04/07/09—The IC3 has been alerted to the circulation of a fraudulent e-mail, purportedly from The Oprah Winfrey Show, notifying recipients of their nomination for the “Oprah Millionaire Contest Show.” To participate, recipients are requested to mail their contact information such as full name, address, telephone number, and e-mail address; however, no mailing address was provided. Verified contestants are then required to purchase airfare and a ticket to attend The Oprah Winfrey Show, as well as complete a forthcoming contest form containing personal questions. The contestants are then promised a seat for The Oprah Winfrey Show in April and asked to provide their responses to the personal questions for a chance to win a million dollars.

Consumers always need to be alert to unsolicited e-mails. Do not open unsolicited e-mails or click on any embedded links, as they may contain viruses or malware. Providing your personally identifiable information will compromise your identity!

Individuals who receive such e-mails are encouraged to file a complaint at www.ic3.gov.

Many of the spam e-mails currently in circulation claim to be an "official order" from the FBI's Anti-Terrorist and Monetary Crimes Division, from an alleged FBI unit in Nigeria, confirm an inheritance or contain a lottery notification, all informing recipients they have been named the beneficiary of millions of dollars.  To claim the large sum, recipients are instructed to furnish their personally identifiable information (PII) and are often threatened with some type of penalty, such as prosecution, if they fail to do so. Specific PII information requested includes, but is not limited to, the recipient's name, banking information, telephone number, and a copy of their passport.

The spam e-mail allegedly from the IC3 states that the recipient has extorted money and will be given a limited amount of time to refund the money or face prosecution.

Do not respond. These e-mails are a hoax.

The FBI does not send unsolicited e-mails of this nature. FBI Executives are briefed on numerous investigations but do not personally contact consumers regarding such matters. In addition, the IC3 does not send threatening letters to consumers demanding payments for Internet crimes.

Consumers should not respond to any unsolicited e-mails or click on any embedded links associated with such e-mails, as they may contain viruses or malware.

It is imperative consumers guard their PII. Providing your PII will compromise your identity!

If you have been a victim of Internet crime, please file a complaint at www.IC3.gov.

For previous PSAs concerning e-mail scams targeting the FBI and other government agencies:

*  http://www.ic3.gov/media/2008/081205-1.aspx
*  http://www.ic3.gov/media/2008/081016.aspx
*  http://www.ic3.gov/media/2008/080606.aspx
*  http://www.ic3.gov/media/2008/080508.aspx
*  http://www.ic3.gov/media/2008/080606.aspx
*  http://www.ic3.gov/media/2007/071214.aspx
*  http://www.ic3.gov/media/2007/070717-2.aspx
*  http://www.ic3.gov/media/2007/070717-3.aspx
*  http://www.ic3.gov/media/2007/070627.aspx
*  http://www.ic3.gov/media/2006/061018.aspx
*  http://www.ic3.gov/media/2006/061013-2.aspx
*  http://www.ic3.gov/media/2006/060724.aspx
*  http://www.ic3.gov/media/2005/051201.aspx
*  http://www.ic3.gov/media/2005/051122.aspx

The FBI has received information concerning a new technique used to conduct vishingi attacks. The recent attacks were conducted by hackers exploiting a security vulnerability in Asterisk software. Asterisk is free and widely used software developed to integrate PBXii systems with Voice over Internet Protocol (VoIP), digital Internet voice calling services; however, early versions of the Asterisk software are known to have a vulnerability.

The vulnerability can be exploited by cyber criminals to use the system as an auto dialer, generating thousands of vishing telephone calls to consumers within one hour.

The vulnerability referred to in this alert is a known vulnerability. Digium, the original creator and primary developer of Asterisk, released a Security Advisory, AST-2008-003, in March of 2008, which contains the information necessary for users to configure a system, patch the software or upgrade the software to protect against this vulnerability.

If a consumer falls victim to this exploit, their personally identifiable information (PII) will be compromised.
To prevent further loss of consumers' PII and to reduce the spread of this new technique, it is imperative businesses, using Asterisk, upgrade their software to a version that has had the vulnerability fixed.

Further, consumers should not release personal information in response to unsolicited
telephone calls. Providing your PII will compromise your identity!

If you have been a victim of Internet crime, please file a complaint at
www.IC3.gov.

1.  Vishing utilizes caller ID spoofing via VoIP to contact potential
victims in order to gain access to their PII by convincing the victim that the criminal
is associated with a legitimate business with a need to know the victim's PII.
2.  PBX Systems are used by companies to allow telephone calls
between VoIP enterprise users on local lines while allowing all users to share a
limited number of external lines.

Spam, purportedly from the FBI, continues to be an epidemic. As with past spam attacks, the latest version uses
an FBI official's name. The current spam e-mail claims to be an official order from the FBI's Anti-Terrorist and Monetary Crimes Division. Recipients are told they have been named the beneficiary of millions of dollars; however, the e-mail claims the FBI has stopped the transfer of these funds due to suspicion that they are related to terrorism.

Recipients are also given directions on how to obtain a "Diplomatic Immunity Seal of Transfer" which must be provided or they will face prosecution. Assistant Director Favreau is fraudulently listed as the "veteran special agent" who authorized the "official" order.

Do not respond, these e-mails are a hoax.

The FBI does not send unsolicited e-mails. Consumers should not respond to any unsolicited e-mails or click on any embedded links, as they may contain viruses or malware.

It is imperative consumers guard their personally identifiable information (PII). Providing your PII will compromise your identify!

If you have been a victim of Internet crime, please file a complaint at  www.IC3.gov.