FBI Security Alerts

[SalesServiceGuy]

Area codes are no longer Area codes – but they can be used for scamming

The area code displayed when you receive a phone call tells you from what location the call was placed, right?

Wrong.

While we still commonly speak of “area codes” – a legacy term that implies a connection between a particular three-digit prefix and the physical location of the communications equipment associated with it – the truth is that area codes have long since been transformed from representing physical places into simply the first three digits of our new, standard, 10-digit telephone numbers.
There are official tables showing which three-digit codes are assigned to which locations under the North American Numbering Plan, but technological advances and policy changes have dramatically diminished the meaningfulness of these relics of a bygone era.

Online communications services like Google Voice, eFax, and other offerings let people choose their own area codes, people signing up for phone lines utilizing Voice over IP technology (eg, Vonage) get to pick their area codes, and mobile-phone service providers usually let people choose their full ten-digit numbers as well.

A scammer seeking to build confidence and trust among victims for a financial scam, might, for example, acquire a number with a 212 area code – instilling even before his or her intended victim answers the phone a perception that the caller represents a long-established New York financial institution.

Similarly, scammers calling from outside of the United States can easily establish US-based numbers in order to reduce the suspiciousness of intended victims. Clever crooks may even call people from numbers that appear to be local to the victims – and establish a bond by referring to local sites – something about which they can easily learn online or by viewing social media postings.

There is a reason that technology companies located far from California have been known to obtain phone numbers associated with the Silicon Valley area.

So, the next time you receive a call from an area code that you recognize as tied to some particular location, keep in mind that the call may be from there – or from anywhere else on the planet.

... I was attacked by this scam three times today all saying that if I did not immediately pay $400.00 I was in some sort of big trouble. Plus I think it was an autodialer.

[slimslob]

Area codes are no longer Area codes – but they can be used for scamming

The area code displayed when you receive a phone call tells you from what location the call was placed, right?

Wrong.

While we still commonly speak of “area codes” – a legacy term that implies a connection between a particular three-digit prefix and the physical location of the communications equipment associated with it – the truth is that area codes have long since been transformed from representing physical places into simply the first three digits of our new, standard, 10-digit telephone numbers.
There are official tables showing which three-digit codes are assigned to which locations under the North American Numbering Plan, but technological advances and policy changes have dramatically diminished the meaningfulness of these relics of a bygone era.

Online communications services like Google Voice, eFax, and other offerings let people choose their own area codes, people signing up for phone lines utilizing Voice over IP technology (eg, Vonage) get to pick their area codes, and mobile-phone service providers usually let people choose their full ten-digit numbers as well.

A scammer seeking to build confidence and trust among victims for a financial scam, might, for example, acquire a number with a 212 area code – instilling even before his or her intended victim answers the phone a perception that the caller represents a long-established New York financial institution.

Similarly, scammers calling from outside of the United States can easily establish US-based numbers in order to reduce the suspiciousness of intended victims. Clever crooks may even call people from numbers that appear to be local to the victims – and establish a bond by referring to local sites – something about which they can easily learn online or by viewing social media postings.

There is a reason that technology companies located far from California have been known to obtain phone numbers associated with the Silicon Valley area.

So, the next time you receive a call from an area code that you recognize as tied to some particular location, keep in mind that the call may be from there – or from anywhere else on the planet.

... I was attacked by this scam three times today all saying that if I did not immediately pay $400.00 I was in some sort of big trouble. Plus I think it was an autodialer.

Scammers have been using spoofed phone numbers for years. One trick they were using for a while was to spoof a number with the same area code and prefix as yours so you think it might be a neighbor. I have had them tell me it was the IRS, IRS does not call first,

[SalesServiceGuy]

Scammers have been using spoofed phone numbers for years. One trick they were using for a while was to spoof a number with the same area code and prefix as yours so you think it might be a neighbor. I have had them tell me it was the IRS, IRS does not call first,

... that is the exact spoof that someone(s) tried to trick me with today. To me, six of the ten digits that appeared on my mobile and landline phone were very local. So local.. I immediately disbelieved the honesty of the call.

[KenB]

Lately I’ve been getting the “student loan forgiveness” scam call.

One of the few that actually leaves a voicemail, and not in a thick accent (although obviously automated).

[SalesServiceGuy]

Colonial Pipeline cyberattack shuts down pipeline that supplies 45% of East Coast's fuel

The attack highlights how ransomware and other cyberattacks are increasingly a threat to real-world infrastructure.


"In response, we proactively took certain systems offline to contain the threat, which has temporarily halted all pipeline operations, and affected some of our IT systems," the company said in a statement.

Colonial said Friday that it's "taking steps to understand and resolve this issue."

"At this time, our primary focus is the safe and efficient restoration of our service and our efforts to return to normal operation. This process is already underway, and we are working diligently to address this matter and to minimize disruption to our customers and those who rely on Colonial Pipeline," the company said.

Colonial, founded in 1962, says it transports about 45% of all fuel consumed on the East Coast. The pipeline system that spans more than 5,500 miles has two main lines: one for gasoline and another for things like diesel and jet fuel.

Colonial said it engaged a third-party cybersecurity firm to launch an investigation into the "nature and scope of this incident" and also contacted law enforcement and other federal agencies.

[Phil B.]

Scammers have been using spoofed phone numbers for years. One trick they were using for a while was to spoof a number with the same area code and prefix as yours so you think it might be a neighbor. I have had them tell me it was the IRS, IRS does not call first,

I get alot of IRS Calls and Continuing Education calls.

Sent from my SM-G960U using Tapatalk

[SalesServiceGuy]

In Wake Of Pipeline Hack, Biden Signs Executive Order On Cybersecurity


President Biden signed an executive order Wednesday boosting America's cyberdefenses following a ransomware attack on a company that operates a pipeline that provides nearly half of the gasoline and jet fuel for the country's East Coast.

The broad order, which the administration had been working on for months, aims to strengthen cybersecurity for federal networks and outline new security standards for commercial software used by both business and the public.

"Recent cybersecurity incidents such as SolarWinds, Microsoft Exchange, and the Colonial Pipeline incident are a sobering reminder that U.S. public and private sector entities increasingly face sophisticated malicious cyber activity from both nation-state actors and cyber criminals," the White House fact sheet says.

In a briefing with reporters Wednesday, a senior Biden administration official said that the order "reflects a fundamental shift in our mindset from incident response to prevention, from talking about security to doing security."


As NPR first reported last month, the order lays out a series of new requirements for companies that do business with the federal government.

The administration's goal is not only to boost federal defenses but also to use the purchasing power of the government to get those higher standards to trickle down to the private sector.

The administration also wants to pilot a program like those Energy Star ratings on appliances so consumers know if software was developed securely.

"We see small companies being forced to pay a ransom to get their business back up and running," Anne Neuberger, the deputy national security adviser for cyber and emerging technology at the White House, told NPR's Dina Temple-Raston in a recent interview. "You know, we see school systems' networks down due to criminals. So those risks touch everyday Americans' lives, as well as at the national level."

Biden's order requires companies to report certain information about cyber breaches. It updates security standards on government networks, including mandating multifactor authentication and encryption. And it creates a playbook for cyber-incident response by federal agencies.

It also establishes a Cybersecurity Safety Review Board to analyze incidents. It's modeled on the National Transportation Safety Board, which reviews airplane crashes and incidents with other modes of transportation.

The order comes in the wake of the Colonial Pipeline hack and after other recent cyberattacks. (Colonial had just restarted its pipeline earlier Wednesday.)

A focus on Russia

While cyberthreats come from all over the world, the pipeline attack brought focus back to Russia, because Biden says the alleged criminal group has ties to the country.

Biden expects to meet with his Russian counterpart soon. He suggested this could be a topic of discussion.

"I'm going to be meeting with President [Vladimir] Putin, and so far there is no evidence based on, from our intelligence people, that Russia is involved, although there's evidence that the actors' ransomware is in Russia," Biden has said. "They have some responsibility to deal with this."

The two are expected to meet during Biden's trip overseas to meet with European leaders next month.
Matthew Rojansky, director of the Wilson Center's Kennan Institute, who is close to the administration, said both governments are vulnerable to cyberattacks.

He said it's in both of their interests to start a conversation on rules of engagement, which he added could be part of larger plans to discuss arms control and security.

"And you can start just by laying out red lines and talking about deterrence," he said. "You know, 'If you do X, we do Y, and you don't want Y, so don't do X,' but you can move from there eventually, build a little bit of working trust and possibly establish an actual framework that looks like arms control."

The administration has made clear, though, that the cyberthreat goes well beyond Russia.

"It's not specifically a bilateral problem; it's also a China problem," said Ari Schwartz, who served as cybersecurity director in the Obama White House. "It's a problem with Iran and North Korea, and it's also a problem with a criminal issue. It's all of those things, and the Biden administration said that very directly on several occasions."

The Biden administration says for too long the government and the country have failed to take the necessary steps to boost defenses.

"These are systems that we use to run government and conduct commerce — systems that are used to deliver our power and our water, to help manage traffic on our roads," the Biden official told reporters. "The cost of the continuing status quo is simply unacceptable."

.... I fully expect print vendors to jump onboard with this quickly to gain a competitive advantage. It will be just like Energy Star II ratings on copiers. Everybody has to have it.

[BillyCarpenter]

In Wake Of Pipeline Hack, Biden Signs Executive Order On Cybersecurity

That's like the firemen showing up just in time to save the concrete slab. Nice work.

[SalesServiceGuy]

That's like the firemen showing up just in time to save the concrete slab. Nice work.

... "The broad order, which the administration had been working on for months..."

[BillyCarpenter]

... "The broad order, which the administration had been working on for months..."

Uh huh. It's more like we got attacked in a big way and someone put a piece of paper in front of Joe to make it look like he's doing something. Keep trying to sell it. Someone may bite. Not me,