Internet Crime Complaint Center's (IC3)

Scam Alerts

July 18, 2013

FBI Logo

This report, which is based upon information from law enforcement and complaints submitted to the IC3, details recent cyber crime trends and new twists to previously-existing cyber scams.


The following scheme has been reported and has targeted at least five petroleum companies. The perpetrators registered domain names closely resembling the domain names of the victim companies that were slightly misspelled. The perpetrators then sent targeted e-mails to individuals who were identified as having the ability to initiate a wire transfer within the company. The e-mails appeared legitimate, were sent to the correct person at the company, and had contact information for the requester (usually someone in the company with the authority to request a transfer). The victim company contacted the requestor at the number provided in the e-mail (instead of using information contained in an internal directory) and provided him/her with the information and documents required to initiate the transfer. The perpetrator completed the form and initiated the wire transfer.

A variation of this scheme involved perpetrators creating a domain name similar in spelling to a victim company’s sub-contractor domain. The perpetrator then e-mailed the individual in charge of initiating payments to that sub-contractor and informed him/her due to various reasons, the sub-contractor needed to change the account information for all payments initiated to the sub-contractor. The e-mail contained the name of a legitimate person at the sub-contractor, but provided a number belonging to the perpetrator. The company called the perpetrator to verify the account change and changed the payment information. The company was then contacted by its sub-contractor about delinquent payments.

Most of these schemes are occurring in the aforementioned industry, but based on the success of these schemes, the perpetrators may expand their target group.

Because of the increased number of spear-phishing attacks reported recently to the IC3, on June 25, 2013, the IC3 released a PSA educating consumers on spear-phishing. The PSA is available at


The IC3 received information pertaining to the below scam from an eCommerce Industry partner.

Gift Card tampering and balance theft continues to be an evolving fraud concern, and for many merchants the activity occurs under the radar. Gift cards, as a tender, allow fraudsters to be more anonymous, offer multiple outlets to turn them into cash, and can be used as a way to launder money.

Gift cards come in multiple forms: physical, e-mail, and mobile, and can be purchased in stores and online; the multiple forms allow for multiple points of manipulation for fraudsters to exploit.

Below are some common gift card fraud methods:

Gift Card Tampering

Method #1

Method #2

Method #3

Merchandise Theft/Return Fraud

Social Engineering


The IC3 would like to bring attention to a widely distributed adware virus variant named Chitka. Although this virus is a few months old, the IC3 recently received information about how Chitka operates. The virus is designed to place banners onto infected systems to generate revenue based on clicks. The variant changes browser settings, registry keys, and edits the host file in Windows. This variant has also been found to act as a download for additional malware, and forwards specific credentials and cookies retrieved during the users web browsing.