FBI - Oregon
Emergency Messages as of 11:04 am, Wed. Dec. 13
No information currently posted. Operating as usual.
Subscribe to receive FlashAlert messages from FBI - Oregon. Please use any browser other than Internet Explorer.
Primary email address for a new account:

Emergency Alerts News Releases  
And/or follow our FlashAlerts via Twitter

About FlashAlert on Twitter:

FlashAlert utilizes the free service Twitter to distribute emergency text messages. While you are welcome to register your cell phone text message address directly into the FlashAlert system, we recommend that you simply "follow" the FlashAlert account for FBI - Oregon by clicking on the link below and logging in to (or creating) your free Twitter account. Twitter sends messages out exceptionally fast thanks to arrangements they have made with the cell phone companies.

Click here to add FBI - Oregon to your Twitter account or create one.

Hide this Message


Manage my existing Subscription

News Releases
FBI Tech Tuesday - Building a Digital Defense Against the Internet of Things (IoT) - 12/12/17

Welcome to the Oregon FBI's Tech Tuesday segment. This week, building a digital defense against "Internet of Things" - or "IoT" attacks.

If you were thinking about asking Santa for something from the "Internet of Things" world this year -- you have plenty of options. The possibilities include everything from devices that control your lights and thermostat to security systems to gaming systems and music players. There are wearables such as fitness trackers and tech-connected clothes. Or, how about a new Internet-enabled fridge or stove?

Once you get your wish list together, don't forget to ask for a hub to control all of your other "things" through a single app on your phone. We will all be living like the family of the future in no time! In fact, the FBI estimates that the number of "Internet of Things" or "IoT" devices will increase from 5 million last year to anywhere from 20 to 50 million in the year 2020.

But, before the sleigh and eight tiny reindeer show up on your roof, make sure you are ready for the reality of what you are bringing into your home.

Bad actors have been taking advantage of the lack of security, manufacturers' difficulty in patching vulnerabilities, and consumers' inexperience to exploit these devices. In many cases the devices are just using default usernames and passwords, which make them easy targets for the cyber thieves. Criminals can use that open door to force your device into service as part of a botnet -- or to access other connected systems that have sensitive personal or business info.

It can be difficult to know if your IoT device has been compromised, but there are simple steps you can take to help secure your things:

* Change default usernames and passwords. Many default passwords are collected and posted on the Internet. Do not use common words and simple phrases or passwords containing easily obtainable personal information, such as important dates or names of children or pets.

* If you can't change the password on the device, make sure your wireless Internet service has a strong password and encryption.

* Invest in a secure router with robust security and authentication. Most routers will allow users to whitelist, or specify, which devices are authorized to connect to a local network.

* Isolate IoT devices on their own protected networks.

* Turn off devices off when not in use.

* Research your options when shopping for new IoT devices. When conducting research, use reputable Web sites that specialize in cyber security analysis and provide reviews on consumer products.

* Look for companies that offer firmware and software updates, and identify how and when these updates are provided.

* Identify what data is collected and stored by the devices, including whether you can opt out of this collection, how long the data is stored, whether it is encrypted, and if the data is shared with a third party.

* Ensure all IoT devices are up to date and security patches are incorporated when available.

Santa may want to give you the future at your fingertips -- just make sure you are ready for it. For more tips about IoT devices, check out the FBI's Internet Crime Complaint Center at www.ic3.gov.

Coming up next week: how to protect your kids when Internet-connected toys show up under the Christmas tree.

FBI Tech Tuesday - Building a Digital Defense Against Holiday Scams (part 2) - 12/05/17

Welcome to the Oregon FBI's Tech Tuesday segment. This week, building a digital defense against holiday scams.

Last week, we talked about how to protect your bank account from scam artists in this shopping season. This week -- a look at other frauds that will put your festivities in a funk.

Chances are that you are getting fewer Christmas cards than you used to -- and when you do, they are just as likely to be the electronic kind as opposed to those that show up in the mailbox at the curb. In some cases, these e-cards don't even say who sent them. Don't click on any links or attachments, even if you think you know who addressed them to you. Even the most well-meaning friends and family can inadvertently send malware with their wishes for joy and happiness.

Next, scam artists are looking to take advantage of your good nature in this giving season. All kinds of legitimate non-profits are asking for donations to give kids gifts, collect for the homeless or help with the recent tragedy. Charity scams, especially this time of year, may try to look legit by copying the look or links from these real organizations. Don't click on any of those links or give to an online solicitation. Go look up the charity yourself, ensure that it is real and make a donation, if you wish, through that public web portal.

Package delivery scams are a real problem this time of year, too. If you get multiple shipments to your home -- sometimes daily -- you may forget what you ordered when. In this scam, the fraudster texts or emails you to tell you there was a problem with a package delivery. He may ask for a "redelivery fee" -- or the link you just clicked on is a "phishing" attack where you have given the scammer access to your computer. Keep track of what you bought and when it should be delivered. If you receive such a notice from a delivery company -- don't respond to the text or email -- call the company directly to resolve any issues.

In a twist to this scam -- you pay for an item, but the seller takes your money and never sends you the package. He spoofs a tracking number and makes it look as if a delivery company dropped the package at your home. You assume someone stole the item from your front porch. In this case, make sure you check with the delivery company to ensure that your address matches the tracking company's info.

Finally -- after all this holiday stress, you may be looking to get away for some R & R. This is the perfect time for the fraudster to pitch you on a cheap vacation to a luxury resort. The plane tickets and hotel stay may not be real, or you may get to the so-called resort and find out it wasn't the lavish treat you were expecting. If you need a tropical escape -- make sure to deal with mainstream airline companies and travel agents to ensure you get the trip you need.

If you have been a victim of a cyber scam, make sure to file a report with the FBI's Internet Crime Complaint Center at www.ic3.gov.

Next week -- we will talk about the risks of asking Santa to put "Internet of Things" devices on your wish list this holiday season.

***
Note to media: If you are using the Spanish or Russian translations, please advise Beth Anne Steele. We are working to determine whether these translations are beneficial.

FBI Tech Tuesday - Building a Digital Defense Against Holiday Scams (Part 1) - 11/28/17

Welcome to the Oregon FBI's Tech Tuesday segment. This week, building a digital defense against shopping scams over the holidays.

'Tis the season to fill those stockings -- but don't let fraudsters help you to empty your wallet in doing so.

Start by thinking of all those things on your shopping list. New purse for mom or new gadget for dad? Tickets to a Blazer game or concert, maybe? Perhaps the hot new toy that is impossible to find? How about some gift cards, preferably at a discount?

Never fear -- everything that you want is just a click away -- or so the scam artist wants you to think.

Fake websites are prevalent this time of year. You search for a particular item and find it on a professional looking website. Lucky you -- the price is especially low considering it is allegedly a name-brand product or hard-to-get item. Warning signs that your great deal is going to be a big bust:

* The site isn't secure. (You should look for the lock symbol and an "s" at the end of the "http" portion of the site's URL).
* The site doesn't have contact information for customer issues.
* The seller requires you to use a wire transfer or gift card to pay.

If you get taken by a fake website, the item you paid for will either be a cheap counterfeit or will never show up at all.

If you are buying tickets to an event, make sure you go through the team or act's website -- or a reputable re-seller. You don't want to show up and find out that you are locked out.

Finally with gift cards -- don't respond to emails or texts offering discounts. You may be clicking on a phishing attack where the fraudster wants to steal your PII or personally identifiable information.

Likewise, if you are buying gift cards in a store -- ensure that there is a secure PIN on the back and that it hasn't already been scratched off and covered up. Fraudsters often record card numbers, wait for you to activate the cards and then cash them out before you've even gifted them to your friend.

Shop smartly and keep a list of everything you purchase online this holiday season, who or where you bought it from and when it should arrive. In the chaos of the season, you may not even realize that your must-have item is a no-show until it is too late.

If you have been a victim of a cyber scam, make sure to file a report with the FBI's Internet Crime Complaint Center at www.ic3.gov.

Next week -- we will talk about some other kinds of holiday scams that could be arriving on your doorstep soon.

***
Note to media: If you are using the Spanish or Russian translations, please advise Beth Anne Steele. We are working to determine whether these translations are beneficial.

FBI Tech Tuesday: Building a Digital Defense Against the Dangers of Using Social Media While Traveling - 11/21/17

Welcome to the Oregon FBI's Tech Tuesday segment. This week: building a digital defense against the dangers of using social media while traveling.

You know you've been there. You are scrolling through Facebook or Instagram, and your friends are posting annoying photos of themselves at some beautifully exotic beach... or mountain climbing in some gorgeous remote location. Some day... you think... you will be the one to show off your family photo from the happiest place on earth. Or, maybe, a shot of yourself lounging on a sailboat in the Caribbean.

Social media is often the fastest and easiest way to communicate -- that is make your friends jealous -- when you are away. But hitting "submit" on that post it is not always the safest way to go.

By telling people where you are -- and are not -- you are giving criminals a huge advantage. Here are just some of the ways you are making yourself, and your family, vulnerable:

* Burglars now know that your home is an easier target.

* Family members may become more susceptible to virtual kidnapping scams. The bad guy knows you are traveling in whatever country. He calls your mom, convinces her you have been taken hostage and demands money. She can't get ahold of you because you are busy parasailing, and she ends up paying the ransom while fearing for your life.

* Fraudsters can use your flight info or other details to launch a "phishing" attack on you. You receive an email or text from your supposed airline about your flight... only to find out later that you have now downloaded malware or given out more personal info that can be used for identity theft.

So what to do?

* Check your social media account privacy settings to make sure you are using the most secure options available. Only let chosen friends view your account.

* Resist the urge for more followers, and only accept those people you know face-to-face as friends.

* Don't post pictures on your feeds until you return home.

* Don't post information about your flights, hotel reservations or specific activities that you are doing. Likewise, do not "check in" from any of these locations.

* Finally, take this time to just unplug and enjoy. There will be plenty of opportunities to make your friends jealous after you return.

If you have been victimized by an online scam, report your suspicious contacts to the FBI. You can file an online report at the FBI's Internet Crime Complaint Center at www.ic3.gov or call your FBI local office.

FBI Arrests Portland Man on Child Pornography Production Charge: Juan "Carlos" Ramon Has Reportedly Held Significant Positions of Trust with Children - 11/17/17

FBI Agents arrested Juan "Carlos" Ramon for production of child pornography at his Portland home on Thursday, November 16, 2017. According to the criminal complaint filed in this case, Ramon allegedly approached two young Louisiana girls via an app called "Musical.ly" The complaint further alleges that Ramon convinced the children, ages 6 and 8, to send him sexually explicit photos and videos of themselves. A musical.ly user has the ability to generate a video, generally lasting between 15 seconds and 1 minute, which the user can then share with others using the site.

The complaint further alleges that Ramon contacted many other minors for explicit material.

Investigators believe Ramon may have had the opportunity for direct contact with children over a period of years as a result of various jobs he has held. Investigators believe that Ramon is currently employed by El Programa Hispano Católico (Catholic Charities) in Gresham. They also believe he previously worked for Metropolitan Family Service's SUN School program in Gresham.

The FBI offers this advice to concerned parents:

Parents who have a child who has come in contact with Mr. Ramon should let their child know that he has been arrested for inappropriate behavior with a child. Parents should tell their child that if Mr. Ramon did, or said, anything inappropriate to them to let them know. If a child discloses an incident that did happen to him or her, or that they observed happen to someone else, the parent should not ask the child detailed questions about the incident. Instead, please contact your local law enforcement agency or the FBI at (503) 224-4181.

This investigation began in late June 2017 when a family contacted the Ouachita Parish (Louisiana) Sheriff's Office about what was believed to be victimization of children. A deputy sheriff with the Ouachita Parish Sheriff's Office who also serves as a Task Force Officer with the FBI's New Orleans Office and is assigned to the Internet Crimes Against Children (ICAC) Task Force there, investigated this case.

Ramon made his initial appearance before U.S. Magistrate Judge Paul Papak today and was ordered detained.

A criminal complaint is only an accusation of a crime, and all defendants should be considered innocent until proven guilty.

###

FBI Increases Reward in Hunt for Sex Trafficking Suspect - 11/17/17

UPDATE

Fugitive Kamau Curnal turned himself in to the U.S. Marshals Service in Seattle on the evening of Thursday, November 16, 2017. The arrest was without incident. Curnal will appear at 2:00 pm today in front of Magistrate Judge Brian Tsuchida in the Seattle Federal Courthouse at 700 Stewart Street.

The FBI would like to thank the Washington and Oregon media for their assistance in bringing this fugitive investigation to a conclusion.

###

*********************

The FBI's Portland Division is increasing the reward being offered to up to $15,000 for information leading to the arrest and conviction of Kamau Kambui Leland Curnal, age 29. In October 2016, a federal grand jury in Oregon charged Curnal with one count of sex trafficking of a child and one count of transportation of a minor for the purposes of prostitution. The indictment alleges that Curnal and a second man, Terrence T. Barnes (aka Aaron Barnes), drove a minor victim from Portland to Seattle as part of a trafficking operation. The FBI arrested Barnes in November 2016 in Lincoln, Nebraska.

Although the charges stem from alleged criminal activity in Oregon, Curnal is believed to have extensive ties to Seattle and may be living in that area. For that reason, the FBI is also running Facebook ads in the Seattle area in an effort to generate new leads.

Aliases: Kamau K. Curnal, Kamau Kambui Carnal, Jr., Kamau Curnal
Hair: Black
Eyes: Brown
Height: 5'11"
Weight: 185 pounds
Sex: Male
Race: Black
Wanted poster

Curnal should be considered armed and dangerous. Do not attempt to contact him directly. If in the immediate vicinity, call 911. Anyone with general information or tips about the location of Curnal is asked to call the FBI office in his or her area. In Portland, the number is (503) 224-4181. In Seattle, the number is (206) 622-0460.

All defendants should be presumed innocent until proven guilty.

FBI Wanted Poster: https://www.fbi.gov/wanted/human-trafficking/kamau-kambui-leland-curnal

FBI Arrests North Bend Man for Distribution of Child Pornography - 11/14/17

FBI agents, with the assistance of the North Bend Police Department, arrested Kirk Douglas McAmis, age 53, based on a criminal complaint charging him with distribution of child pornography. The arrest, made on November 9, 2017, was without incident.

North Bend Police Investigators are making contact with persons and organizations in the community where McAmis is known to have had contact. Anyone with concerns about interactions between McAmis and other persons known to them should contact the North Bend Police Department at (541) 756-3161.

McAmis is currently lodged in the Lane County Jail. A criminal complaint is only an accusation of a crime, and all defendants should be presumed innocent until proven guilty.

Assistant United States Attorney Amy Potter is prosecuting this case.

###

FBI Tech Tuesday: Building a Digital Defense Against Business Email Compromise - 11/14/17

Welcome to the Oregon FBI's Tech Tuesday segment. This week: building a digital defense against new version of the Business Email Compromise Scam.

We've talked about this kind of scheme before. The traditional scam starts with Company A, Company B and the fraudster who jumps in between the two. The scammer uses an email address almost identical to the one used by a business executive at Company A as he communicates with a vendor or customer at Company B. The scammer is trying to convince that vendor at Company B to route a payment into the scammer's personal bank account instead of the Company A account. Usually the businesses have a long-standing relationship, and a request to have a big dollar invoice paid by wire transfer doesn't raise any flags.

The newer version of the scam that we are talking about today goes one step further. The scammer isn't just pretending to be the CEO or CFO of Company A -- he actually takes over that persona. He has hacked that executive's email account, and he can get in to read, receive or send emails at will. As an added twist, he can set rules within the email account to automatically forward to himself any email that includes a particular keyword or is from a particular sender. The emails pass through the legitimate executive's account in a virtual sense -- but that executive may never even see them as they get deleted from his inbox immediately.

So what can businesses do? Here are a few options:

* Avoid free web-based email accounts. Establish a company domain name and use it to create formal email addresses for your employees.

* Check the "rules" setting on your account periodically to ensure that no one has set up auto-forwarding for your emails.

* Be careful what you post to social media and your company website,
especially information about who has which specific job duties. Also be cautious about using out-of-office replies that give too much detail about when your executives are out of the mix.

* Require two-factor verification for money transfers, particularly big ones. For example -- you could require a telephone call to confirm significant wire transfers. Be sure to set up this protocol early in the business relationship and outside the email environment. When the fraudster hacks your email account, you don't want him to be able to see how to evade your security protocols.
* When confirming requests, don't rely on phone numbers or email addresses embedded in the request. Look up the number from an external source when calling.

* Require your employees to use two-factor authentication to access corporate email accounts. They would need two pieces of information to log-in... something they know (such as a password) and something they have (such as a dynamic PIN that changes constantly).

* Train your employees to watch for suspicious requests -- such as a change in a vendor's payment location.

* Train your employees to avoid clicking on links or attachments from unknown senders. Doing so could download malware onto your company's computers, making you vulnerable to a hack.

If you have been victimized by this scam or any other online scam, contact the FBI. You can file an online report at the FBI's Internet Crime Complaint Center at www.ic3.gov or call your FBI local office.