Information Security Bulletin
Issue #2013-07
Raising awareness of information security related issues and concerns.
Malware in Promised Photos
(June 2013)
Seen those online ads for cars, pets or similar items where the seller promises to send photos on request?
The FBI is seeing an increase in scam artists who post ads without pictures on Craigslist and
similar sites.
Think twice before responding. While not all ads are put there by scammers, the sender could easily be a
crook who has every intention of loading your computer or device with malware. either through links to an
online “gallery” or an attachment. The scam follows a familiar process. The malware directs the potential
victim to a bogus website that resembles the original site where the ad was displayed. The buyer purchases
the item, providing a valid credit card. The buyer then waits in vain for their purchase.
A variation of this scam is the scammers pose as a seller who contacts those who lost an online auction or as
someone who has a house for rent at a below-market price.
The FBI offers these tips to avoid getting preyed on:
• Be cautious if you are on an auction site and lose an auction and the seller contacts you later saying the
original bidder fell through.
• Make sure websites are secure and authenticated before you purchase an item online. Use only wellknown escrow services.
• Research to determine if a car dealership is real and how long it has been in business.
• Be wary if the price for the item you’d like to buy is severely undervalued; if it is, the item is likely
fraudulent.
• Scan files before downloading them to your computer.
• Keep your computer software, including the operating system, updated with the latest patches.
• Ensure your anti-virus software and firewalls are current – they can help prevent malware infections.
If you’ve fallen for a scam like this, the FBI recommends filing a complaint with
the Internet Crime Complaint Center at http://www.ic3.gov/ . If you accidently
downloaded a virus onto a college computer, please call the friendly folks at our IT
Service Desk, 831-6440, to have technicians help clean it up. Please don’t leave
the virus to infect others.
Further reading:
To learn more about this particular scam, go to http://www.ic3.gov/media/2013/130530.aspx
To learn more about a variety of scams along with personal testimonies, go to
http://www.lookstoogoodtobetrue.com
Information Security Team:
Cheryl Bowman, Information Security Risk Advisor 831-6574 cbowman@epcc.edu
Richard Becker, Chief Information Security Officer 831-6411 rbecker3@epcc.edu
The El Paso County Community College District does not discriminate on the basis of race, color, national origin, religion, gender, age, disability, veteran status, sexual orientation, or
gender identity.