WASHINGTON (7/18/11)--Distributed denial of service attacks (DDoS) are on the rise, according to the Internet Crime Complaint Center's (IC3) Scam Alerts released Thursday. Although credit unions may not be specifically targeted, at least one bank's Internet banking services were hit by this type of attack, said IC3, which tracks information from law enforcement and complaints submitted by victims. One reason for the DDoS increase is the availability of software tools that allow anyone to participate in a DDoS, said the scam alert. Gaming sites have been targeted by multiple hacking groups--some in response to the company itself, others in response to group rivalries. Some DDoS attacks--usually to smaller e-commerce based businesses--distract the organization from other criminal activity. One group disrupts the organization's website traffic while others compromise servers and retrieve data. One company reported that an attack on its organization lasted 10 days, although its Web hosting company tried multiple solutions to stop the attack, said IC3. A financial institution was unable to stop an attack on its Internet banking services segment of its site because of an overwhelming load--more than 8,000 hits per second--on the bank's login screen. Although attackers did not succeed in penetrating the network, the inundation of hits on the communication lines meant customers could not access their accounts. Other trends in cybercrime:
* Extortion e-mails targeting professionals, mainly physicians, with allegations that could harm their reputation and threatened loss of business. The e-mails offer to remove the content from archives for $250. Others hire people to write "complaints" about a company and add them to a website. The going price is $10 per post. * Scams promising large winnings and threatening victims if they don't comply. Spam attachments claiming to be from the Federal Bureau of Investigation (FBI) and the Economic and Financial Crimes Commission initiate a Nigerian scam that threatens to send an agent to the recipient's home for questioning if the recipient doesn't sent $250 for issuing a "clearance document." * E-mails that impersonate the FBI and contain a Trojan virus. The messages say the FBI has noted the recipient has visited 40 illegal websites and instructs the recipient to answer questions in a document, which happens to have malicious software carrying a virus. These are similar to e-mail campaigns that generated in 2005 and 2006. * Threatening calls that impersonate IC3. In two scenarios, which involved threatening victims with court and jail time for using "payday loans,"the cybercriminals had information such as the victims' Social Security numbers and bank account information. * E-commerce fraud. Since mid-March merchants have experienced a "serious increase in fraud attempts," said IC3. Criminals had complete identity information, including name, address, and Internet Provider address of the consumers. IC3 said the information could have been obtained one of four ways: stolen in data breaches; spear phishing that targets consumers with specific e-mails from organizations they do business with; installation of malware; and fake e-commerce donation sites that take advantage of people's willingness to help others during disasters and catastrophes.
Meanwhile, the old tried and true scams are still operating, many of them reeling in credit union members among the victims. In Vineland, N.J., for example, several members of Members First of NJ FCU, reported they had received text messages saying their cards had been deactivated and to call a number. They called the number and were instructed to change the personal identification number (PIN) code for "security reasons." They did, and later found that debits had been made from their accounts. One member reported $591 missing, another lost $286, and a third lost $120. The credit union reimbursed their accounts (The News of Cumberland County