Ransomware Info Slide

Welcome to the Oregon FBI’s Tech Tuesday segment. This week: building a digital defense against ransomware.  

In honor of October being cyber security month, we are taking a look at some basic scams used by fraudsters who want to target you. Last week we talked about how to avoid the bait in phishing and spear phishing scams. This week we are going to learn how criminals use those phishing emails to launch ransomware attacks.  

Ransomware is a form of malicious software that targets your data. These attacks can affect individuals, businesses, cities and counties, government agencies, hospitals, schools, and more. 

Scammers will often send ransomware through email phishing campaigns. Once anyone on your network clicks on an infected file or link, the fraudster can have access to all of your devices and data. He encrypts the system, effectively locking you out. The attacker promises to decrypt your information if you pay up, usually by virtual currency. Unfortunately, there is no way to guarantee that the cybercriminal will unlock your data it if you pay. 

Beyond the cost of the ransom, you risk loss of productivity, legal fees, and the need to purchase credit-monitoring services for employees and customers. Even if you manage to get your system back up online, it is likely that the attacker left other malware hidden on your system – requiring a remediation team to completely wipe the computers and restore everything from clean, off-line backups. 

So what can be done to avoid becoming the next victim of a ransomware attack? 

• One of the most important things you can do is educate yourself, and, for companies, your employees. Learn how to spot and avoid phishing lures. 

• Make sure you are backing up your data often and that you are backing it up to an off-line source. Ransomware attacks can move quickly – infecting any connected device or on-line storage account. Your back-ups must be segregated and off-line from normal operations. 

• Make sure that all devices on your network are using the most current and patched versions of operating systems and applications (including email software, web browsers and software packages). 

• Keep your anti-malware software up-to-date. 

• If you get a pop-up or other message that says you are infected, disconnect the device from the internet and your network immediately to try to prevent the spread. 

• Finally, call the FBI right away. If we are called in early enough, we can sometimes assist with remediation. 

In the end, the FBI recommends that victims NOT pay a hacker’s ransom demand. The payment only further encourages more criminal activity, and, even if you do pay, there is no guarantee that the hacker will unlock your data. 

And remember, if you have been the victim of a ransomware attack, or any other online fraud, report it to the FBI’s Internet Crime Complaint Center at www.ic3.gov or call your local FBI office.  

###

TT - Phishing - GRAPHIC - October 8, 2019

Welcome to the Oregon FBI’s Tech Tuesday segment. This week: building a digital defense against phishing scams.  

October is cyber security month in the U.S., and in recognition of that, we are going to take some time over the next few weeks to explain some basic threats and terms that everyone needs to know to keep themselves safe online. 

Let’s start with “phishing”. 

There are many different types of fishing: deep sea fishing, ice fishing, fly fishing… you get the point. But today, we want to talk about phishing with a “ph” – and the related problem of “spear phishing.”   

Phishing is when a fraudster sends you texts, emails or other messages with the intent of tricking you into responding in some way. He will often include a malicious attachment or link in the message. If you open the attachment or click on the link, the scammer can gain access to your device.  

From there, the possibilities are endless. He can install ransomware that will lock you out of your computer. He can steal your data – or install software that allows him to track all of your activity, including the passwords you enter. He can gain access to your bank accounts, credit cards and the most personal info you have stored.   

Spear phishing is a more personalized version of the same scam. In this case, instead of receiving an email from a random individual, the scam artist will send you a personalized message that appears to come from a trusted source. It could look as though it comes from a friend, a business partner, a social media acquaintance, or even your bank. There are many variations of the scam, but the scam artist will often tell you a story to trick you into giving up your private information. For example, the fraudster may: 

• Say he’s noticed suspicious activity on your account and wants you to verify your information 

• Include a fake invoice 

• Offer a government refund or claim you won a prize 

So what are the warning signs of such scams? 

• Phishing messages often look legitimate – as though they came from a person or company you know. It’s easy to spoof a logo, and scammers will often make their messages look like they are from a trusted source. 

• They will ask you to click on a link or open an attachment.  

• They may ask for you to provide passwords, bank account numbers, or other confidential information. 

• They will use fear to try to pressure you to act quickly. They may threaten to close your account, fine you or even have you arrested if you don’t move quickly.  

What can you do?  

• Protect your devices by using anti-virus and anti-malware software. Set the software to update automatically. 

• Don’t assume that a message that looks like it is from a friend or business associate is real. Call or email the person or company to confirm before ever clicking on a link or opening an attachment.  

• Most importantly, if you have any doubt - don’t click. 

If you have been a victim of this online scam or any other fraud, report it to the FBI’s Internet Crime Complaint Center at www.ic3.gov or call your local FBI office. 

FBI agents made a probable cause arrest of Anthony Lozowski, age 19, late in the evening on Friday, October 4, 2019, following the service of a federal search warrant at his Troutdale, Oregon, home. The FBI’s investigation began late Thursday when agents received a tip from a partner agency that involved the alleged on-going exploitation of a child. 

On Saturday, agents sought and obtained a federal criminal complaint from a U.S. Magistrate Judge charging Lozowski with sexual exploitation of children and receipt of child pornography. The complaint details Lozowski’s interview in which he admits to using a social media platform to sexually exploit children by getting them to produce and send him sexually explicit images and videos of themselves. In at least one instance, a victim reported that Lozowski extorted her – telling her that he would share images of her with people she knew unless she traveled to meet him for sex. 

At this time, agents have identified and contacted two alleged minor victims, and those children are now receiving appropriate victim resources. This investigation is in the earliest stages, and agents are working to determine whether there are other potential victims. 

Lozowski made his initial appearance before U.S. Magistrate Judge Jolie A. Russo today in Portland, and Judge Russo ordered his detention pending further court proceedings. 

A criminal complaint is only an accusation of a crime, and a defendant is presumed innocent unless and until proven guilty.

###

What is sextortion?

Sextortion begins when a predator reaches out to a young person over a game, app, or social media account. Through deception, manipulation, money and gifts, or threats, the predator convinces the young person to produce an explicit video or image. When the young person starts to resist requests to make more images, the criminal will use threats of harm or exposure of the early images to pressure the child to continue producing content.

What can parents do to protect their children?

Often children and teens are so concerned that they will get in trouble or lose their devices, that they are reluctant to come forward. It’s up parents to develop that open, honest line of communication. Start with some short conversations, and ask:

• When you are online, has anyone you don’t know ever tried to contact you?
• What would you do if they did?
• Why do you think someone would want to talk to a kid online?
• Why do you think adults sometimes pretend to be kids online?
• Has anyone you know ever sent a picture of themselves that got passed around school?
• What do you think can happen if you send a photo to anyone—even a friend?
• What if that picture were embarrassing?

Finally, consider using what you’ve just learned to start the conversation. “Hey, I heard this story on the news today about kids getting pressured to send pictures and videos of themselves to people online. Have you heard anything like that before?”

What to do if sextortion has already taken place:

If your child discloses that he or she is the victim of sextortion, report it to the FBI by calling 1-800-CALL-FBI or online at https://tips.fbi.gov.

If you are a victim and not ready to talk to the FBI yet, go to a trusted adult. Tell that adult that you are being victimized online and need help. Remember, you are not the one in trouble. Criminals will try to make you feel unsure, scared or embarrassed. Your willingness to talk to a trusted adult, though, may just be the key to keeping this predator from hurting someone else.

More information: Students, parents and educators can find more tools and information on the FBI’s website at https://www.fbi.gov/stopsextortion

Lt. Sitton photo

Lieutenant Brad Sitton, Tigard Police Department, recently completed one of the toughest challenges available to local law enforcement officers: the FBI National Academy. Lt. Sitton and two other Oregon law enforcement officers graduated a ten-week training session at the FBI National Academy in Quantico, Virginia, in September.

This honor is a highly sought after opportunity for the future leaders in local law enforcement communities. The process is very competitive and includes a nomination by a supervisor; interviews with the candidate and co-workers to determine leadership skills and abilities; a background check; a determination of physical fitness; and the support of former National Academy graduates within the candidate's organization. 

"The exceptional leaders selected to attend the National Academy have a great opportunity to share their experiences with peers and learn best practices from across the country and the world,” said Renn Cannon, Special Agent in Charge of the FBI in Oregon. “Only a few law enforcement officers from Oregon attend each year, and we are proud to sponsor Lt. Sitton and our other local partners in the National Academy.” 

Lt. Sitton has been in law enforcement since 2003 and full time since 2006, all with the Tigard Police Department. He has served as a field training officer, a firearms instructor, a training officer, a motor officer, a sergeant, and a patrol lieutenant. He currently serves as an investigations lieutenant. 

“One of the Tigard Police Department’s strategic priorities is to strengthen our leadership system,” said Chief Kathy McAlpine, Tigard Police Department. “Investing in the future through succession planning is one area of focus. The FBI National Academy has a long-standing reputation as one of the leading professional development institutes for executive level training. Lieutenant Sitton represented the Tigard Police Department in a professional manner, and we are excited to have him back.”  

During the ten weeks of training, local executive-level law enforcement officers spend most of their time in the classroom. Lt. Sitton’s National Academy classes included: Forensics; Cyber Crimes; Counter Terrorism; Essentials for Law Enforcement Executives; and physical fitness and wellness training. The program allows participants the opportunity to earn college credits through the University of Virginia for some of those studies.  

Each year, the FBI sponsors four sessions of the National Academy. Each session includes about 220 local law enforcement officers from throughout the United States and around the world. While in the academy, the officers and deputies live in a dorm-like setting. The FBI does not charge U.S. students for tuition, books, equipment, meals, lodging or travel to and from their home. 

Lt Wilkerson

Chief Deputy Carl Wilkerson, Lane County Sheriff’s Office, recently completed one of the toughest challenges available to local law enforcement officers: the FBI National Academy. Chief Deputy Wilkerson and two other Oregon law enforcement officers graduated a ten-week training session at the FBI National Academy in Quantico, Virginia, in September. 

There is a highly competitive process local law enforcement officers must go through to be selected for this honor. That process includes a nomination by a supervisor; interviews with the candidate and co-workers to determine leadership skills and abilities; a background check; a determination of physical fitness; and the support of former National Academy graduates within the candidate's organization.  

"The exceptional leaders selected to attend the National Academy have a great opportunity to share their experiences with peers and learn best practices from across the country and the world,” said Renn Cannon, Special Agent in Charge of the FBI in Oregon. “Only a few law enforcement officers from Oregon attend each year, and we are proud to sponsor Chief Deputy Wilkerson and our other local partners in the National Academy.” 

Chief Deputy Carl Wilkerson started with the Lane County Sheriff’s Office in 1994. He became a deputy in 1996, working in corrections and later transferring to the Police Services Division. He served as a patrol deputy on the Traffic Safety Team, as a Creswell contract deputy, and on county patrol, serving community members over an area of 4,600 square miles. In 2005, the agency promoted him to detective in the Criminal Investigations Section, and, in 2013, to sergeant. In 2018, he promoted to the position of Police Services Lieutenant before accepting the promotion to Chief Deputy, second in command to the Sheriff, in 2019. Chief Deputy Wilkerson has served on the Marijuana Eradication Team, as a drug recognition expert; as a SWAT operator; and on the Interagency Deadly Force Investigations Team.   

“I am extremely proud of Chief Deputy Wilkerson and thankful he was able to participate in this once in a lifetime opportunity for law enforcement leaders in this nation,” said Sheriff Cliff Harrold, Lane County Sheriff’s Office. “I am looking forward to his return to the office where the information, knowledge, and skills he gained at the FBI National Academy will be used for the betterment of our organization and the community we serve.”   

During the ten weeks of training, local executive-level law enforcement officers spend most of their time in the classroom. Chief Deputy Wilkerson’s National Academy classes included: Critical Incident Leadership; Crisis Negotiations; Contemporary Issues in Police and Media Relations; Essentials for Law Enforcement Leaders; Behavioral Science for Law Enforcement Leaders; Fitness in Law Enforcement; and Contemporary Issues in Law Enforcement. The program allows participants the opportunity to earn college credits through the University of Virginia for some of those studies.  

Each year, the FBI sponsors four sessions of the National Academy. Each session includes about 220 local law enforcement officers from throughout the United States and around the world. While in the academy, the officers and deputies live in a dorm-like setting. The FBI does not charge U.S. students for tuition, books, equipment, meals, lodging or travel to and from their home.  

TT - HTTPS - GRAPHIC - October 1, 2019

Welcome to the Oregon FBI’s Tech Tuesday segment. This week: building a digital defense to stay safe while surfing online. October marks Cyber Security month in the U.S., and over the next few weeks we will be focusing on some back-to-basic topics to keep you safe on the internet.

For years, you’ve been told to look at any given web address to make sure it starts with an “HTTPS” designation. That “HTTP” – or Hypertext Transfer Protocol – is how your browser talks to the website. The “s” at the end indicates that it is now Hypertext Transfer Protocol Secure, meaning that the communication between your browser and the website is, well, now secure. Also, you are told to look for the “lock” icon in the address bar. That, combined with the HTTPS designation, are supposed to indicate the web traffic is encrypted and that visitors can share data safely. 

Unfortunately, cyber criminals are also banking on the public’s trust of “HTTPS” and the lock icon. The FBI’s Internet Crime Complaint Center is reporting that fraudsters are now more frequently incorporating website certificates—third-party verification that a site is secure—when they send potential victims emails that imitate trustworthy companies or email contacts. These phishing schemes are used to acquire sensitive logins or other information by luring victims to a malicious website that looks secure.

RECOMMENDATIONS:

The following steps can help reduce the likelihood of falling victim to HTTPS phishing:

• Do not simply trust the name on an email; question the intent of the email content.
• If you receive a suspicious email with a link from a known contact, confirm the email is legitimate by calling or emailing the contact; do not reply directly to a suspicious email.
• Check for misspellings or wrong domains within a link (e.g., if an address that should end in “.gov” ends in “.com” instead).
• Do not trust a website just because it has a lock icon or “HTTPS” in the browser address bar.

As always, if you have been the victim of an online fraud, report it to the FBI’s Internet Crime Complaint Center at www.ic3.gov or call your local FBI office. 

###

TT - International Student Scam - GRAPHIC - September 24, 2019

Welcome to the Oregon FBI’s Tech Tuesday segment. This week: building a digital defense against scams targeting international students. 

Kids are headed back to school, and for some students – the journey is more than just a walk down the street. This time of year, there are plenty of foreign exchange students arriving to spend time in American high schools and international students arriving to start programs at the university level. These visitors, however, are particularly vulnerable to fraudsters.

Our partners at the Federal Trade Commission (FTC) recently reported that foreign exchange students are getting phone calls that appear to come from a government agency. The scammer will typically fake – or spoof – the caller ID so it looks as though the call is legitimate. Once the fraudster has captured the victim’s attention with the caller ID, the bad guy will attempt to bolster his credibility by revealing information about the person’s immigration status or details about the school program the student is attending. 

The caller will then claim there is some sort of problem with the victim’s immigration documents or visa renewal. The fraudster will threaten the victim that he could be arrested or deported if he doesn’t immediately make a payment to correct the problem. The scammer will likely ask to be paid through a wire transfer, gift card, or cryptocurrency. 

But here are the facts – U.S. government officials aren’t going to ask for payment by phone – especially payments in those ways. They will also not ask you to confirm basic personal information, such as passport number, over the phone. 

If you get a call or email like this and are still concerned about your immigration or visa status, call United States Citizenship and Immigration Services at at 800-375-5283 to verify the validity of the claims made.

As always, if you have been the victim of an online fraud, report it to the FBI’s Internet Crime Complaint Center at www.ic3.gov or call your local FBI office.