Online Shopping Info Slide

Welcome to the Oregon FBI’s Tech Tuesday segment. Today: Building a digital defense as you race to finish your holiday shopping.

Today, we have a red alert straight from the big guy at the North Pole – we are just two weeks away from Christmas! Are you ready?

Online shopping makes it easier and easier for procrastinators to push those deadlines into the danger zone – but we have 12 days of tips to keep you shopping safely, and get you done early!

Day 1 – Don’t go online until you make sure that your computer and your phone are fully up to date. Santa says you should make sure you aren’t susceptible to viruses and malware.

Day 2 – Put the cold freeze on using public WiFi. If you do logon to unsecured wireless networks, you can put your private info out there for any grinch to steal.

Day 3 – Find the perfect whatnot, but the seller requires that you pay using a gift card or wire transfer? Watch out – those are telltale signs of a possible fraud.

Day 4 – Mrs. Claus is a big believer in giving “experiences” over “things”… but if you are thinking of buying tickets to a concert or sporting event for that special someone, make sure you stick with a reputable seller. You might find websites or online marketplaces where people are offering good tickets cheaply, but know that plenty of counterfeiters are ready to cash in on Christmas at your expense.

Day 5 – Hot toy or blingy bauble sold out everywhere you look? You think you hit the jackpot when you find it on a never-heard-of-before website, and, bonus, it’s cheaper than expected! Sounds great, but be warned – if you stumbled upon a scammer trying to take advantage of your desperation, the only thing that is likely to show up in the mail is a bill.

Day 6 – Pay with a credit card when possible. You will likely have more protections than paying with your debit card or cash.

Day 7 – Time to put your jingle jangle on and buy some gift cards. They are popular options, but watch out for sellers who say they can get you cards below-market value. Also be wary of buying any card in a store if it looks like the security PIN on the back has been uncovered and recovered. Your best bet is to buy digital gift cards directly from the merchant online.

Day 8 – Stay off you-know-who’s naughty list by changing your passwords. Yes, they can be difficult to remember, but, no, they shouldn’t all be the same. Make sure you use long and unique passwords for the most important sites – like your email and bank account – and update the others to stronger options frequently.

Day 9 – Tis the season for giving, and it is prime time for charities to ask for money as we get close to the end of the year. Make sure that your donations are going to legitimate non-profits by doing some basic research. Also keep an eye on how much of your donation goes directly to services – and how much it is gobbled up by admin and overhead costs.

Day 10 – It’s candy cane crunch time, with only a few days left. Don’t let stress drive you to making poor choices. Fraudsters love using social engineering techniques to trick you into making quick decisions you wouldn’t otherwise make. As the saying goes, if the deal sounds too good to be real, it likely is.

Day 11 – Almost there, and scammers are going down to the wire to make their pitch sound perfect. Beware of unsolicited emails, texts, or social media posts that promise you the chance to purchase that final needed gift. Don’t click on links or attachments no matter how much you want to be done with shopping madness.

Day 12 – You made it with just a few days to spare. We have just one final tip for you before you try to wrap that pile of presents. Spend a few minutes checking your bank and credit card statements for unauthorized transactions. If there’s anything suspicious – make sure you report it right away.

As always, if you have been victimized by a cyber fraud, be sure to report it to the FBI’s Internet Crime Complaint Center at www.IC3.gov or call your local FBI office.

Have a great holiday everyone and remember to shop safely.

IOT Info Slide

Welcome to the Oregon FBI’s Tech Tuesday segment. Today: Building a digital defense in your Internet of Things.

Last week we talked about smart TV’s – and how that built-in internet connection can allow manufacturers, streaming services, and even hackers an open door into your home.

This week, we are looking at the larger Internet of Things (IoT). Basically, this means everything else in your home that connects to the world wide web. If you look at the holiday wish lists that your kids, spouse, and parents conveniently dropped on you last week at Thanksgiving – most everything on there probably makes the cut.

Digital assistants, smart watches, fitness trackers, home security devices, thermostats, refrigerators, and even light bulbs are all on the list. Add to that all of the fun stuff: remote-controlled robots; games and gaming systems; interactive dolls; and talking stuffed animals … well, the list seems endless.

What these all have in common is that send and receive data. But do you know how that data is collected? And where it is going?

Another concern is that hackers can use that innocent device to do a virtual drive-by of your digital life. Unsecured devices can allow hackers a path into your router – giving the bad guy access to everything else on your home network that you thought was secure. Private pictures and passwords safely stored on your computer? Don’t be so sure.

Here’s what you can do to build that digital defense:

• Change the device’s factory settings from the default password. A simple internet search should tell you how – and if you can’t find the info, consider moving on to another product.
• Passwords should be as long as possible and unique for IoT devices.
• Many connected devices are supported by mobile apps on your phone. These apps could be running in the background and using default permissions that you never realized you approved. Know what kind of personal info those apps are collecting, and say “no” to privilege requests that don’t make sense.
• Secure your network. Your fridge and your laptop should not be on the same network. Keep your most private, sensitive data on a separate system from your other IoT devices.
• Make sure all of your devices are updated regularly. If automatic updates are available for software, hardware, and operating systems – turn them on.

As always, if you have been victimized by a cyber fraud, be sure to report it to the FBI’s Internet Crime Complaint Center at www.IC3.gov or call your local FBI office. 

The following information is being sent on the behalf of FBI San Diego as part of a national effort to locate this fugitive. There is no information concerning Mostafa's location or indication that he has ties to Oregon. Media inquiries concerning this fugitive should be directed to the U.S. Attorney's Office in San Diego.

The wanted poster, a video file and an audio file can be found at: https://www.fbi.gov/wanted/wanted_terrorists/jehad-serwan-mostafa

###

SAN DIEGO – An indictment was unsealed in federal court today charging Jehad Serwan Mostafa, a 37-old U.S. citizen and former San Diego resident who is on the FBI’s Most Wanted Terrorist List, with terrorism violations arising from his critical role in providing support to the militant Islamic terrorist organization, al-Shabaab.

The superseding indictment alleges that from no later than March 2008 through in or about February 2017, Mostafa conspired to provide material support, including himself as personnel, to terrorists; conspired to provide material support to al-Shabaab, a designated foreign terrorist organization (FTO); and provided material support to al-Shabaab.

Mostafa, also known as “Ahmed Gurey,” “Ahmed,” “Anwar,” “Abu Anwar al Muhajir,” and “Abu Abdallah al Muhajir,” was originally charged in a three-count indictment in October 2009 with similar charges.  The superseding indictment announced today expands the scope of the indictment alleging that Mostafa’s support of terrorist activities and al-Shabaab continued up to and including February 2017. 

On March 20, 2013, the Department of State’s Reward for Justice Program offered a reward of up to $5 million dollars for information leading to the arrest and conviction of Mostafa.  U.S. Attorney Robert Brewer said the United States unsealed the superseding indictment with hopes that Mostafa will be apprehended and brought to justice. “We believe this defendant is the highest-ranking U.S. citizen fighting overseas with a terrorist organization,” Brewer said. “Al-Shabaab’s reign of terror threatens U.S. national security, our international allies and innocent civilians. Today we seek the public’s assistance in capturing Mostafa and disrupting Al-Shabaab.”

Scott Brunner, the Special-Agent-In-Charge of the San Diego FBI, stated that Mostafa is currently believed to be in Somalia, and the FBI is seeking the assistance of the public, both in the United States and East Africa, in locating and apprehending Mostafa.  SAC Brunner stated that the apprehension and prosecution of Mostafa will aid in disrupting al-Shabaab’s terrorist activities, which continue to threaten U.S. national security, our international allies, and innocent civilians, both U.S. and foreign citizens alike.

SAC Brunner stated that Mostafa was raised in the Serra Mesa area of San Diego and attended high school and college in San Diego.  After graduating from college, in late 2005 at the age of 23, Mostafa departed San Diego, traveling first to Sana’a, Yemen, and then on to Somalia where he engaged in fighting against internationally supported Ethiopian forces.  Mostafa eventually joined al-Shabaab, a terrorist group that the U.S. Department of State designated as a Foreign Terrorist Organization in 2008.  

Al-Shabaab, meaning “The Youth” in Arabic, is a violent and brutal militia group that has used intimidation and violence to undermine the Somali government and the foreign military presence supporting it.  The group seeks to control territory within Somalia in order to establish a society based on its rigid interpretation of Sharia law.  In 2012, it pledged allegiance to the militant Islamist organization Al-Qaeda.  Over time, al-Shabaab has engaged in external operations in neighboring countries in pursuit of global jihad.  While its terrorist attacks have been concentrated in East Africa, it has claimed  responsibility for attacks that resulted in injuries to Americans and/or had ties to San Diego: the 2010 Kampala, Uganda suicide bombing of a bar during a World Cup soccer match that killed a U.S. citizen working for a San Diego non-profit organization; and a 2013 attack on the Westgate shopping mall in Nairobi, Kenya that killed over 60 and injured U.S. citizens, including a graduate of Torrey Pines High School.  Additionally, as recently as January 15, 2019, al-Shabaab executed a coordinated attack at the DusitD2 hotel in Nairobi, Kenya, where 16 innocent civilians were killed, including one U.S. citizen.  

SAC Brunner stated that for over a decade, Mostafa has played a critical role in al-Shabaab, including in its media operations, training of soldiers, and participating in attacks on Somali government forces and African Union troops.  Since 2009, Mostafa has held leadership positions with al-Shabaab, and today is believed to be the highest-ranking U.S. citizen fighting overseas with a terrorist organization.  In 2011, Mostafa appeared at a press conference with an al-Shabaab leader, purporting to be an al-Qaeda emissary.  SAC Brunner stated that the FBI assesses that this media stunt evidences his efforts to facilitate al-Shabaab’s relationship with other terrorist groups and role in external operations.

According to SAC Brunner, in 2019, the FBI became aware of Mostafa’s participation and leadership within al-Shabaab’s explosives department.  Specifically, Mostafa has been implicated in the use of improvised explosive devices (IEDs) in attacks in Somalia and in improving their effectiveness as a tool of terror.  Al-Shabaab has recently used IEDs against U.S. interests in Somalia.  On September 30, 2019, al-Shabaab attacked the Baledogle U.S. military airbase in southern Somalia where U.S. soldiers are located to support Somali and African Union troops, and assaulted an Italian military convoy traveling in the Somali capital of Mogadishu.  Al-Shabaab claimed responsibility for both attacks.  Al-Shabaab is resolved to continue attacks on innocent civilians in Somalia and in the region, and has demonstrated it will go to great lengths to threaten the security of the United States and our partners.   

SAC Brunner noted that the FBI believes Mostafa continues to play a critical role in planning operations directed against the Somali government and internationally supported African Union forces in Somalia and East Africa.  As a result, Mostafa continues to pose a direct threat to U.S. forces, civilians and interests.

The public is reminded that a reward of up to $5 million dollars is being offered for information leading to the arrest and conviction of Mostafa. Anyone with information about Jehad Serwan Mostafa can report tips anonymously by phone at 1-800-CALL-FBI or online at “tips.fbi.gov” or can contact the nearest FBI office, American Embassy or Consulate.

DEFENDANT                                               Criminal Case No. 09CR3726-WQH 

Jehad Serwan Mostafa                                    Age 37            Somalia (former resident of San Diego)        

SUMMARY OF CHARGES

Conspiracy to Provide Material Support to Terrorists – Title 18, U.S.C., Section 2339A(a)

Maximum penalty: Fifteen years in prison and $250,000 fine

Conspiracy to Provide Material Support to a Foreign Terrorist Organization – Title 18, U.S.C., Section 2339B(a)(1)

Maximum penalty: Twenty years in prison and $250,000 fine

Providing Material Support to a Foreign Terrorist Organization – Title 18, U.S.C., Section 2339B(a)(1)

Maximum penalty: Twenty years in prison and $250,000 fine.

INVESTIGATING AGENCIES

San Diego Joint Terrorism Task Force

Federal Bureau of Investigation

Smart TV Info Slide

Welcome to the Oregon FBI’s Tech Tuesday segment. Today: Building a digital defense with your TV.

Yes, I said your TV. Specifically – your smart TV… the one that is sitting in your living room right now. Or, the one that you plan to buy on super sale on Black Friday.

Smart TVs are called that because they connect to the internet. They allow you to use popular streaming services and apps. Many also have microphones for those of us who are too lazy to actually to pick up the remote. Just shout at your set that you want to change the channel or turn up the volume, and you are good to go.

A number of the newer TV’s also have built-in cameras. In some cases, the cameras are used for facial recognition so the TV knows who is watching and can suggest programming appropriately. Now – there are also devices coming to market that allow you to video chat with grandma in 42” glory.

Beyond the risk that your TV manufacturer and app developers may be listening and watching you, that television can also be a gateway for hackers to come into your home.  A bad cyber actor may not be able to access your locked-down computer directly, but it is possible that your unsecured TV can give him an easy way in the backdoor through your router.

Hackers can also take control of your unsecured TV. At the low end of the risk spectrum, he can change channels, play with the volume, and show your kids inappropriate videos. In a worst-case scenario, he can turn on the camera and microphone to that TV hanging in your bedroom and silently cyber stalk you.

TV’s and technology are a big part of our lives, and they aren’t going away. So how can you protect your family?

• Know exactly what features your TV has and how to control those features. Do a basic internet search with your model number and the words “microphone”, “camera”, and “privacy.”
• Don’t depend on the default security settings. Change passwords if you can – and know how to turn off the microphones, cameras, and collection of personal information if possible. If you can’t turn them off, consider whether you are willing to take the risk of buying that model or using that service.
• If you can’t turn off a camera but want to – a simple piece of black tape over the camera eye is a back-to-basics option.
• Check the manufacturer’s ability to update your device with security patches. Can they do this? Have they done it in the past?
• Check the privacy policy for the TV manufacturer and the streaming services you use. Confirm what data they collect, how they store that data, and what they do with it.

As always, if you have been victimized by a cyber fraud, be sure to report it to the FBI’s Internet Crime Complaint Center at www.IC3.gov or call your local FBI office. 

TT - Online Calendars - November 19, 2019 - GRAPHIC

Welcome to the Oregon FBI’s Tech Tuesday segment. Today: Building a digital defense against calendar fraud.

Yes, I said calendar fraud. For some, the chaos of the modern world can only be tamed by a color-coded calendar with every meeting, dinner plan, and sports practice neatly posted. It’s technology’s promise that if you document every work, family, friend, school, and sport obligation online – you might just make it to Friday. 

But, with every tool comes a threat. In this case, the threat is an oldie-but-goodie – a phishing attack. It is the delivery method that is new. 

Scammers have started sending online users calendar invites. In many cases, the calendar’s default settings allow the invitation to simply appear on your account. The fraudster could be offering you a prize or an invitation to some special, swanky event. Just click on the link and you can register… or click, put in your credit card number, and you are on your way to winning the jackpot. 

Of course, these are fakes. At the very least, the sender is able to access your bank account… at most he’s loaded malware onto your device and now has access to all of your passwords, personal info, and more. 

How do you protect yourself? 

• Never click on a link or open an attachment – or in this case a calendar invitation – that you aren’t expecting or is from someone you don’t recognize. 

• Report calendar phishing attempts to the calendar service you use. That will help the providers block such spam attempts in the future. 

• Set your calendar permissions so that invitations do not automatically load in your system. Do a simple internet search to find out how to increase the security settings for whichever calendar option you are using.  

As always, if you have been victimized by a cyber fraud, be sure to report it to the FBI’s Internet Crime Complaint Center at?www.IC3.gov or call your local FBI office.

###

BR - 10-21-19 - OCCU Eugene 4

The FBI is featuring the October 21, 2019, robbery at the Oregon Community Credit Union in Eugene on its Unknown Bank Robbers webpage in an effort to generate more tips to help identify the woman responsible. The FBI and the Eugene Police Department are working this case jointly.

At about 4:40 on that Monday afternoon, the woman walked into the branch, located at 2880 Chad Drive in Eugene, and demanded cash. Once she received an undisclosed amount of cash, she exited the bank and may have left the area in a silver pick-up truck, possibly a later-model Dodge 1500, double-cab.

Description:

White woman

Age:  Mid 30’s

Height: Approximately 5’6”

Build:  Heavy with a round face and cleft chin

Hair: Possibly bleach blonde

Other: Pierced ears and may wear glasses

Clothing: Black or dark grey v-neck long-sleeved shirt or sweater with 3 buttons at the top; black pants with light-colored flowers or circles; dark black and tan shoes; black purse with silver handles; dark grey or green beanie hat; and sunglasses with purple lenses.

The FBI’s unknown bank robber poster can be seen at https://bankrobbers.fbi.gov/robbers-container/2019-11-14.8556290648.  Anyone with information is asked to submit a tip Eugene Police Department at (541) 682-5111. You can also report information to https://tips.fbi.gov or call the nearest FBI office. In Eugene, the FBI can be reached at (541) 343-5222.

###