Wednesday, November 23, 2005

Interesting E-mail

Today I received an email in one of my web email accounts professing to be from the CIA. The text of the message is as follows with a sending address of mail@cia.gov:
Dear Sir/Madam,

we have logged your IP-address on more than 30 illegal Websites.

Important:
Please answer our questions!
The list of questions are attached.

Yours faithfully,
Steven Allison

++++ Central Intelligence Agency -CIA-
++++ Office of Public Affairs
++++ Washington, D.C. 20505

++++ phone: (703) 482-0623
++++ 7:00 a.m. to 5:00 p.m., US Eastern time


Now I'm sure Mr. Allison is a real person at the CIA and the telephone number is probably legit. Now if I were an American citizen who is clueless about the Internet , I might respond to the e-mail by opening the attachment (a zip file no less) which contains the latest variant of the Sober worm. You would think that the kiddie scripters would know better and construct a more formal e-mail than one like the one above. One thing for sure is that this particular e-mail account of mine do get a lot of junk e-mail including Paypal scams, Nigerian scams and the various lottery winner scams. The problem is that it is almost impossible to track the sender of the e-mail even though the originating IP-based sender is shown to be an ISP based in Malaysia. Obviously these scams do work as it only take one to be sucked in to make it worthwhile. While most that I have seen are done via e-mail, there was one where I got sent official looking documentation via regular mail.

So, bottom line, never open any emails from folks that you don't know and also be wary of emails professing to be from well known companies (e.g. PayPal, your bank) as more than likely they are phising emails.

3 comments:

Aman Sharma said...

Hi sir
This is not related to the post.Just curious so asking.How do we get to know the IPs of the senders in the emails?No I am not a hacker but as I said just curious so asking.
Excellent blog.Really like it and its in my favourite list:-).Keep up the good work.
best regards
Aman Sharma

Peter K said...

Aman,
In all emails, there should be email headers listing which route the email sent takes (i.e through which email servers) and finally ending at your Email provider. This should be the top received line.

Please take a look at Email headers about Origin of email for a walk through of a typical email header. Again, more than likely that the emails will originated from countries that probably will not care about whether their customers are spamming or not. In my case, it traced back to Malaysia which I doubt if I can do anything (no offence intended for Malaysians).

Bill S. said...

Pete,
Just an FYI there are also sites out there where you can go and plug in an IP address and it can trace back to the country of origin and, in many cases, also provide info on the provider. If you didn't know that, and would like to be able to do that, I can e-mail you (or post here) a site URL for that.

WORD VERIFICATION: npwifmx
Haven't tried mixing my wife with anything yet....hmmmmm.....