The FBI is warning against common “News of The Moment” scams, where hot topics are abused to spread malware. This sort of attack will often use cross site scripting (XSS), which allows an attacker to execute code on the target website within a user’s browser using crafted values in the target site’s URL, web forms, or in cases where sites allow users to place material directly in posted content. These scams are not likely to go away anytime soon, and are increasing in their sophistication and cleverness.
Recently, social networking site users have fallen victim to “self” infecting XSS attacks where they actually perform the attack themselves by following directions to view the latest Osama bin Laden video. Before users can view the video, they must complete a “5 second security check.” Instructions to follow a few keyboard shortcuts allow users to cut and paste malicious code directly into their browser’s URL without any indications it is a viral scam.
They are also warning on scams misrepresenting the Financial Crimes Enforcement Network of The United States Department of the Treasury. Perpetrators will commonly use the names of various government agencies or officials to legitimize their scams. Most recently, there have been several complaints in which victims reported receiving an e-mail or phonecall claiming to be from the U.S. Department of the Treasury stating their lost funds, which were stolen and diverted to a foreign account registered in their name, have been recovered. The e-mail advised them to cease all money transactions, especially overseas, and to respond to the e-mail so the lost funds could be returned.
The e-mail further stated the US government is making adequate arrangements to ensure outstanding beneficiaries receive their funds. The e-mail is signed by James H. Freis, Deputy Director of the Financial Crimes Enforcement Network, and requires victims to provide personally identifiable information that could potentially result in identity theft.
The U.S. Department of the Treasury posted a scam alert on their website on April 13, 2011, stating they do not send unsolicited requests, do not seek personal or financial information from members of the public by e-mail, and recommend that recipients do not respond to these messages. The alert further provides links for victims to report solicitations claiming to be from the U.S. Treasury.