(spoofing to transmit a virus)

Several staff have received emails that appear to be from the CIA. An example of the message is below:

—–Original Message—–
From: Post@cia.gov
Sent: Wednesday, November 23, 2005 3:37 AM
To: 0ILQ002W5BMMBI@plcmc.org
Subject: You visit illegal websites

Dear Sir/Madam,

we have logged your IP-address on more than 30 illegal websites.

Important: Please answer our questions!
The list of questions are attached.

Yours faithfully,
Steven Allison
++++ Central Intelligence Agency -CIA-
++++ Office of Public Affairs
++++ Washington, D.C. 20505
++++ phone: (703) 482-0623
++++7:00 a.m. to 5:00 p.m., US Eastern time

While this email looks like it is from post@cia.gov, rest assured that the CIA is not monitoring your Internet use. In fact, Internet use doesn’t even technically fall under the CIA’s jurisdiction…unless you are a terrorist.

This is an example of spoofing. Spoofing is commonly used by spammers and phishers to forge the From line of an email address.

In this case, the email had a virus attached. One of the clues that the email is a fraud is the email address that the email was sent to is not a valid email address. Another clue is the inconsistent capitalization — the “w” in we should have been capitalized. Phony emails also frequently have misspelled words in an attempt to sneak past junk mail filters.

In this case the “sphisher” (have I invented a new word) was sending a virus. If I would have opened the attached file then I would have gotten the virus on my computer. Luckily, PLCMC has sophisticated anti-virus and email filtering software installed, so the attachment never even made it to my Inbox.

When is doubt always close the email (or better yet don’t even bother to open it), and go to the home page where the email appears to have come from. A quick trip to www.cia.gov brought up this message on their home page:

Some members of the public have in the past few days received a bogus e-mail falsely attributed to CIA’s Office of Public Affairs. CIA did not send that message. In fact, it does not send unsolicited e-mail to the general public, period. If you have gotten such a message, we strongly encourage you not to open the attachment, which contains a destructive virus.

For more information about phishing make sure to read Helene’s post on 11/18/05 about Bank of America and a phishing fraud, and if you have time take a look at this article: http://techupdate.zdnet.com/techupdate/stories/main/Phishing_Spam_that_cant_be_ignored.html

(phishing scam)

Phishing schemes have been abundant for a few years now, but until recently they haven’t been quite as sophisticated. Take this email notice for example (an actual email received by one of our staff members just today) …

(Click for larger image)The notice looks official and even contains references to the BofA website and a URL that looks like it should be legit. However, the URL is actually a redirect from the BofA site to a scammers site. How can this happen? Well according to several phishing alert and fraud organizations, the scammers are using a weakness of the Bankofamerica.com site. To view the explanation, click here.The Bottom Line: No matter have legitimate an email notice may look, be sure to contact the company or organization personally first to confirms its not a scam –and don’t use the contact info from the email – get the information from a primary source (i.e. telephone book or company website).

Victims of phishing scams, which are designed to capture obtain your personal information (name, SS#, online passwords, accounts, etc) soon become victims ofidentity theft! So be on the lookout and if it looks fishy phishy ( or even not) always do your homework and contact the organization yourself. A mere 5 minutes of detective work could save you 5 years of identity theft headaches.

PS: These type emails are so common, that even the BofA site has its own section for fraud

Author Helene Blowers