Cyber criminals step up their games to harvest PII

Ramped-up spear-phishing, beta bot malware, pirated software and spam schemes

By Robert E. Holtfreter, Ph.D., CFE, CICA

robert-holtfreter-80x80-new   Taking Back the ID: Identity theft prevention analysis


Don’t expect cyber criminals to stand still. Their goal is to stay far ahead of you. Here are some of the latest updates on their common schemes.


The FBI’s Internet Crime Complaint Center (IC3) reported on its website that cyber criminals are increasing their spear-phishing attacks to gain access to the networks of numerous industry sectors. The intrusions allow hackers to exploit the vulnerabilities of software programs, which gives them the opportunity to create fake identities, steal intellectual properties and gain access to personally identifiable information (PII) for stealing money from victims’ financial accounts. The result? An increase in identity theft. (See “Cyber Criminals Continue to Use Spear-Phishing Attacks to Compromise Computer Networks,” June 25, 2013.)

Contrary to typical phishing schemes sent in mass emails, spear-phishing targets selected individuals in organizations that have the “keys” or access to their networks that the hackers want to exploit. To help legitimize the email messages and thus increase the probability that the targeted individuals will open them and respond as directed, hackers will write them to give readers the impression that the senders are employees within the organizations or reputable persons in other businesses, such as banks or merchants. However, to do this, hackers need to gain accurate knowledge about these parties from previous intrusions or social networking websites and blogs on which users post and share personal information about themselves, friends and business associates.

According to the IC3 notice, “recent attacks have convinced victims that software or credentials they use to access specific websites need to be updated. The email contains a link for completing the update. If victims click the link, they are taken to a fraudulent website through which malicious software (malware) harvests details such as the victim’s usernames and passwords, bank account details, credit card numbers, and other personal information. The criminals can also gain access to private networks and cause disruptions, or steal intellectual property and trade secrets.”

A recipient of this type of email should always contact the sender, especially if he or she supposedly is a fellow employee, to establish authenticity. If the message purports to be coming from a business, then a simple corroborating telephone call (not using, of course, the number included in the email) to someone of authority in the firm is all that is necessary. Or you can type in the website address, included with the email message, into your computer’s browser. Banks or other businesses won’t request PII in emails.

The FBI says that individuals should “avoid following links sent in emails, especially when the sender is someone you do not know, or appears to be from a business advising that your account information needs updated [and] keep your computer’s anti-virus software and firewalls updated. Many of the latest browsers have a built-in phishing filter that should be enabled for additional protection.” Victims should file a complaint by contacting the IC3 at


Beta Bot “Windows Command Process” message box


The IC3 says that the FBI is aware that cyber criminals are using a new type of malware called Beta Bot to “target financial institutions, e-commerce sites, online payment platforms, and social networking sites to steal sensitive data such as login credentials and financial information.”

This unique malware allows a hacker to modify a user’s computer settings, which blocks “access to security websites and disables anti-virus programs, leaving computers vulnerable to compromise.” If a user isn’t able to assess security websites, then he won’t be able to clean up the infection. (See “Beta Bot Malware Blocks Users Anti-virus Programs,” Sept. 18, 2013.)

Hackers often employ an authentic-looking Microsoft Windows “User Account Control” message box to lure users into giving permission to allow the “Windows Command Processor” to modify the user’s computer settings. (See an example of the message box on page 62.) If users agree, then the downloaded malware allows hackers to gain access to network systems where it searches for vulnerabilities in software programs for stealing PII. According to the IC3, hackers also distribute the Beta Bot malware via USB thumb drives and Skype.

Obviously, don’t authorize “Windows Command Processor” to make any changes. According to the IC3, users with infected computers should run full system scans with current anti-virus software. If Beta Bot blocks access to security sites, download the latest anti-virus updates or a new anti-virus program onto an uninfected computer, save it to a USB drive and run it on the infected computer. Subsequently, re-format the USB drive to remove any traces of the malware.


The FBI is warning consumers to avoid malware by purchasing software only from reliable vendors and not from unknown sellers, peer-to-peer networks, online auction sites, less-than-reputable websites and from street vendors and kiosks. “Pirated software can also be found pre-installed on computers overseas, which are ordered by consumers online and then shipped into the United States,” according to the FBI. (See “Pirated Software May Contain Malware,” FBI, Aug. 1, 2013.)

The FBI lists these real dangers:

Once installed [directly from a site or with a physical disc] on a computer, malware can record your keystrokes (capturing sensitive usernames and passwords) and steal your PII (including Social Security numbers and birthdates), sending it straight back to criminals and hackers. It can also corrupt the data on your computer and even turn on your webcam and/or microphone.
Malware can spread to other computers through removable media like thumb drives and through emails you send to your family, friends and professional contacts. It can be spread through shared connections to a home, business or even government network. Criminals can also use infected computers to launch attacks against other computers or against websites via denial of service attacks.
Pirated and infected software also may decrease the speed of your operating system and block security updates.

According to the FBI, here are some signs to look to see if your software is pirated:

  • No packaging, invoice, or other documentation — just a disc in an envelope.
  • Poor quality labeling on the disc, which looks noticeably different than the labeling on legitimate software.
  • Software is labeled as the full retail version but only contains a limited version.
  • Visible variations (like lines or differently shaded regions) on the underside of a disc.
  • Product isn’t wrapped correctly and is missing features like security tape around the edges of the plastic case.
  • Typos in software manuals or pages printed upside down.
  • User is required to go a website for a software activation key (often a ploy to disseminate additional malware).

The FBI offers advice when purchasing software:

  • When buying a computer, always ask for a genuine, pre-installed operating system, and then check out the software package to make sure it looks authentic.
  • Purchase all software from an authorized retailer. If you’re not sure which retailers are authorized, visit the company website of the product in which you’re interested.
  • Check out the company’s website to become familiar with the packaging of the software you want to buy.Be especially careful when downloading software from the Internet — an increasingly popular source of pirated software. Purchase from reputable websites. Before buying software off the beaten path, do your homework and research the average price of the product. If a price seems too good to be true, it’s probably pirated.

For full access to story, members may sign in here.

Not a member? Click here to Join Now. Or Click here to sign up for a FREE TRIAL.