propellerads adcombo
Dismiss Notice
Welcome to Our Community
Wanting to join the rest of our members? Feel free to sign up today.

Hacker are getting Dangerous, I receive this email

Discussion in 'General Discussions and Lounge' started by game333, Oct 19, 2015.

  1. game333

    game333 Moderator moderator affiliate

    1,132
    637
    113
    Man, I was almost got my computer security hacked!
    This email was sent from John.Swede@security.ic3.gov
    security.ic3.gov
    a .gov

    That should be government domain!?

    There's an attachment which formatted in .rtf
    Hotmail couldn't open it and the description for the email is.

    "Dear ...:

    For more information on your specific case please read the report below (attached file).

    We are contacting you because we have learned of a serious data security incident that occurred between 15 and 18 of October, 2015 that involved some of your personal information.

    The breach involved a major credit-card processing company to dump a database of more than 2 million records. The information breached contained: customers full names, home addresses as well as other confidential data. Other information such as credit card numbers, expiration dates, cvv2 security codes) was not released.

    If you find suspicious activity on your credit card reports or have reason to believe your information is being misused, call to your credit card issuer and file a police report. Get a copy of the report; many creditors want the information it contains to absolve you of the fraudulent debts.

    For more information on your specific case please read the report below (attached file) or see the website for the Financial Investigation Bureau of Consumer and Business Services.

    Sincerely,
    John Swede"

    I then zip the .rtf do a scanning on virustotal, shocking...
    Antivirus scan for a53787b4f0390f349690f9b5a6a1644234eba00aa8168e7869efed51577d7fb2 at 2015-10-19 18:24:11 UTC - VirusTotal

    If 1 out of 50 scanned as a malware, then it will be an false alarm but 4/56

    Very dangerous, be alert if you receive an email with attachment, never open it, zip it, don't execute.
     
  2. A E

    A E Affiliate affiliate

    1
    0
    1
    Had the same thing happen to me.. luckily i downloaded it as a zip file, and then only opened it in a virtual machine(its some exploit text I think).. but yeah.. That's the either the best example of email spoofing I've seen or the IC3 has been hacked.
     
  3. T J Tutor

    T J Tutor Administrator Administrator moderator affiliate

    7,328
    3,078
    113
    It's amazing that this crap gets through the mail servers and screening softwares without being detected. Zonealarm does a good job on my local machines and CLAM seems to do a good job on my server.
     
  4. AF-Roger

    AF-Roger Affiliate affiliate

    2,349
    349
    83
    Zone alarm is a very good program. I havent used it in a long time. Maybe I should again.
     
  5. mxyzptlkfishstiks

    mxyzptlkfishstiks Affiliate affiliate

    315
    133
    43
  6. sahilkhehra

    sahilkhehra Affiliate affiliate

    19
    6
    3
    Nothing new.
    Never download attachments if they're not sent by a trusted person.
    I'll suggest you to scan your computer now. Because some virus/malware/trojan can bypass Virtual Box and Sandbox.
     
  7. game333

    game333 Moderator moderator affiliate

    1,132
    637
    113
    Critical Information about possible Identity theft (Internet Crime Complaint Center (IC3)) ‏

    Nope, I never opened it, just made a scan, seriously it shocked me when I saw this mail.
     
  8. EymardSiojo

    EymardSiojo GRIND! affiliate

    1,724
    273
    83
    Follow your instincts. Just delete them when you see it.
    Don't download anything. :)
     
  9. T J Tutor

    T J Tutor Administrator Administrator moderator affiliate

    7,328
    3,078
    113
    Hey @EymardSiojo , where you been man, great to see you around again!
     
  10. mxyzptlkfishstiks

    mxyzptlkfishstiks Affiliate affiliate

    315
    133
    43
    If you didn't open it, how could you read it? I asked you to post the message headers as I'm pretty sure the email address was forged. That way it can be reported to the net range owner of the ip address it was sent from.
     
  11. sahilkhehra

    sahilkhehra Affiliate affiliate

    19
    6
    3
    Hmm, I know what you want to do. But this will not help to stop this. It's too simple to create a new IP and mostly the IP providers don't care how their IP is used. Unless FBI involves in it :D

    Sorry for bad English, Not my primary language.
     
  12. mxyzptlkfishstiks

    mxyzptlkfishstiks Affiliate affiliate

    315
    133
    43
    This stuff happens because users and admins have a "I don't care attitude". Spam filters don't block spam, and in this case, phishing attempts, all by themselves. The filters have to be trained and constantly updated. If you don't take the time to send the email to right people, the problem will continue. Most of the spam/phishing attempts out there have patterns that can be identified, no matter the lengths one tries to go in buying new domains and ranges of IPs.

    Most spammers don't change or even know they can change the headers from their email sending software. That's just one of many identifying factors that will get them pinched before they reach your inbox.
     
    sahilkhehra likes this.
  13. sahilkhehra

    sahilkhehra Affiliate affiliate

    19
    6
    3
    Thanks for the info buddy :)
     
  14. game333

    game333 Moderator moderator affiliate

    1,132
    637
    113
    Oh I replying to sahilkhehra.
     
  15. Ssateneth

    Ssateneth Affiliate affiliate

    2
    0
    1
    Sorry to thread necro, but after getting a physical mail about some sort of identity theft from the OPM, I looked again at the email I got. I still didnt open the attached .doc or go to any links, but I signed up for this site to give the headers of the email. So here they are. Personal information that I can see has been REDACTED.

    edit: I can't post the email source since it contains a number of links and this is a new account so I will just attach a picture showing all of the email headers and source.

    [​IMG]
     
  16. Ssateneth

    Ssateneth Affiliate affiliate

    2
    0
    1
    Can't seem to edit my posts. I looked at the virustotal link in the OP, and saw CVE-2012-0158 mentioned. Looks to be an exploit that allows arbitrary code execution, so pretty much allows the virus creator remote control of your PC and full access to any user data on the machine and remote monitoring of inputs (passwords, credit card numbers, etc)
     
  17. marketerbybirth

    marketerbybirth Affiliate affiliate

    203
    62
    28
    Don't worry the issuing banks themselves keep a very good track of suspicious activities. I became a client on Upwork a few days back, and after processing a couple of payments my bank blocked my card. They called me twice before blocking my card but I failed to collect their calls. Only after knowing from the Upwork I called them, and told them that its me who is processing these payments. After necessary confirmations the guy working their, at the beck-end released my Credit Card . So don`t worry, you are safe until and unless you yourself are not providing your card details to anyone.
     

Featured Resources (View All)

adsxposed