|
Roger Wright wrote: ...this outfit is famous for pursuing copyright infringement cases against people who use BitTorrent...and want to prepare a case against the thief. Such content would not be delivered via email.
"One man's wage rise is another man's price increase." - Harold Wilson
"Fireproof doesn't mean the fire will never come. It means when the fire comes that you will be able to withstand it." - Michael Simmons
"You can easily judge the character of a man by how he treats those who can do nothing for him." - James D. Miles
|
|
|
|
|
I just got one from the Australian Taxation Office, very well laid out with all the bells and whistles you would expect from a major govt department. Oh and no spelling mistakes and the grammar is better than mine.
They want me to open a fax attachment, doh!
Never underestimate the power of human stupidity
RAH
|
|
|
|
|
|
This kind of scam has been seen to proliferate just before Christmas for a number of years, now. It started with text messages, but now it's migrated to e-mail (cheaper and harder to trace).
I myself received two e-mails this morning from Intrum Justitia, a big collections agency in NL, with the subject line "Openstande Factuur" (outstanding debt, more or less). Straight in the bin, obviously -- the esteemed collections thugs would put it on paper, not in an e-mail.
It seems that they gain some success by not aiming for amounts too large, and relying on the "I'm not going to let it spoil my Christmas!" mentality.
It just proves, once again, that the world is full of pieces of sht1 who wouldn't do good if you paid them a fortune for it.
I wanna be a eunuchs developer! Pass me a bread knife!
|
|
|
|
|
The easiest way of checking is to open the Properties | Details from the rightclick pulldown. If you read through that, you should be able to spot email addresses that tell you where it has come from. If they have funny country codes, then delete it immediately.
I have had a couple of emails recently purporting to come from the UK Tax department saying I have a tax refund, "Please Click Here". When you look at the property details, they were both from Brazil.
|
|
|
|
|
Fact is often stranger than fiction, though.
I'm in NL, but to renew my UK passport, I had to send it to France.
I wanna be a eunuchs developer! Pass me a bread knife!
|
|
|
|
|
|
Anything in the Received: header beyond the servers that you trust could easily be a lie. Each server in the chain adds its own line to the header to say which server it received the message from, but it has no way to verify that the existing header value is correct.
Unless the sender's domain has SPF or DKIM set up, it's virtually impossible to know whether or not the message actually came from who it says it came from.
"These people looked deep within my soul and assigned me a number based on the order in which I joined."
- Homer
|
|
|
|
|
There is always something in the "Message Source" that gives the game away if you look carefully. Some web addresses are not under the control of the Sender; they are inserted by the system.
|
|
|
|
|
If it's a spoof, it's remarkably well done:
<i>Return-Path: frank.metzler@waldorf-frommer.de
Delivered-To: xxxxx@yyyyyyyy.dom
Received: from mxout44.expurgate.net (mxout44.expurgate.net [194.37.255.44])
by ROSE.arvixe.com with ESMTP
; Wed, 14 Dec 2016 07:12:08 -0600
Received: from [127.0.0.1] (helo=localhost)
by relay.expurgate.net with smtp (Exim 4.80.1)
(envelope-from <frank.metzler@waldorf-frommer.de>)
id 1cH9Nd-0007hW-Ta; Wed, 14 Dec 2016 14:13:58 +0100
Received: from [213.61.181.19] (helo=MAILSRV02.waldorf.local)
by relay.expurgate.net with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:128)
(Exim 4.80.1)
(envelope-from <frank.metzler@waldorf-frommer.de>)
id 1cH9Nc-00020p-FF; Wed, 14 Dec 2016 14:13:57 +0100
Received: from MAILSRV02.waldorf.local ([fe80::99f1:adb2:aa02:644b]) by
MAILSRV02.waldorf.local ([fe80::99f1:adb2:aa02:644b%11]) with mapi; Wed, 14
Dec 2016 14:13:54 +0100
From: Frank Metzler <frank.metzler@waldorf-frommer.de>
To: "'xxxxx@yyyyyyyy.dom'" <xxxxx@yyyyyyyy.dom>
CC: "'barry.mcgrath@gettyimages.com'" <barry.mcgrath@gettyimages.com>
Date: Wed, 14 Dec 2016 14:13:53 +0100
Subject: Confirmation of rightholdership (reference number: 01043/2016)
Thread-Topic: Confirmation of rightholdership (reference number: 01043/2016)
Thread-Index: AdJWCT1Ivv27TzfBSjyMa+lrn1K5/g==
Message-ID: <DA044CD2DA4C5B438149765BD67E0C9C010FF9AE0BBC@MAILSRV02.waldorf.local>
Accept-Language: de-DE
Content-Language: de-DE
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
acceptlanguage: de-DE
Content-Type: multipart/mixed;
boundary="_005_DA044CD2DA4C5B438149765BD67E0C9C010FF9AE0BBCMAILSRV02wa_"
MIME-Version: 1.0
X-purgate-relay-fid: relay-1fca43
X-purgate-sourceid: 1cH9Nc-00020p-FF
X-purgate-Ad: Checked for spam and viruses by eXpurgate(R), see www.eleven.de for details.
X-purgate-ID: 151534::1481721237-00000715-AA3711FC/0/0
X-purgate: clean
X-purgate-type: clean
X-purgate-relay-bid: relay-5443cb</i>
Note that they even thoughtfully checked the message for spam.
I wish I had a spare PC lying around that I could open the attachments on, then wipe and start over if it turns out to be malicious!
Will Rogers never met me.
|
|
|
|
|
The email looks legit but I wouldn't trust it. Like others said, they would contact you via written letter. And, unless you have ever implemented a project under your own name, they would contact the company and not the worker (you) as the company is also more likely to have money to spare than any worker.
I don't have a spare PC either but when I am really curious about something like that, I turn off my laptop, physically remove the hard drive and any writable medium (like SD cards), hook an external DVD drive and boot a linux OS I know works flawlessly on my laptop on a non-rewritable CD. When I am done, I turn off the laptop and, before the first boot, re-flash the BIOS with a backup copy (there are some nasty BIOS infecting things crawling around). Then, one last turn off to reassemble the hard drive.
Never use a virtual machine as some software can detect the virtual environment and move out of virtualization.
Call me overzealous but better safe than you know what
|
|
|
|
|
Roger Wright wrote: I wish I had a spare PC lying around that I could open the attachments on, then wipe and start over if it turns out to be malicious! VM-Ware is a good option for that.
M.D.V.
If something has a solution... Why do we have to worry about?. If it has no solution... For what reason do we have to worry about?
Help me to understand what I'm saying, and I'll explain it better to you
Rating helpful answers is nice, but saying thanks can be even nicer.
|
|
|
|
|
Was your email address in some publicly visibly source code. (I am thinking of MS VS bug for early git integration where clicking "private repository" was a no-op).
Try googling your email address.
|
|
|
|
|
Look, give me $10,000 and I will gladly look into this and make it go away.
Trust me, I am a Prince!
|
|
|
|
|
Will Rogers never met me.
|
|
|
|
|
From a legal POV, you can't be "served" via email.
And everyone's "out there"; unless you take explicit steps, every time you create an MS Office document, your profile is all over it.
If I can be bothered, I save questionable attachments to disk and take a hex editor to them; then a virus scan; then a virtual machine ...
|
|
|
|
|
Whenever I get one of those and my curiosity gets the best of me, I just open it up in sandboxie. Then even if it tries to do some evil to my computer, I can simply delete my sandbox and be on my way.
|
|
|
|
|
Are Dasher and Dancer always taking coffee breaks because they are Santa's Star Bucks?
There will be no TotD tomorrow: I'm at Herself's sister's funeral instead.
Bad command or file name. Bad, bad command! Sit! Stay! Staaaay...
|
|
|
|
|
Methinks, you are a Rudolphellow.
... such stuff as dreams are made on
|
|
|
|
|
They need the coffee to keep up with that Vixen.
OriginalGriff wrote: Herself's sister's funeral Sorry to hear.
"the debugger doesn't tell me anything because this code compiles just fine" - random QA comment
"Facebook is where you tell lies to your friends. Twitter is where you tell the truth to strangers." - chriselst
"I don't drink any more... then again, I don't drink any less." - Mike Mullikins uncle
|
|
|
|
|
Died of a common cold, if you can believe it. Same one we had, and it's a nasty one this year.
But Les had MS for 35 years, and it hit her very hard - sniffles on Monday, hospitalised on Friday, died the Saturday morning. Herself is getting there, but tomorrow will help, I hope.
Bad command or file name. Bad, bad command! Sit! Stay! Staaaay...
|
|
|
|
|
MS is [redacted]! My Aunt had it for nearly 40 years until she died. Sincere condolences to Herself, her family and you from North Africa.
veni bibi saltavi
|
|
|
|
|
Doe!
In this present crisis, government is not the solution to our problem; government is the problem. ~ Ronald Reagan
|
|
|
|
|
Man, you sleigh me, but haven't you herd? People are getting tea'd off.
Ravings en masse^ |
---|
"The difference between genius and stupidity is that genius has its limits." - Albert Einstein | "If you are searching for perfection in others, then you seek disappointment. If you are seek perfection in yourself, then you will find failure." - Balboos HaGadol Mar 2010 |
|
|
|
|
|
Now that's a good one, Griff!
Will Rogers never met me.
|
|
|
|