Register

The Most Active and Friendliest
Affiliate Marketing Community Online!

Register
“Adavice”/  “CPA

Hacker are getting Dangerous, I receive this email

game333

game333

Well-Known Member
Man, I was almost got my computer security hacked!
This email was sent from John.Swede@security.ic3.gov
security.ic3.gov
a .gov

That should be government domain!?

There's an attachment which formatted in .rtf
Hotmail couldn't open it and the description for the email is.

"Dear ...:

For more information on your specific case please read the report below (attached file).

We are contacting you because we have learned of a serious data security incident that occurred between 15 and 18 of October, 2015 that involved some of your personal information.

The breach involved a major credit-card processing company to dump a database of more than 2 million records. The information breached contained: customers full names, home addresses as well as other confidential data. Other information such as credit card numbers, expiration dates, cvv2 security codes) was not released.

If you find suspicious activity on your credit card reports or have reason to believe your information is being misused, call to your credit card issuer and file a police report. Get a copy of the report; many creditors want the information it contains to absolve you of the fraudulent debts.

For more information on your specific case please read the report below (attached file) or see the website for the Financial Investigation Bureau of Consumer and Business Services.

Sincerely,
John Swede"

I then zip the .rtf do a scanning on virustotal, shocking...
Antivirus scan for a53787b4f0390f349690f9b5a6a1644234eba00aa8168e7869efed51577d7fb2 at 2015-10-19 18:24:11 UTC - VirusTotal

If 1 out of 50 scanned as a malware, then it will be an false alarm but 4/56

Very dangerous, be alert if you receive an email with attachment, never open it, zip it, don't execute.
 
Had the same thing happen to me.. luckily i downloaded it as a zip file, and then only opened it in a virtual machine(its some exploit text I think).. but yeah.. That's the either the best example of email spoofing I've seen or the IC3 has been hacked.
 
It's amazing that this crap gets through the mail servers and screening softwares without being detected. Zonealarm does a good job on my local machines and CLAM seems to do a good job on my server.
 
Nothing new.
Never download attachments if they're not sent by a trusted person.
I'll suggest you to scan your computer now. Because some virus/malware/trojan can bypass Virtual Box and Sandbox.
 
game333 said:
Critical Information about possible Identity theft (Internet Crime Complaint Center (IC3)) ‏

Nope, I never opened it, just made a scan, seriously it shocked me when I saw this mail.
Click to expand...

If you didn't open it, how could you read it? I asked you to post the message headers as I'm pretty sure the email address was forged. That way it can be reported to the net range owner of the ip address it was sent from.
 
mxyzptlkfishstiks said:
If you didn't open it, how could you read it? I asked you to post the message headers as I'm pretty sure the email address was forged. That way it can be reported to the net range owner of the ip address it was sent from.
Click to expand...

Hmm, I know what you want to do. But this will not help to stop this. It's too simple to create a new IP and mostly the IP providers don't care how their IP is used. Unless FBI involves in it :D

Sorry for bad English, Not my primary language.
 
sahilkhehra said:
Hmm, I know what you want to do. But this will not help to stop this. It's too simple to create a new IP and mostly the IP providers don't care how their IP is used. Unless FBI involves in it :D

Sorry for bad English, Not my primary language.
Click to expand...

This stuff happens because users and admins have a "I don't care attitude". Spam filters don't block spam, and in this case, phishing attempts, all by themselves. The filters have to be trained and constantly updated. If you don't take the time to send the email to right people, the problem will continue. Most of the spam/phishing attempts out there have patterns that can be identified, no matter the lengths one tries to go in buying new domains and ranges of IPs.

Most spammers don't change or even know they can change the headers from their email sending software. That's just one of many identifying factors that will get them pinched before they reach your inbox.
 
mxyzptlkfishstiks said:
This stuff happens because users and admins have a "I don't care attitude". Spam filters don't block spam, and in this case, phishing attempts, all by themselves. The filters have to be trained and constantly updated. If you don't take the time to send the email to right people, the problem will continue. Most of the spam/phishing attempts out there have patterns that can be identified, no matter the lengths one tries to go in buying new domains and ranges of IPs.

Most spammers don't change or even know they can change the headers from their email sending software. That's just one of many identifying factors that will get them pinched before they reach your inbox.
Click to expand...

Thanks for the info buddy :)
 
Sorry to thread necro, but after getting a physical mail about some sort of identity theft from the OPM, I looked again at the email I got. I still didnt open the attached .doc or go to any links, but I signed up for this site to give the headers of the email. So here they are. Personal information that I can see has been REDACTED.

edit: I can't post the email source since it contains a number of links and this is a new account so I will just attach a picture showing all of the email headers and source.

10a80b960e4b8910040c8255d979809e.png
 
Can't seem to edit my posts. I looked at the virustotal link in the OP, and saw CVE-2012-0158 mentioned. Looks to be an exploit that allows arbitrary code execution, so pretty much allows the virus creator remote control of your PC and full access to any user data on the machine and remote monitoring of inputs (passwords, credit card numbers, etc)
 
Don't worry the issuing banks themselves keep a very good track of suspicious activities. I became a client on Upwork a few days back, and after processing a couple of payments my bank blocked my card. They called me twice before blocking my card but I failed to collect their calls. Only after knowing from the Upwork I called them, and told them that its me who is processing these payments. After necessary confirmations the guy working their, at the beck-end released my Credit Card . So don`t worry, you are safe until and unless you yourself are not providing your card details to anyone.
 

Similar threads

Graybeard
Best thing I bought this week
Replies
10
Views
876
azgold
azgold
Betsy Martin
What are some fun games
Replies
11
Views
2K
Playmatic
Playmatic
Graybeard
How to save on heating bills this winter
Replies
12
Views
1K
azgold
azgold
Graybeard
My *children* are leaving home soon!
Replies
13
Views
1K
MiljanT86
M
Graybeard
Animated webp -- this worked
Replies
0
Views
687
Graybeard
Graybeard
banners
Back