Information Security Bulletin Issue #2013-07 Raising awareness of information security related issues and concerns. Malware in Promised Photos (June 2013) Seen those online ads for cars, pets or similar items where the seller promises to send photos on request? The FBI is seeing an increase in scam artists who post ads without pictures on Craigslist and similar sites. Think twice before responding. While not all ads are put there by scammers, the sender could easily be a crook who has every intention of loading your computer or device with malware. either through links to an online “gallery” or an attachment. The scam follows a familiar process. The malware directs the potential victim to a bogus website that resembles the original site where the ad was displayed. The buyer purchases the item, providing a valid credit card. The buyer then waits in vain for their purchase. A variation of this scam is the scammers pose as a seller who contacts those who lost an online auction or as someone who has a house for rent at a below-market price. The FBI offers these tips to avoid getting preyed on: • Be cautious if you are on an auction site and lose an auction and the seller contacts you later saying the original bidder fell through. • Make sure websites are secure and authenticated before you purchase an item online. Use only wellknown escrow services. • Research to determine if a car dealership is real and how long it has been in business. • Be wary if the price for the item you’d like to buy is severely undervalued; if it is, the item is likely fraudulent. • Scan files before downloading them to your computer. • Keep your computer software, including the operating system, updated with the latest patches. • Ensure your anti-virus software and firewalls are current – they can help prevent malware infections. If you’ve fallen for a scam like this, the FBI recommends filing a complaint with the Internet Crime Complaint Center at http://www.ic3.gov/ . If you accidently downloaded a virus onto a college computer, please call the friendly folks at our IT Service Desk, 831-6440, to have technicians help clean it up. Please don’t leave the virus to infect others. Further reading: To learn more about this particular scam, go to http://www.ic3.gov/media/2013/130530.aspx To learn more about a variety of scams along with personal testimonies, go to http://www.lookstoogoodtobetrue.com Information Security Team: Cheryl Bowman, Information Security Risk Advisor 831-6574 cbowman@epcc.edu Richard Becker, Chief Information Security Officer 831-6411 rbecker3@epcc.edu The El Paso County Community College District does not discriminate on the basis of race, color, national origin, religion, gender, age, disability, veteran status, sexual orientation, or gender identity.