The goal is theft of money and personal information, according to Shawn Henry, the assistant director of the bureau's cyber division.
E-mails attempt to lure victims to dummy e-commerce sites in hopes of gleaning credit card numbers and passwords, the FBI says. By mimicking legitimate sites, they lull unsuspecting shoppers into giving up the information as they make what they think are legitimate purchases.
The e-mails look real, often containing legitimate company logos and live links.
In some cases criminals direct users to genuine Web sites, but trigger popups over them to capture personal information that they use to run up credit-card bills and drain bank accounts, according to the FBI.
The information entered will most likely be sold to other criminals who will exploit them for cash and merchandise, the bureau says.
Greeting card scams come in the form of e-mails urging recipients to click on a link to read a greeting card that has been sent to them. When they do, they are directed to a site where malicious software is automatically downloaded to their machines, the FBI says.
Other attacks come in the form of e-mails informing recipients that one of their accounts has a problem and to click on a link to clear it up. When they do, they are taken to a fraudulent site where they are asked for account numbers and PINs.
One scam is in the form of a survey, at the end of which participants are asked for account information so funds can be transferred to them in appreciation for their help.
FBI tips to avoid becoming a victim:
- Do not respond to spam.
- Do not click on links contained within unsolicited e-mail.
- Be cautious with e-mail containing attachments and open only those from known senders.
- Don't supply personal information via e-mail surveys.
- Compare the links in e-mails to the links they connect to in order to determine if they match. If they don't, leave the site.
- Log on to Web sites that are advertised in unsolicited e-mail rather than connecting via links in e-mails.
- Contact the business that purportedly sent the e-mail to verify if it is genuine.
The FBI urges victims of cyber crimes to report them to the Internet Crime Complaint Center at www.ic3.gov.