Film-Tech Cinema Systems
  Home     Products     Store     Forum     Warehouse     Contact Us    
Film-Tech Forum ARCHIVE


  
my profile | my password | search | faq & rules | forum home
  next oldest topic   next newest topic
» Film-Tech Forum ARCHIVE   » Community   » Film-Yak   » Very strange "FBI" spam email (Page 1)

 
This topic comprises 2 pages: 1  2   
Author Topic: Very strange "FBI" spam email
Michael Schaffer
"Where is the
Boardwalk Hotel?"

Posts: 4143
From: Boston, MA
Registered: Apr 2002

- posted 02-26-2005 10:46 PM      Profile for Michael Schaffer   Author's Homepage   Email Michael Schaffer   Send New Private Message       Edit/Delete Post 
We are all used to getting spam and virus emails from phoney addresses which pose as, for instance, "Microsoft support" but are easily revealed as coming from some strange website with a similar sounding name.
But today I got an email from "hostmaster@fbi.gov" which appears to actually come from that address. When I look at the properties of the address, it says the same.
I don't think the FBI would send me an email to my address at a German provider - in German, on top of that, it says "your password was changed, see attachment" - and of course, right on top of their homepage there is a warning about inauthentic "FBI emails" although the scam mentioned there is more of the "we have a few questions, please fill out the attached form" kind.
Is it possible to see where the mail came from? In the header, it says

Return-Path: <Hostmaster@fbi.gov>
X-Flags: 0000
Delivered-To: GMX delivery to -
Received: (qmail invoked by alias); 27 Feb 2005 01:56:55 -0000
Received: from d-65-175-249-239.metrocast.net (HELO bncrqhc.gov) (65.175.249.239)
by mx0.gmx.net (mx009) with SMTP; 27 Feb 2005 02:56:55 +0100
From: Hostmaster@fbi.gov
To: 3Daeaskins@gmx.net
Date: Sun, 27 Feb 2005 01:47:11 GMT
Subject: Ihr Passwort wurde geaendert
Importance: Normal
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
Message-ID: <54d0.f53c3ba4bb6d2a@fbi.gov>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="=====685f4eb.81eeb3c445c"
Content-Transfer-Encoding: 7bit
X-GMX-Antivirus: -1 (not scanned, may not use virus scanner)
X-GMX-Antispam: 0 (Mail was not recognized as spam)
X-GMX-UID: jURKKo01TlIvFpP0UGhrSVVGU2poZdmN

"3Daeaskins" is not my address at gmx.net, so I have no idea why this was even delivered to me.
I have gotten used to and simply ignore emails which tell me that my neighbor's wife is a nymphomaniac, but posing as an official agency I think crosses the line into criminal behavior, so I am thinking about reporting this. There is a form for filing complaints about this kind of email on the FBI website. They probably don't have time for stuff like that, but I think it would be better to file the complaint anyway. They probably scan all the complaints somehow and look into the offenders which turn up the most.

Edited to prevent spam bots from finding Michael's account

[ 02-27-2005, 02:47 AM: Message edited by: Brad Miller ]

 |  IP: Logged
John Pytlak
Film God

Posts: 9987
From: Rochester, NY 14650-1922
Registered: Jan 2000

- posted 02-26-2005 10:57 PM      Profile for John Pytlak   Author's Homepage   Email John Pytlak   Send New Private Message       Edit/Delete Post 
It's a virus that has recently been reported:

http://www.msnbc.msn.com/id/7013935/

quote:
The Associated Press
Updated: 6:54 p.m. ET Feb. 22, 2005

WASHINGTON - The FBI warned Tuesday that a computer virus is being spread through unsolicited e-mails that purport to come from the FBI.

The e-mails appear to come from an fbi.gov address. They tell recipients that they have accessed illegal Web sites and that their Internet use has been monitored by the FBI's "Internet Fraud Complaint Center," the FBI said.

The messages then direct recipients to open an attachment and answer questions. The computer virus is in the attachment.

"Recipients of this or similar solicitations should know that the FBI does not engage in the practice of sending unsolicited e-mails to the public in this manner," the FBI said in a statement.

The bureau is investigating the phony e-mails.

The agency earlier this month shut down fbi.gov accounts, used to communicate with the public, because of a security breach. A spokeswoman said the two incidents appear to be unrelated.

 |  IP: Logged
Scott Norwood
Film God

Posts: 8146
From: Boston, MA. USA (1774.21 miles northeast of Dallas)
Registered: Jun 99

- posted 02-26-2005 11:09 PM      Profile for Scott Norwood   Author's Homepage   Email Scott Norwood   Send New Private Message       Edit/Delete Post 
It originated from a customer of "Metrocast Cablevision" (in Rochester, NH), who is presumably infected with this worm.

The "To:" header that shows up in any given message may or may not bear any resemblance to the address to which the message is actually delivered. It can be set to any arbitrary value; the actual recipient is set by the so-called "envelope address" which is not shown in the headers (usually) and which is set by the client when it communicates with the mail server (the RCPT TO: address).

If you want to complain, try sending mail to <abuse@metrocastcablevision.com>. It probably won't do any good, but it might make you feel better.

 |  IP: Logged
Mark J. Marshall
Film God

Posts: 3188
From: New Castle, DE, USA
Registered: Aug 2002

- posted 02-27-2005 12:44 AM      Profile for Mark J. Marshall     Send New Private Message       Edit/Delete Post 
Scott is correct. If you send that header to them, they should be able to track the individual down by going through their logs to see who has (or had at that particular time) that IP address.

 |  IP: Logged
Michael Schaffer
"Where is the
Boardwalk Hotel?"

Posts: 4143
From: Boston, MA
Registered: Apr 2002

- posted 02-27-2005 12:49 AM      Profile for Michael Schaffer   Author's Homepage   Email Michael Schaffer   Send New Private Message       Edit/Delete Post 
So why does it say from "Hostmaster@fbi.gov"?

 |  IP: Logged
Leo Enticknap
Film God

Posts: 7474
From: Loma Linda, CA
Registered: Jul 2000

- posted 02-27-2005 05:06 AM      Profile for Leo Enticknap   Author's Homepage   Email Leo Enticknap   Send New Private Message       Edit/Delete Post 
Because it's possible to 'spoof' (i.e. forge) the data in an email header, and probably because if they put a real address (i.e. postmaster@...), the replies sent thereto would generate a trail of evidence which might lead the FBI to the perpetrators.

What is the 'Hostmaster' anyway? The barman in the FBI staff canteen?

 |  IP: Logged
Randy Stankey
Film God

Posts: 6539
From: Erie, Pennsylvania
Registered: Jun 99

- posted 02-27-2005 07:49 PM      Profile for Randy Stankey   Email Randy Stankey   Send New Private Message       Edit/Delete Post 
It's a virus. So says the FBI.

quote:
For Immediate Release
February 22 , 2005



Washington D.C.
FBI National Press Office

FBI ALERTS PUBLIC TO RECENT E-MAIL SCHEME

E-mails purporting to come from FBI are phony

Washington, D.C. - The FBI today warned the public to avoid falling victim to an on-going mass e-mail scheme wherein computer users receive unsolicited e-mails purportedly sent by the FBI. These scam e-mails tell the recipients that their Internet use has been monitored by the FBI’s Internet Fraud Complaint Center and that they have accessed illegal web sites. The e-mails then direct recipients to open an attachment and answer questions. The attachments contain a computer virus.

These e-mails did not come from the FBI. Recipients of this or similar solicitations should know that the FBI does not engage in the practice of sending unsolicited e-mails to the public in this manner.

Opening e-mail attachments from an unknown sender is a risky and dangerous endeavor as such attachments frequently contain viruses that can infect the recipient’s computer. The FBI strongly encourages computer users not to open such attachments.

The FBI takes this matter seriously and is investigating. Users receiving e-mails of this nature are encouraged to report it to the Internet Crime Complaint Center via http://www.ic3.gov.

 |  IP: Logged
Wayne Keyser
Master Film Handler

Posts: 272
From: Arlington, Virginia, USA
Registered: May 2004

- posted 02-27-2005 09:59 PM      Profile for Wayne Keyser   Author's Homepage   Email Wayne Keyser       Edit/Delete Post 
If the FBI has any business with you, they won't email - they'll show up at your door (perhaps after the courtesy of an advance phone call.)

 |  IP: Logged
Randy Stankey
Film God

Posts: 6539
From: Erie, Pennsylvania
Registered: Jun 99

- posted 02-27-2005 10:12 PM      Profile for Randy Stankey   Email Randy Stankey   Send New Private Message       Edit/Delete Post 
True.

 |  IP: Logged
Michael Schaffer
"Where is the
Boardwalk Hotel?"

Posts: 4143
From: Boston, MA
Registered: Apr 2002

- posted 02-28-2005 01:46 AM      Profile for Michael Schaffer   Author's Homepage   Email Michael Schaffer   Send New Private Message       Edit/Delete Post 
quote: Randy Stankey
True.
How do you know, Randy? Did the FBI show up at your door yet? [Eek!]
Like I said in the original post, this email did not contain an attachment with questions I was asked to answer. It is not the same type mentioned on the FBI website.
I didn't know you could fake sending addresses. Of course, you can enter whatever you want to appear as the sender, but if you check the properties of the email or sending address, I thought it would always show the real sending address.

 |  IP: Logged
Monte L Fullmer
Film God

Posts: 8367
From: Nampa, Idaho, USA
Registered: Nov 2004

- posted 02-28-2005 02:38 AM      Profile for Monte L Fullmer   Email Monte L Fullmer   Send New Private Message       Edit/Delete Post 
Shoot, I get "spoof" mail from sites all the time that they are from eBay, yet when I click on the return link, the link address is completely different. These "spoof" emails are always after my account info so I can "unsuspend" my account with eBay.

I just forward the "spoof" email to spoof@ebay.com and let them deal with it.

I usually do this form of forward addressing to any "spoof" emails.

..dumb people. -Monte

 |  IP: Logged
Nate Lehrke
Master Film Handler

Posts: 396
From: Denver, CO
Registered: Oct 2002

- posted 02-28-2005 03:06 AM      Profile for Nate Lehrke   Email Nate Lehrke   Send New Private Message       Edit/Delete Post 
I just recently had an FBI agent come to my theatre inquiring about a former employee. After I saw his badge up close (than his sidearm), I was convinced that this wasn’t a joke!
I helped him with the information he was looking for. (He was just doing a background check on an FBI applicant who just happened to have worked for us a few years past)

 |  IP: Logged
Randy Stankey
Film God

Posts: 6539
From: Erie, Pennsylvania
Registered: Jun 99

- posted 02-28-2005 11:02 AM      Profile for Randy Stankey   Email Randy Stankey   Send New Private Message       Edit/Delete Post 
I, too, have dealt with the FBI.

They just walk up and say, "I'm <so-and-so> from the FBI." They show you a badge. If you want, you can call the office, by looking up the number in your phone book, and ask if "Agent <so-and-so>" works for the FBI. They will not specifically confirm or deny the person's name or job title but they will say that the person you describe is on "company business".

They were quite polite and to the point.

 |  IP: Logged
Michael Schaffer
"Where is the
Boardwalk Hotel?"

Posts: 4143
From: Boston, MA
Registered: Apr 2002

- posted 02-28-2005 12:27 PM      Profile for Michael Schaffer   Author's Homepage   Email Michael Schaffer   Send New Private Message       Edit/Delete Post 
quote: Monte L Fullmer
Shoot, I get "spoof" mail from sites all the time that they are from eBay, yet when I click on the return link, the link address is completely different.
I get that all the time too (you don't actually have to click on the link, you can just mouse over it and the true address is shown). This one had a correct link to the FBI website. That doesn't mean anything of course. Anybody can just write any link in the text body.

What I don't get is why the address was shown as coming from an email account @fbi.gov . When you send emails, you can set up your mail program to show that the email is coming from whatever you want to call yourself. When you set it up to say from "Mickey Mouse", that's what it will say. But if somebody clicks on the email address and checks the properties, the true email address is shown.
In this case, it said under properties that this was the correct address. Or can these properties be faked too?

 |  IP: Logged
Wayne Keyser
Master Film Handler

Posts: 272
From: Arlington, Virginia, USA
Registered: May 2004

- posted 02-28-2005 04:26 PM      Profile for Wayne Keyser   Author's Homepage   Email Wayne Keyser       Edit/Delete Post 
Michael, sit down. You might need a drink of water. And hear this:

Spammers are jerks, crooks, a**holes, and many other things, but they are universally MUCH COMPUTER-SMARTER THAN YOU AND ME.

Trust what your friends told you above - it not only can be done, it is being done, daily.

 |  IP: Logged


All times are Central (GMT -6:00)
This topic comprises 2 pages: 1  2   
   Close Topic    Move Topic    Delete Topic    next oldest topic   next newest topic
- Printer-friendly view of this topic
Hop To:



Powered by Infopop Corporation
UBB.classicTM 6.3.1.2

The Film-Tech Forums are designed for various members related to the cinema industry to express their opinions, viewpoints and testimonials on various products, services and events based upon speculation, personal knowledge and factual information through use, therefore all views represented here allow no liability upon the publishers of this web site and the owners of said views assume no liability for any ill will resulting from these postings. The posts made here are for educational as well as entertainment purposes and as such anyone viewing this portion of the website must accept these views as statements of the author of that opinion and agrees to release the authors from any and all liability.

© 1999-2020 Film-Tech Cinema Systems, LLC. All rights reserved.