IC3 Annual Report – 2021 Elder Fraud Report

Dear Reader,

Working with the Department of Justice Elder Fraud Initiative and other internal and external partners, the FBI is committed to identifying, investigating, and prosecuting criminals who target seniors. The Internet Crime Complaint Center (IC3) is a key component in this endeavor, as it provides victims a venue to identify the subject and the fraud committed against them.

Through this voluntary submission of information, the IC3 receives and tracks thousands of complaints each day. These complaints contain the details of multiple types of schemes, including romance scams, investment fraud, government impersonation, and tech support fraud.

The number of elderly victims has risen at an alarming rate, while the loss amounts are even more staggering. In 2021, over 92,000 victims over the age of 60 reported losses of $1.7 billion to the IC3. This represents a 74 percent increase in losses over losses reported in 2020.

As a result of these trends and the emphasis by the FBI on protecting our seniors, the FBI is publishing the 2021 IC3 Elder Fraud Annual Report. This information is a companion report to the 2021 IC3 Annual Report released in March 2022. These reports, along with other publications, are available at www.ic3.gov.

The intent of this information is to educate, warn, and protect potential victims of all ages. Highlighting the crimes specifically affecting seniors will it be possible to ensure the necessary emphasis and resources are allocated to address this problem.

For those who unfortunately fall victim to these criminal tactics, please know the information you provide to the FBI is vital in bringing the criminals responsible to justice.

Luis M. Quesada
Assistant Director
Federal Bureau of Investigation
Criminal Investigative Division

Read the full report here: https://www.ic3.gov/Media/PDF/AnnualReport/2021_IC3ElderFraudReport.pdf

IC3 Annual Report – 2021 Internet Crime Report

Dear Reader,

In 2021, America experienced an unprecedented increase in cyber attacks and malicious cyber activity. These cyber attacks compromised businesses in an extensive array of business sectors as well as the American public. As the cyber threat evolves and becomes increasingly intertwined with traditional foreign intelligence threats and emerging technologies, the FBI continues to leverage our unique authorities and partnerships to impose risks and consequences on our nation’s cyber adversaries.

The FBI’s Internet Crime Complaint Center (IC3) provides the American public with a direct outlet to report cyber crimes to the FBI. We analyze and investigate the reporting to track the trends and threats from cyber criminals and then share this data with our intelligence and law enforcement partners. The FBI, alongside our partners, recognizes how crucial information sharing of cyber activities is to prepare our partners to combat the cyber threat, through a whole-of-government approach. Critical to that approach is public reporting to IC3 – enabling us to fill in the missing pieces with this valuable information during the investigatory process. Not only does this reporting help to prevent additional crimes, it allows us to develop key insights on the ever-evolving trends and threats we face from malign cyber actors.

In 2021, IC3 continued to receive a record number of complaints from the American public: 847,376 reported complaints, which was a 7% increase from 2020, with potential losses exceeding $6.9 billion. Among the 2021 complaints received, ransomware, business e-mail compromise (BEC) schemes, and the criminal use of cryptocurrency are among the top incidents reported. In 2021, BEC schemes resulted in 19,954 complaints with an adjusted loss of nearly $2.4 billion.

IC3’s commitment to cyber victims and partnerships allow for the continued success through programs such as the IC3’s Recovery Asset Team (RAT). Established in 2018, RAT streamlines communications with financial institutions and FBI field offices to assist freezing of funds for victims. In 2021, the IC3’s RAT initiated the Financial Fraud Kill Chain (FFKC) on 1,726 BEC complaints involving domestic to domestic transactions with potential losses of $443,448,237. A monetary hold was placed on approximately $329 million, which represents a 74% success rate.

In 2021, heightened attention was brought to the urgent need for more cyber incident reporting to the federal government. Cyber incidents are in fact crimes deserving of an investigation, leading to judicial repercussions for the perpetrators who commit them. Thank you to all those readers who reported crimes to IC3 throughout the year. Without this reporting, we could not be as effective in ensuring consequences are imposed on those perpetrating these attacks and our understanding of these threats would not be as robust. Please visit IC3.gov to access the latest information on criminal internet activity.

The FBI’s Cyber Division is working harder than ever to protect the American public and to instill safety, security, and confidence in a digitally connected world. We encourage everyone to use IC3 and reach out to their local FBI field office to report malicious activity. Together we can continue to create a safer and more secure cyber landscape.

Paul Abbate
Deputy Director
Federal Bureau of Investigation

Read the full report here: https://www.ic3.gov/Media/PDF/AnnualReport/2021_IC3Report.pdf

What Is Cyber Extortion?

Article (PSA-0019)
Submitted by: Billy Joe Long
Company: PSA Computer Services
Titled: What Is Cyber Extortion?
Original release date: June 10, 2022

The news is constantly reporting cyber-criminal activity and the devastating consequences of those who are compromised. This article will define what cyber-extortion is, and some steps you can take to make it less likely that you will fall prey to their criminal schemes. I will also lay out for you a vital step you can do now to help recover in the event you are compromised.

So, what is cyber-extortion? Cyber-extortion is a network/internet crime where an individual or group demands money or some other response to discontinue whatever criminal activity they are enacting against you or your business. In one type of cyber-extortion the attackers compromise a device on the victims network and then attempt to install malware known as ransomware on the device. If successful they will then inform the user of the situation and demand payment for the user to regain access to their data.

How are we so easily compromised? Email. Email has become a serious problem with the shear volume of spam that most of us receive. Cyber-criminals know most people are dealing with large volumes of junk email everyday and are likely to click on a link in an email if the email looks legitimate to the user in someway. So these attackers expend quite a lot of effort to custom craft emails to closely resemble authentic emails from companies most of us are very familiar with. Embedded in these counterfeit emails are links to malware and phone numbers to hack groups. Once the link is clicked or the number is called you are well on your way to full compromise and at their mercy.

So what can we do to help avoid this situation? First step, don’t trust any email. You must exercise restraint and common sense. Let me give you an easy example. You receive an email stating that you just won a million dollars. All you have to do is click this link to start your claim. We now apply common sense and mark the email as Spam and then Delete it. Why? Because you did not just win a million dollars and if you click that link to claim it, your going to get something you’ll regret for a long time. Easy right? Let’s try a harder one. You receive an official looking email stating that your payment of $1,200 dollars has been successfully processed and will deduct from your account within the next 3-5 business days. The email then goes on to thank you for your payment and for being one of their valued customers. At the very bottom of the email, where you would expect it to be, is the statement: if you did not initiate this payment please click this link to cancel the payment. What do you do? Take a careful look at the return email address for the email – does it make sense? Now hover over the link they are directing you to – without clicking on it! Does the link make sense? With some training and skill you’ll be able to identify these scam emails and avoid a lot of trouble. If after examining the email you still can’t determine whether it’s legit or not, contact your IT service provider. They will take a look at the email for you and let you know if it’s legit.

What can you do now to help minimize the pain if you do become compromised? Backups. Backup, backup, backup. You hear it all the time, but are you doing it? Are you doing the right kind of backups? If not, you are in store for some serious heartache. With a proper backup system these compromises become less painful. If for some reason you or your business becomes the victim of a cyber-extortion group, it can be mitigated without paying them a dime and with minimal down-time by restoring the system (or systems) to a previous state.

In this article I have attempted to raise your awareness to the ongoing issue of cyber-extortion and cyber-criminals. These crimes are not just happening to corporations or down in the city, they’re happening to local businesses and our neighbors. Knowledge is power – if it is used correctly! I hope you will take what you have learned here and use it as a starting point for your own research into how to protect yourself and your friends from cyber-criminals.

If you have questions concerning cyber-crime, email, backup systems or any other issues give us a call.

Introduction to 5G

Article (PSA-0018)
Submitted by: Billy Joe Long
Company: PSA Computer Services
Titled: Introduction to 5G
Original release date: March 10, 2022

5G is the 5th generation mobile network. That means it is a new global wireless standard after 1G, 2G, 3G and 4G networks. 5G enables a new kind of network focused on connecting everyone
and everything together.

5G is based on OFDM (orthogonal frequency-division multiplexing). OFDM is a method of modulating a digital signal across several different channels to reduce interference. 5G also uses
wider bandwidth technologies. 5G OFDM operates on the same mobile networking principles as 4G LTE (Long-Term Evolution). However, 5G has a theoretical peak speed of 20 Gbps, while the
peak speed of 4G is only 1 Gbps.

5G promises ultra-low latency, which would improve the performance of business applications as well as other digital experiences, such as online gaming, video conferencing, and self-driving cars. The lower the latency, when sending and receiving data, the closer we get to “real-time” communications.

5G networks will also simplify mobility, with seamless open roaming capabilities between cellular and Wi-Fi access. Mobile users can stay connected as they move between outdoor wireless connections and wireless networks inside buildings without user intervention.

5G technology should improve connectivity in under-served rural areas and in cities where the demand can overwhelm today’s available capacity with 4G technology. 5G is designed to deliver
faster and better mobile broadband services than 4G LTE. Because of this 5G is expected to impact every industry.

If you have questions concerning your email services give us a call.

Email – POP, IMAP, SMTP … What Does It All Mean?

Article (PSA-0017)
Submitted by: Billy Joe Long
Company: PSA Computer Services
Titled: Email – POP, IMAP, SMTP … What Does It All Mean?
Original release date: December 1, 2021

Almost all of us use Email on a daily basis, but most of us have little idea as to what is happening “under the hood” when we send or receive an Email. Like an automobile, not knowing how it works is not a really big deal … until something stops working! A little bit of knowledge about how the automobile works can save you time and money. The same is true about Email.

This article intends to give you basic information about how Email flows from a sender to a recipient and the most common protocols used to perform these functions.

Email works a lot like regular mail works. With regular mail you write a letter and put it in your mailbox with the flag up. This flag lets your post-delivery person know you have an outgoing letter. The postal delivery person will take your mail to the post office, where it will be sorted and routed to the next destination. Each time it is sorted and routed it should, theoretically, be getting closer to the intended recipient address. Once delivered and when the recipient next checks their mailbox – voila! – they get the letter you mailed to them!

With Email you write your message in your Email program and click the send button. If all works as expected, it is sent from your Email program to your Email providers mail server. Your Email providers server then routes the Email to the next appropriate destination, until it finally ends up at the intended mailbox. Once delivered the recipient can use their Email program to download the message from their providers server or they can view their Email on the server directly without removing it from the server.

Email uses different protocols to transport your Email from and to your Email account. They can be grouped into two types: “Incoming” & “Outgoing”. Before looking at the common protocols used today, let’s get a working definition of protocol. An Email protocol is a standard method of information exchange between email clients (programs such as Outlook or Thunderbird) and Email servers (usually hosted by your Email service provider). One type of protocol is used to send Email (SMTP protocol) and the other type of protocol is used to receive Email (POP3 or IMAP).

Knowing this allows you to determine some basic facts about any Email issues you are experiencing. For example, if I am having trouble sending Email, and my Internet service has been verified as working, then my problem may very well be related to my send protocol (SMTP protocol) settings. If I am having trouble receiving Email, and my Internet service is working, then my problem may be related to my receive protocol (POP3 or IMAP) settings. This is a gross oversimplification of the Email troubleshooting process and is intended for basic discussion purposes only.

One last point on email protocols. The receive protocol you use makes a big difference in the way you view and work with your Email. If you need to check your Email from more than one device (computer, laptop and phone) then you should use the IMAP protocol. If you only intend to check your Email on one device then you can use the POP3 protocol, although IMAP is still recommended – if available.

When you use IMAP, your Email program functions as a “Viewer” through which you can view your Email and directories located on your service providers server. Your Email remains on their server(s) and is available for viewing by many devices at the same time. With POP3, your Email program downloads your Email to your computer and removes the Email from your service providers server(s). If you were to attempt to check your Email from a different device now, you would not see any Email other than those that came in since the last time you checked. This can lead to a very complex and confusing Email environment.

If you have questions concerning your email services give us a call.

Windows 11, The Basics

Article (PSA-0016)
Submitted by: Billy Joe Long, Owner
Company: PSA Computer Services
Titled: Windows 11, The Basics
Original release date: September 10, 2021

Yes, we were told by Microsoft in 2015 that Windows 10 would be the last version of Windows. However, recent news has verified there will in-fact be a new version – Windows 11. So let’s take a few moments to have a look at this “new” version of Windows.

As of now, Microsoft expects to begin shipping Windows 11 on October 5th of this year. The new version will be distributed as a “free” Windows upgrade to existing Windows 10 users, if their computers meet the Windows 11 system requirements. Here are the current minimum system requirements (subject to change):

  • A modern 1GHz 64-bit dual-core processor
  • 4 GB RAM
  • 64 GB drive
  • 9-inch display
  • 1366×768 resolution
  • UEFI, Secure Boot & TPM 2.0 compatible
  • DirectX 12 compatible graphics/WWDM 2.x

The first thing to note is Microsoft will not be releasing a 32bit version of the Operating System (OS). This is generally not a serious issue – 32bit programs should continue to run as expected on the 64bit OS.

The next thing to note is Microsoft will be limiting “officially supported” Windows 11 computers to certain Central Processing Units (CPU). Currently, you will need to have an Intel 8th-generation or better CPU to officially run Windows 11.

Microsoft has also increased the required drive storage to 64GB, up from 16GB with Windows 10. The same goes for RAM, being bumped up from 2GB to 4GB.

The greater storage and RAM requirements are probably required to support the myriad of new features and changes needed to differentiate Windows 11 from Windows 10. For example, Windows 11 will feature a brand-new user interface (UI). This new UI will feature a new Start menu and Taskbar experience. I am not particularly thrilled about needing to retrain muscle memory for productivity, but for those of you who love constant change – this should be appealing.

Microsoft has said that Windows 11 is “built for gamers” with features such as: Auto HDR, Direct Storage and DirectX12 Ultimate. These features may matter to you gaming enthusiasts, but for business users, it will make little difference.

A more useful change has to do with Microsoft “Creators” updates which came with Windows 10. Microsoft has been struggling with rolling out two major updates a year with Windows 10. There have been constant, serious, problems for end users as Microsoft engineers have struggled to meet the update release dead-lines. Windows 11 will be returning to one major update per year. This should result in less: data loss, time loss and frustration for end users. This is a welcome change and long over due in my opinion.

As mentioned previously in the article, Windows 11 will be offered as a free upgrade. Microsoft says there’s no time limit on upgrading to Windows 11 and we will not have to upgrade to Windows 11 right away. That is good news indeed, but note – you will need to upgrade at some point in the future and it may require new hardware. We’ll know more about this as it is released from Microsoft.

Original Equipment Manufacturers (OEMs) will still have to pay for a Windows 11 license. OEMs are people/companies who build computers for end users and want to ship Windows 11 on the new computer.

There is not a lot of practical information I can give you about Windows 11 at this point. Once the new OS is released I’ll be able to provide a more in-depth review of Windows 11.

If you have questions or concerns about Windows 11 give us a call.

You’ve Got Spam!

Article (PSA-0015)
Submitted by: Rebekah Long, Technician
Company: PSA Computer Services
Titled: You’ve Got Spam
Original release date: June 10, 2021

Getting spam is a hassle. No argument there, but what’s even worse than that?

Unknowingly sending it.

When fake, unverified, and potentially virus ridden emails go out with your email address, it can look bad. And not only do you look bad, but you also have to deal with the emails that bounce back due to dead addresses.

There’s one reassurance in all of this, your computer is not actually sending out spam, and your computer and IP address are still safe. Unfortunately, there is still some bad news.

If spam is being sent from your email address, your address has either been “spoofed” or “hijacked.” Either way the spam isn’t coming from your computer, and probably not from the bad actors computer either. It’s most likely being sent from someone’s “Malware-Infected” computer – and they probably don’t even know they’ve been hacked!

Spoofing an address is when someone sends email with your email address as the sender, even though they don’t actually have access to your email account.

Unfortunately, as of now, there is no way to prevent spoofing. Additionally, there is no way to know for sure who sent the spoofed emails and no way to stop it from happening.

Fortunately, these bad actors tend to change the email address’s they spoof often, and they will move on from your email address eventually. Your email service provider may administratively block your email address for a period of time when they notice the large amount of email being sent from your email account. If this happens, you will need to contact them to “unblock” your email address.

Hijacking can be much more devastating. In the case of a hijacking the criminal takes control of your email account. This includes them having the ability to read your email, and contacts list. They can then use this information to specifically target people in your contacts. A hijacker can also lock you out of your own email account by changing your password.

Thankfully, unlike spoofing, something can be done about hijacking.

If you can still receive email, try logging into your email account on another computer or by using your internet browser’s private mode. When the login fails, try the services “Forgot your password?” or “Need help?” link. The service will email you a password reset link. You will need to act fast and get the password reset email before the bad actor.

If that fails you’ll have to contact your email service provider and explain the problem. If you have access to the internet, then perform an internet search similar to “I can’t sign into my Gmail account” or “I can’t sign into my Outlook account” or the name of whatever email service you use. This should get you to a support page for your email service provider.

If you’ve been using the same password for other services – you should change those passwords immediately to stop the hacker from moving onto other services you use.

Once you have your email account back under control, don’t forget to email apologies to everyone who received spam from your email address.

Here are four things you can do to help prevent your accounts from being hacked in the future:

  • Use passwords that are 9 characters or more. Utilize upper and lowercase letters, numbers and a special character or two (if allowed).
  • Use different passwords for each different account (don’t be lazy, you’ll regret it later!)
  • If the account offers multi-factor authentication, use it.
  • Do not send passwords in emails …. ever!

If you’ve been hacked and need help give us a call.

IC3 Annual Report – 2020 Elder Fraud Report

Dear Reader,

The mission of the FBI is to protect the American people and uphold the Constitution of the United States. This mission includes our efforts to combat financial crimes targeting seniors. The FBI, in alignment with the Department of Justice Elder Fraud Initiative and the efforts of our internal and external partners, is committed to this mission. It is from this commitment to the American people that the FBI provides the public an avenue to report fraud through the Internet Crime Complaint Center (IC3).

The IC3 receives and tracks thousands of complaints daily, reported by victims of fraud. This reporting is key to identifying, investigating, and holding those responsible accountable for their actions. Victims of fraud have the option to identify their age range when submitting a complaint to IC3; the information contained in this report is derived from complaints submitted by or on behalf of victims aged 60 and over.

Each year, millions of elderly Americans fall victim to some type of financial fraud or internet scheme, such as romance scams, tech support fraud, and lottery or sweepstake scams. Criminals gain their targets’ trust or use tactics of intimidation and threats to take advantage of their victims. Once successful, scammers are likely to keep a scheme going because of the prospect of significant financial gain.

In 2020, IC3 received a total of 791,790 complaints with reported losses exceeding $4.1 billion. Based on the information provided in the complaints, approximately 28% of the total fraud losses were sustained by victims over the age of 60, resulting in approximately $1 billion in losses to seniors. This represents an increase of approximately $300 million in losses reported in 2020 versus what was reported by victims over 60 in 2019.

To educate the public and provide as much information on the types of frauds targeting seniors as possible, the IC3 is offering its first publication of the 2020 IC3 Elder Fraud Annual Report. This report is a companion report to the 2020 IC3 Annual Report released in March 2021. These reports, along with other publications, are available at www.IC3.gov.

It is only by victims reporting fraud that we can identify trends, educate the public, and support investigations, and nowhere is this more important than crimes against seniors.

Calvin Shivers
Assistant Director
Federal Bureau of Investigation
Criminal Investigative Division

Read the full report here: https://www.ic3.gov/Media/PDF/AnnualReport/2020_IC3ElderFraudReport.pdf

IC3 Annual Report – 2020 Internet Crime Report

Dear Reader,

In 2020, while the American public was focused on protecting our families from a global pandemic and helping others in need, cyber criminals took advantage of an opportunity to profit from our dependence on technology to go on an Internet crime spree. These criminals used phishing, spoofing, extortion, and various types of Internet-enabled fraud to target the most vulnerable in our society – medical workers searching for personal protective equipment, families looking for information about stimulus checks to help pay bills, and many others.

Crimes of this type are just a small part of what the FBI combats through our criminal and cyber investigative work. Key to our cyber mission is the Internet Crime Complaint Center (IC3), which provides the public with a trustworthy source for information on cyber criminal activity, and a way for the public to report directly to us when they suspect they are a victim of cyber crime.

IC3 received a record number of complaints from the American public in 2020: 791,790, with reported losses exceeding $4.1 billion. This represents a 69% increase in total complaints from 2019. Business E-mail Compromise (BEC) schemes continued to be the costliest: 19,369 complaints with an adjusted loss of approximately $1.8 billion. Phishing scams were also prominent: 241,342 complaints, with adjusted losses of over $54 million. The number of ransomware incidents also continues to rise, with 2,474 incidents reported in 2020.

Public reporting is central to the mission and success of IC3. Submitting a cyber crime complaint to IC3.gov not only helps the FBI address specific complaints—and provide support and assistance to victims —but also helps us prevent additional crimes by finding and holding criminal actors accountable. Information reported to the IC3 helps the FBI better understand the motives of cyber-criminals, the evolving threat posed, and tactics utilized, enabling us to most effectively work with partners to mitigate the damage to victims.

IC3 has continued to strengthen its relationships with industry and others in the law enforcement community to reduce financial losses resulting from BEC scams. Through the Recovery Asset Team, IC3 worked with its partners to successfully freeze approximately $380 million of the $462 million in reported losses in 2020, representing a success rate of nearly 82%. In addition, IC3 has a Recovery and Investigative Development Team which assists financial and law enforcement investigators in dismantling organizations that move and transfer funds obtained illicitly.

With our dedicated resources focused on recovering funds and preventing further victimization, we are better aligned to confront the unique challenges faced in cyberspace. Visit IC3.gov to access the latest information on criminal Internet activity.

We strongly encourage readers to submit complaints to IC3 and to reach out to their local FBI field office to report malicious cyber criminal activity. Together we will continue to build safety, security, and confidence into our digitally connected world.

Paul Abbate
Deputy Director
Federal Bureau of Investigation

Read the full report here: https://www.ic3.gov/Media/PDF/AnnualReport/2020_IC3Report.pdf

What Is Dynamic DNS And How Can It Help Me?

Article (PSA-0014)
Submitted by: Billy Joe Long, Owner
Company: PSA Computer Services
Titled: What Is Dynamic DNS And How Can It Help Me?
Original release date: August 14, 2020

What Is Dynamic DNS And How Can It Help Me?

If you are going to be setting up a server to host a service which you plan on offering to the ‘outside world’ (external to your network), a problem you may run into revolves around your ISP (Internet Service Provider) providing you with a dynamic public IP address instead of a static public IP address.

Dynamic IP Addresses

A dynamic IP address is given to you for a designated amount of time. At the end of this designated time your ISP may give you a different IP address or reassign the same IP address to you again. This does not affect any services on your local network, and in most cases is completely transparent to you and your local network users. It does become a significant problem when you are offering external services, such as a website or hosting a game server for instance.

Static IP Addresses

A static IP address, as its name states, does not change. Static IP addresses geerally cost extra – if your ISP even offers the service.

What Is DNS? And Why Is It Necessary?

DNS stands for Domain Name System. Domain names are easier to remember than a bunch of numbers. For example, most people type google.com to visit the search engine instead of typing its IP address – 172.217.5.110. Another example is typing psa-2.com to visit the PSA Computer Services support website instead of typing its IP address – 23.235.214.21. Think of DNS like you would phone numbers stored on your phone. You typically look for a name when you want to make a call. It is the same principal – the name has a phone number associated with it. When you click the name to make a call, your phone converts that action to the phone number and completes your call. DNS services work in a similar fashion – it uses a name, such as psa-2.com, and associates the name with an IP address. When you type psa-2.com into your browser, it is converted to an IP address, and you are then connected to the service using the IP address.

The Dynamic IP Address Issue

This dynamic IP address provided to you by your ISP is a problem because your IP address is how external users can find your network and the service(s) you are hosting on the internet. You can think of your IP address as a street address. It tells people how to get to your webserver, game server or other service you are offering. If this address is constantly changing, then you you would need to contact your users and let them know what your current IP address is every time it changes, if you want them to have access to your hosted service. For most people or businesses hosting public services from their local networks, this is not feasible.

The Dynamic DNS Solution

This is where dynamic DNS comes in. Dynamic DNS is a service that you can setup directly on most routers or on a server directly using a dynamic DNS client application. A dynamic DNS provider, such as DynDns or NoIP, provides you with a custom domain name. The dynamic DNS service then associates your new custom domain name with your current dynamic IP address. Every time your dynamic IP address changes, the service updates your custom domain name with your new IP address. Now all you have to do to allow your users access to your public service is provide them with your custom domain name provided to you by your chosen dynamic DNS service provider. Every time your IP address changes the service will update your custom domain name with the new IP address, and your users will continue to have access to your service.

Problem Solved

If you would like more information about Dynamic DNS and what it can do for you or your business give us a call.