account or create one.

Hide this Message


Manage my existing Subscription

News Releases
FBI Tech Tuesday - Building a Digital Defense Against Social Engineering - 06/20/17

In this week's Oregon FBI Tech Tuesday segment: building a digital defense against social engineering.

So what is social engineering? Basically, it is a scammer who manipulates you into doing something you wouldn't ordinarily do. There is often a sense of urgency combined with fear.

Take this example: a scammer calls, texts or emails you pretending to be your bank. He tells you that your credit card is being used to purchase items overseas. If you can confirm your account number and password right away, he can get the card shut down, and you won't be liable for the losses. If you wait -- well, you will be on the hook for fraud.

Or -- on a happier note -- you receive a message that you have won a great prize. Maybe it is a car or a vacation. If you respond in the next 5 minutes, it is all yours as soon as you pay a small fee for taxes. If you don't respond right away, the scammer says, you will lose out.

Other than fear - social engineering masters have other tricks up their cyber sleeves, too. One such trick: cashing in on the trust you share with others. In some cases, they have gained access to a friend or relatives' email or social media accounts. The scammer -- pretending to be Grandma - just sent you link to a funny video, and she wants you to look at it right away! Click on it, though, and you have just downloaded malware onto your computer.

Fraudsters can also use your innate goodness against you. They take the disaster or tragedy of the day and guilt you into giving money to what you think is a legitimate charity. By spoofing the look of a real non-profit with a bogus link, your money never makes it to the true victims.

So, how do you build that digital defense against social engineering?

* The number one thing you can do is to "think before you click." Don't let the fear get in the way of you making a rational decision.

* Know that no bank, business or law enforcement agency is ever going to ask you for your account numbers, passwords or payments over the phone. If you get a message asking you for that information, end the conversation.

* Use a publicly available resource to look up a legitimate phone number or email address for the business or agency that purportedly contacted you. You should call them to confirm what is or isn't going on.

Report your suspicious contacts to the FBI. You can file an online report at the FBI's Internet Crime Complaint Center at www.ic3.gov or call your FBI local office.

Capt. Seymour - #3
Capt. Seymour - #3
Prineville Police Captain Graduates from the FBI National Academy (Photo) - 06/20/17

Capt. Larry Seymour recently completed one of the toughest challenges available for local law enforcement officers: the FBI National Academy. In early June, Capt. Seymour and two other Oregon law enforcement officers completed the ten-week training session at the FBI National Academy in Quantico, Virginia.

There is a highly competitive process that local law enforcement officers must go through before being selected for this honor. That process includes a nomination by a supervisor; interviews of the candidate and co-workers to determine leadership skills and abilities; a background check; a determination of physical fitness; and the support of former National Academy graduates within the candidate's organization.

"Only a few law enforcement officers from Oregon have the chance to attend the National Academy each year," said Loren Cannon, Special Agent in Charge of the FBI in Oregon. "The exceptional leaders selected to participate have a great opportunity to share their experiences with peers and to learn best practices from officers from across the country and the world."

Capt. Seymour started his law enforcement career as a volunteer reserve officer with Molalla Police Department. Shortly thereafter, the Prineville Police Department hired him as a certified officer, and he has served in Prineville for 13 years. Over his career, Capt. Seymour has served as a Field Training Officer (FTO), a Narcotics K-9 Handler, Central Oregon Emergency Response Team (CERT) member, Narcotics Detective and Sergeant. In January 2016, the department promoted him to the rank of Captain. In his current position, Capt. Seymour serves as operations manager for all functions of the department, and he reports to Chief Cummins. He is a certified trainer in Firearms and Active Threats.

Through the course of his time at the Prineville Police Department, Capt. Seymour attained his Associates Degree and his Bachelor's Degree from Columbia Southern University.

"The FBI National Academy is the premier executive leadership academy for law enforcement executives," said Chief Dale Cummins. "Captain Seymour, through dedication and hard work, earned a nomination and had the privilege to attend. The classes, contacts, and experiences he has had will make him a true asset to our department and our community. I look forward to his return to work where he can share his knowledge with our staff."

During the ten weeks of training, local executive-level law enforcement officers spend most of their time in the classroom. Capt. Seymour took a number of courses, including: "Behavioral Science for Law Enforcement Leaders," "Fitness in Law Enforcement," "Overview of Forensic Science for Police Administrators and Managers," "Legal Issues Impacting Law Enforcement Operations," "Emotional Intelligence," "Contemporary Issues in Law Enforcement" and the "National Academy Networking and Enrichment" course. The FBI's National Academy program allows the participants the opportunity to earn college credits through the University of Virginia for some of their studies. In addition to the classroom work, participants have physical training courses and activities.

Each year, the FBI sponsors four sessions of the National Academy. Capt. Seymour graduated from the 268th session of the National Academy. Each session includes about 220 local law enforcement officers from around the United States as well as from around the world. While in the Academy, the officers and deputies live in a dorm-like setting. The FBI does not charge U.S. students for tuition, books, equipment, meals, lodging, or travel to and from their home.

###

Attached photos include:

#1 - Capt. Seymour
#2 - Capt. Seymour at National Police Memorial Law Enforcement Run (he was running in memory of Seaside Police Department's Sgt. Jason Goodding
#3 - Capt. Seymour on New York City trip with his National Academy class

BR - Wilsonville Key Bank - June 7, 2017 - car 2
BR - Wilsonville Key Bank - June 7, 2017 - car 2
Public's Help Needed Finding the "Sporty Spice" Bandit (Photo) - UPDATE Suspect Identified - 06/13/17

Investigators believe that the man arrested following a bank robbery in Vancouver today is the "Sporty Spice" bandit. He has not yet been charged with any robberies in Oregon as that determination will be made in consultation with local and federal prosecutors at a later time.

Please refer all questions concerning today's arrest in Vancouver to the Vancouver Police Department.

**********
Original Story: 6/8/2017 - 2:06 pm

The FBI, Tigard Police Department and the Wilsonville Police Department are asking for the public's help to identify and locate a serial bank robber nicknamed the "Sporty Spice" bandit. The same man is believed to have robbed a Key Bank branch in Tigard on June 2, 2017, and a Key Bank branch in Wilsonville on June 7, 2017. Of note, the robber held a handgun in his left hand in the Tigard robbery. He racked the slide and pointed it at three different tellers as he demanded cash. In the Wilsonville robbery, there was no weapon seen or implied.

Investigators are nicknaming him the "Sporty Spice" bandit for his choice of sports-related apparel. In both robberies, he wore an Under Armor black jacket and what appears to be a khaki-colored Adidas cap.

In the Tigard robbery, no vehicle was seen. In the Wilsonville robbery, witnesses say the suspect drove away in a silver-colored vehicle. Investigators believe that vehicle may be a Dodge Journey.

+ June 2, 2017 - Key Bank, 11665 SW Pacific Highway, Tigard, Oregon
+ June 7, 2017 - Key Bank, 9490 SW Wilsonville Road, WIlsonville, Oregon

Witnesses describe the robber as:
White man
Age: 20 - 40 years old
Height: 5'7" - 5'10"
Build: Slender
Hair: Dark and short
Other: In the Tigard robbery, the bank robber wore a blue latex glove on his right hand. In the Wilsonville robbery, he wore black latex gloves on both hands.

Anyone with information about the bank robber's identity is asked to call the FBI at (503) 224-4181, the Tigard Police Department at (503) 718-COPS (2677) or the Wilsonville Police Department at (503) 793-1910.

FBI Tech Tuesday - Building a Digital Defense Against PII (part 2) - 06/13/17

Last week, we talked about a cyber scheme the FBI is seeing a lot of these days. It is a version of the business email compromise scam in which the fraudster pretends to be an executive within the victim company. He convinces the HR or finance department to give him Personally Identifying Information -- or PII -- about the employees -- allegedly for tax or audit purposes.

This week we are going to talk about a similar PII theft scam -- but this one starts with a phishing campaign targeting employees themselves. In this case, the fraudster is focused on companies that use self-service platforms where employees can view their pay, W-2 and direct deposit information.

In this case, the fraudster sends an email to an employee pretending to be from the company's Human Resources department. The email asks the employee to click on a provided link to log into his self-service account. The phishing emails often ask employees to logon to view a private email from HR, to view changes made to their accounts or to confirm that the account should not be deleted.

By clicking on the link and entering their self-service credentials, employees are actually giving their logon information to the fraudster. The fraudster can now go into the self-service account himself and access W-2 and pay stub information. He can also change the direct deposit information. In order to prevent the victim from knowing what is going on, the fraudster will also change the email address that the self-service platform sends alerts to when changes are made.

No matter how the fraudster gets to your PII, his goal is to use the information to launch a series of attacks against the employees. They now are more vulnerable to fraudulent tax filings, credit card applications, loan applications and more.

Here are ways you can help keep your employees -- and their PII -- safe:

* Practice good email hygiene. Train your employees to watch for phishing attacks and suspicious malware links. Always checking the actual email address rather than just looking at the display name can be crucial to seeing the attack early.

* Human Resources self-service platforms should have two-factor authentication. An example would be requiring users to enter a second password that is emailed to them or a hard token code.

* Self-Service platforms should also have alerts set up for administrators so that unusual activity may be caught before money is lost. These alerts may include banking information being changed to online banks typically used by fraudsters or alerts on TOR node IP addresses.

* Companies can set a time delay between the changing of direct deposit information in the self-service portal and the actual deposit of funds into the new account to decrease the chance of the theft of funds.

For more information on email security concerns or other cyber crimes, check out the FBI's website at www.fbi.gov or the FBI's Internet Crime Complaint Center at www.ic3.gov. For Tax Fraud Reporting and Information go to www.irs.gov.

Lt. Shearer - Photo #4
Lt. Shearer - Photo #4
Portland Police Lieutenant Graduates from the FBI National Academy (Photo) - 06/09/17

Lt. Andrew Shearer recently completed one of the toughest challenges available for local law enforcement officers: the FBI National Academy. In early June, Lt. Shearer and two other Oregon law enforcement officers completed a ten-week training session at the FBI National Academy in Quantico, Virginia.

There is a highly competitive process that local law enforcement officers must go through before being selected for this honor. That process includes a nomination by a supervisor; interviews of the candidate and co-workers to determine leadership skills and abilities; a background check; a determination of physical fitness; and the support of former National Academy graduates within the candidate's organization.

"Only a few law enforcement officers from Oregon have the chance to attend the National Academy each year," said Loren Cannon, Special Agent in Charge of the FBI in Oregon. "The exceptional leaders selected to participate have a great opportunity to share their experiences with peers and to learn best practices from officers from across the country and the world."

Lt. Shearer has served at the Portland Police Bureau for 25 years, starting as an Officer and being promoted to Sergeant and later Lieutenant. Over time, he worked in patrol operations, with the Gang Enforcement Team, with the Youth Gun Anti-Violence Task Force, and on the Special Emergency Reaction Team (SERT). As a Lieutenant, he served as the Executive Officer for the Assistant Chiefs of Operations Branch and Community Services Branch. He has also served as an Adjutant to the Chief. He is currently serving as an Acting Captain of the Tactical Operations Division for PPB. He holds a Bachelor's degree from Portland State University in Administration of Justice.

"Lt. Shearer has been a leader with the Portland Police Bureau through his career," said Portland Police Chief Mike Marshman. "I am not surprised that he excelled during his time at the FBI National Academy. I look forward to Lt. Shearer returning to the Bureau where he will be part of the leadership team helping to navigate positive change within the organization."

During the ten weeks of training, local executive-level law enforcement officers spend most of their time in the classroom. Lt. Shearer took graduate-level courses, including: "Contemporary Issues in Law Enforcement," "Emotional Intelligence: Leadership, Communication, Media and Managing the Law Enforcement Image," "Advanced Psychology of Communication" and "Intelligence Theory for Law Enforcement Managers." The FBI's National Academy program allows the participants the opportunity to earn college credits through the University of Virginia for their studies. In addition to the classroom work, participants have physical training courses and activities.

Each year, the FBI sponsors four sessions of the National Academy. Each session includes about 220 local law enforcement officers from around the United States as well as from around the world. While in the Academy, the officers and deputies live in a dorm-like setting. The FBI does not charge U.S. students for tuition, books, equipment, meals, lodging, or travel to and from their home.

###

Note to media:

Photo #1 - Official FBI National Academy Portrait
Photo #2 - Lt. Shearer with FBI National Academy sign
Photo #3 - Lt. Shearer with Oregon FBI Special Agent Sandra Flint (serving as an FBI NA counselor) and Prineville PD Captain Larry Seymour (a fellow National Academy participant from Oregon)
Photo #4 - Lt. Shearer runs in the Washington, DC Police Week 5k in honor of Colleen Waibel, PPB officer killed in the line of duty in 1998.

FBI Tech Tuesday - Building a Digital Defense Against PII theft (part 1) - 06/07/17

** Note: Due to a technical error, this did not (obviously) get send on Tuesday. I apologize for the delay! **



In recent years, the FBI has seen an increase in the number of companies and institutions reporting the theft of Personally Identifiable Information or PII. This theft takes many forms from email phishing attacks to Point-of-Sale theft to the more advanced hacking of vulnerabilities in servers where the information is hosted. The theft of the information can happen at any time, but the effects can be felt for months or years beyond then.

This year saw a proliferation of a two distinct phishing campaigns to steal PII for Tax Fraud. The first is a variation of the business email compromise scam in which a company's executive has his or her email hacked or spoofed. In a traditional business email compromise scheme, the fraudster tries to convince the victim company's finance department to make a payment to a regular vendor or send an invoice to that vendor requesting payment back. The fraudster would re-route the payment midstream and cash out.

In this case, the fraudster uses that exec's account to send emails to the company's human resources, finance or audit department. The email seemingly sent by the executive asks for employees' PII or W-2 information, allegedly for tax or audit purposes. In some cases, the fraudsters have managed to secure sensitive financial and personal information on thousands of workers.

In the second kind of PII theft scheme that we are seeing, the employee himself is a target. We will explain more about that version of the scam in next week's Tech Talk.

In the meantime, here are some helpful hints on what businesses can do to protect themselves:

* Set up two-factor verification systems to confirm the request and receipt of such sensitive information. This could be as simple as a phone call or a face-to-face meeting.

* Establish protocols for sensitive information requests ahead of time and outside of the email environment. You don't want a hacker who already has access to your system to know what your back-up security measures include.

* Ensure that sensitive PII and W-2 information is secured with encryption.

* Establish and maintain robust and strong security for your data, including firewalls, virus protection and spam filters.


For more information on email security concerns or other cyber crimes, check out the FBI's website at www.fbi.gov or the FBI's Internet Crime Complaint Center at www.ic3.gov. For Tax Fraud Reporting and Information go to www.irs.gov.

FBI Tech Tuesday: Building a Digital Defense with an Email Fortress - 05/30/17

Businesses beware -- fraudsters want to cash in on digital data, and your vulnerable email account can give them the keys to the kingdom. One of the biggest dangers lurking in your in-box is a version of a phishing scheme.

In this case, the fraudster sends you what appears to be a legitimate email. He may have hacked someone else's email account to get to you, or he may have "spoofed" an email address making it look real.

Either way, his goal is to get you to give him access to your company and/or your cash. In this phishing scheme, an embedded link is the hook with which he will attempt to catch you.

Once you click on that link, the fraudster is able to download malware onto your system that potentially gives him access to user ID's, passwords, customer records, financial information and data files.

Phishing schemes are often just the start -- leading to potential ransomware attacks, business-email-compromise scams and more.

So -- how do you protect your company? From the lowest level employee up to the CEO, your email system needs to be a fortress filled with defenses.

* Don't use free web-based email accounts for your business. Establish your own domain and create email accounts based on that domain.

* Ensure that your firewalls, virus software and spam filters are robust and up-to-date.

* Immediately report and delete suspicious emails, particularly those that come from people you don't know.

* If you receive an email from someone who appears to be a legitimate contact but you are wary, make sure you "forward" it to back the sender. Do not hit "reply." That way you can manually type the known email address or find it in your established contact list to confirm authenticity.

* Don't click in a moment of panic. Fraudsters often use social engineering to stress you out so you will act quickly without thinking. Check before you click.

* Consider two-factor authentication for employee email. This would include something you know (such as a password) and something you have (such as dynamic/changing PIN or code.)

* Create a security system that flags emails with similar -- but incorrect -- formatting. For instance, you may regularly do business with Joe at ABC_company.com, but are you going to notice if one day the email comes from Joe at ABC-company.com?

* Make sure your email is encrypted in-transit if you are putting sensitive information into it.


Bottom line -- build the email fortress tall and wide to protect your business.

For more information on email security concerns or other cyber crimes, check out the FBI's website at www.fbi.gov or the FBI's Internet Crime Complaint Center at www.ic3.gov.