Scam, Virus, Phishing alert!
Looks like there is a variant of the Better Business Bureau scam is circulating now but seemingly from the Internal Revenue Service, and I was a recipient of one of the emails. It came in with a title of: “Complaint Case Number ###### against User Name” from, supposedly “[email protected]”. The body itself looked somewhat legit and there was a Rich Text Format (RTF) document attached called “COMPLAINT.rft”.
Update: 05.30.07@6:03pm PST: Security sites are finally picking this up.
It’s my job to be paranoid so I saved the file and ran a virus scan against it. Surprisingly it came up clean (from a Norton Anti-Virus scan). I didn’t believe that so I decided to do a Google search for “complaint.rtf irs” and it produced no results (which means that nobody has posted or I didn’t have enough terms to search). So I took a different approach and searched for “You have received a complaint in regards to your business services .The complaint was filled” which was the first line in the email. That produced a lot of results. After reading the first result, I knew that I was on to a variant. One clue that I had was the formatting of the date: mm/dd/yyyy/ (note the trailing slash). Why is it that these phishers and scammers always do something that is “not quite correct?” Is it a consciously made decision to drop a hint? Also, from reading the linked article above, the attachment contains a trojan downloader that will install a keylogger which supposedly posts back to an IP. Anyway…
So, for everyone’s benefit, I have posted what I received in hopes that people will spread this warning and the other Security sites will pick this up. DIGG this post to be sure to spread the word!
See text below as well as the screen shot I took; note that I replaced my name and company with generic terms but left everything else as I received it:
Dear First Last,
You have received a complaint in regards to your business services .The complaint was filled By Mr. Kevin Ferguson on 05/29/2007/
Complaint Case Number: 875487596
Complaint made By Consumer Mr. Kevin FergusonComplaint registered against : – Company Name
Date: 05/30/2007/Instructions on how to resolve this complaint as well as a copy of the original complaint are attached to this email.
Disputes involving consumer products and/or services may be arbitrated. Unless they directly relate to the contract that is the basis of this dispute, the following claims will be considered for arbitration only if all parties agree in writing that the arbitrator may consider them:
Claims based on product liability;
Claims for personal injuries;
Claims that have been resolved by a previous court action, arbitration, or written agreement between the parties.
The decision as to whether your dispute or any part of it can be arbitrated rests solely with the IRS.
The IRS offers a binding arbitration service for disputes involving marketplace transactions. Arbitration is a convenient, civilized way to settle disputes quickly and fairly, without the costs associated with other legal options.
Here is the screenshot:
HTD says: WATCH OUT FOR THIS ONE!
13 Responses
Thanks for posting your warning. Just this morning i received the same scam email and was also a bit confused by it. It was the same email, even the Kevin Ferguson part, only addressed to my name. Anyway, thanks again for your help. You have saved me a day of worry. :>)
Trish
Thanks for posting your warning. Just this morning i received the same scam email and was also a bit confused by it. It was the same email, even the Kevin Ferguson part, only addressed to my name. Anyway, thanks again for your help. You have saved me a day of worry. :>)
Trish
I also received the same email. Thanks for posting.
AOM
I also received the same email. Thanks for posting.
AOM
I received it an did a Google search which brought me to your site here. Same as Trish it was personally addressed however the scary part was it was from a major Pharmaceutical, public company in Irvine California where I have done some consulting in the past. Yes very concerning!
I received it an did a Google search which brought me to your site here. Same as Trish it was personally addressed however the scary part was it was from a major Pharmaceutical, public company in Irvine California where I have done some consulting in the past. Yes very concerning!
P.S. Do you know if this carry any kind of harmful virus?
P.S. Do you know if this carry any kind of harmful virus?
Hi Lori,
Last night I updated the post to include the information from Symantec about the virus that is attached. Look for the blue shaded UPDATE link. There is a direct link to information about the attachment. Hope that helps!
Spread the word! DIGG IT!
– HTD
Hi Lori,
Last night I updated the post to include the information from Symantec about the virus that is attached. Look for the blue shaded UPDATE link. There is a direct link to information about the attachment. Hope that helps!
Spread the word! DIGG IT!
– HTD
upload that file to http://www.offensivecomputing.net for further analysis….
upload that file to http://www.offensivecomputing.net for further analysis….
We should not open those emails with strange subject.