TT - New Online Shopping Frauds - GRAPHIC - August 11, 2020

Welcome to the Oregon FBI’s Tech Tuesday segment. This week: building a digital defense against new online shopping frauds. 

The FBI is seeing an increasing number of victims who are not receiving items they purchased online. Typically, the buyer is finding items such as gym equipment, small appliances, tools and furniture listed at prices lower than what is available elsewhere. Victims reported they were led to these websites via ads on social media or while searching for specific items through online search engines. 

Common factors that tend to tie these victims together: 

• The shipment included face masks shipped from China, regardless of what was ordered. 

• Victims made payment using an online money transfer service. 

• The retail websites provided valid U.S. addresses and telephone numbers under a “Contact Us” link, but the contact info was misleading. The victims thought the retailer was located within the U.S. when it was not. 

• Many of the websites used content copied from legitimate sites; in addition, the same unassociated addresses and telephone numbers were listed for multiple retailers. 

Some victims who complained to the vendor about their shipments were offered partial refunds and told to keep the face masks as compensation. Others were told to return the items to China – at their own expense – in order to be reimbursed. All attempts made by the victims to be fully reimbursed, or to receive the actual items ordered, were unsuccessful. 

Here are some warning signs for shoppers to watch for: 

• Instead of a website ending in .com, the fraudulent websites used the domains “.club” and “.top.” 

• Websites offered merchandise at significantly discounted prices. 

• Uniform Resource Locator (URL) or web addresses were registered recently (within the last six months). 

• Websites used content copied from legitimate sites and often shared the same contact information. 

Here are some ways to stay safe: 

• Do your homework on the retailer to ensure it is legitimate. Search for reviews and include the words “scam” or “fraud”. 

• Check the vendor on the Better Business Bureau’s website (www.bbb.org).

• Confirm the contact details of the vendor’s website prior to purchase –  specifically the address, email, and phone number. 

• Be wary of online retailers who use a free email service instead of a company email address. 

• Don’t judge a company by its website; flashy websites can be set up and taken down quickly. 

If you become a target of this scam, make sure to notify your bank immediately and ask to have the transaction stopped or reversed. As always, if you have been victimized by a cyber fraud, you can report it to the FBI’s Internet Crime Complaint Center at www.IC3.gov or call your local FBI office. 

###

TT - C-19 Contact Tracers - August 4, 2020 - GRAPHIC

Welcome to the Oregon FBI’s Tech Tuesday segment. This week: building a digital defense against COVID-19 contact tracing scams.

You have probably heard the term “contact tracing” quite a bit as of late. Contact tracing is the way in which health officials track who may be at risk of becoming infected with the coronavirus. If someone tests positive for the virus, health officials will work with the infected person to get names and phone numbers for those with whom they have had recent contact. The goal is to slow the spread of the virus by identifying those who may have been exposed. Once identified, health officials can provide these people with information on how to keep themselves and their communities safe. They can also give guidance about the possible need for quarantining and monitoring of symptoms.  

Of course, there are always bad actors out there who want to take advantage of an already difficult situation.  

In Oregon, contact tracers are usually hired by the state or a county health department — but they can also come from community-based organizations in some areas. The contact tracer will call you or send you a letter… not a text message or email. If you receive a text or email that claims to come from a contact tracer – be careful. Do not click on links as that can download malware onto your device, allowing the cybercriminal to steal your personal info. 

In some cases, the bad guys don’t even have to steal the information – they just ask for it. That’s why it is important for you to be able to recognize the difference between information requests you will get from legitimate tracers and the criminals.  

Legitimate contact tracers may ask you for your name, birth date, address, contact information, occupation, and whether you have symptoms. They may also ask demographic questions such as your race, ethnicity, language preference, and whether you have any disabilities. All of that is OK, and the information you provide will be protected as a private medical record and won’t be shared with other agencies. 

However, if you have someone asking for your Social Security number, bank account information, credit card number, or immigration status, hang up. That person is not a legitimate contact tracer. 

For more information on contact tracing in Oregon or if you have concerns about the legitimacy of someone who reaches out to you, visit www.healthoregon.org/contacttracing.  

If you have fallen victim to a COVID-19 scam or any other online fraud, report it to the FBI’s Internet Crime Complaint Center (IC3.gov) at www.ic3.gov or call your local FBI office.

### 

TT - Dating Apps - GRAPHIC - July 28, 2020

Welcome to the Oregon FBI’s Tech Tuesday segment. This week: Building a digital defense against potential dangers in popular dating apps.

An estimated one-in-three American adults have used online platforms or mobile apps to look for love. There are lots of app options out there… seemingly something for everyone. The important thing, though, is to keep your "cyber self" secure.

Consider these two concerns – you are putting a lot of personal information out there for the world to see, and you are giving the dating company a lot of personal information that it can sell or share. Even if you are careful about what you post on other social media platforms, you are likely to tell your dating app quite a bit of info you wouldn’t usually share - everything from your lifestyle preferences to personal likes to work history. Also on the list: details about your bio, education, hobbies, and passions. 

Beyond the info you share, the dating app may request or require that it accesses your social media platforms and photos for verification. You have to decide how far you are willing to go in this quest for love…

If you are thinking about using a dating app or website, here are some ways to protect yourself:

• Keep your app updated and check the privacy settings with each update to make sure you have selected the most restrictive privacy settings.
• Allow push notifications, if offered, so you can better keep track of who is accessing your profile.
• Thoroughly read the terms and conditions – yes, that fine print – to ensure you know exactly what the company is doing with your information.
• Don’t use your last name when setting up your profile. Either use your first name and last initial or just initials.
• Don’t list your specific place of work. 
• Don’t use the same username or profile picture across various public accounts. 
• Don’t list your real date of birth. Consider using your real birth year, but pick a different date.
• Do use the site’s chat feature instead of giving your phone number or email.
• Consider using a paid account as you may have more control over who sees your information and what information is public.

If you have fallen victim to dating app exploitation or any other online fraud, report it to the FBI’s Internet Crime Complaint Center (IC3.gov) at www.ic3.gov or call your local FBI office. 

###

FBI statement - 1 of 3 - graphic

“The FBI’s role is to investigate violent crime and hold those accountable who are engaging in violent acts or significant destruction of property. Our investigations involve specific violations of federal law, including arson, the use of improvised explosive devices, and interstate transportation of stolen goods. The Portland FBI seeks to work closely with our local law enforcement partners to ensure the community is safe and people are free to exercise their First Amendment rights in a peaceful manner.  

The FBI can never initiate an investigation based solely on an individual’s race, ethnicity, national origin, or religion. Our focus is not on membership in particular groups but on individuals who commit violence and criminal activity that constitutes a federal crime or poses a threat to national security. The FBI does not and will not police ideology."

Renn Cannon

Special Agent in Charge

FBI – Portland Division

TT - C-19 Unemployment - GRAPHIC - July 21, 2020

Welcome to the Oregon FBI’s Tech Tuesday segment. This week: unemployment benefit scams. 

During this time of COVID-19, the FBI is seeing a spike in complaints from victims who are having their personally identifiable information (PII) stolen and used by criminal actors to file false unemployment claims. 

The criminals obtain the stolen identity using a variety of techniques, including the online purchase of stolen PII, previous data breaches, computer intrusions, impersonation scams where they cold-call victims, email phishing schemes, and more.  

Many victims of this scam do not know they have been targeted until they try to file a claim for unemployment insurance benefits themselves. In other cases, victims receive a notification from the state unemployment insurance agency, receive an IRS Form 1099-G showing the benefits collected from unemployment insurance, or get notified by their employer that a claim has been filed while the victim is still employed. 

Here’s what to watch for: 

• Receiving communications regarding unemployment insurance forms when you have not applied for unemployment benefits 

• Unauthorized transactions on your bank or credit card statements related to unemployment benefits 

• Any fees involved in filing or qualifying for unemployment insurance 

• Unsolicited inquires related to unemployment benefits 

• Fictitious websites and social media pages mimicking those of government agencies 

Here are some tips on how to protect yourself: 

• Be wary of telephone calls and text messages, letters, websites, or emails that require you to provide sensitive information, especially birth dates and Social Security numbers.  

• Do not click on or open attachments or links within emails, especially those that come from an unknown sender. 

• Monitor your bank accounts on a regular basis and request your credit report at least once a year to look for any fraudulent activity.  

• Immediately report unauthorized transactions to your financial institution or credit card provider. 

• If you suspect you are a victim, immediately contact the three major credit bureaus to place a fraud alert on your credit records. Also, notify the Internal Revenue Service by filing an Identity Theft Affidavit (IRS Form 14039) through irs.gov or identitytheft.gov. 

If you are a victim of identity theft related to fraudulent unemployment insurance claims, also report that fraud to your state unemployment insurance agency, credit bureaus, and your employer’s human resources department.  

If you believe you have been the victim of any kind of COVID-19 fraud, make sure to let us know through the FBI’s Internet Crime Complaint Center (www.IC3.gov ) at www.ic3.gov or call your local FBI office.