I just received this email and it is obviously a scam of some sort and I’m wondering where I should report it.
Here’s the text and full headers (sans my email address) :
X-Apparently-To: my address 216.136.175.29; Sun, 25 Jan 2004 18:35:00 -0800
X-YahooFilteredBulk: 24.196.202.154
Return-Path: <dalton_vishwa@geocities.com>
Received: from 24.196.202.154 (HELO charter.com) (24.196.202.154) by mta129.mail.sc5.yahoo.com with SMTP; Sun, 25 Jan 2004 18:34:59 -0800
Received: from cpe-24-196-202-154.hky.nc.charter.com (cpe-24-196-202-154.hky.nc.charter.com [24.196.202.154]) by charter.com (8.12.8p1/8.12.8) with ESMTP id rvqge69694 for <my address again>; Mon, 26 Jan 2004 02:26:58 -0400 (EST)
Message-ID: <lelayr684477@geocities.com>
From: “FDIC” <Dalton_Vishwa@geocities.com>
To: my address for a third time
Subject: Important News About Your Bank Account
Date: Mon, 26 Jan 2004 02:26:56 -0400 (EST)
MIME-Version: 1.0
Content-Type: multipart/related; type=“multipart/alternative”; boundary="----=_NextPart_000_000F_01C33095.9F84B280"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2720.3000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2727.1300
Content-Length: 1197
To whom it may concern;
In cooperation with the Department Of Homeland Security, Federal, State and Local Governments your account has been denied insurance from the Federal
Deposit Insurance Corporation due to suspected violations of the Patriot Act. While we have only a limited amount of evidence gathered on your account at
this time it is enough to suspect that currency violations may have occurred in your account and due to this activity we have withdrawn Federal Deposit
Insurance on your account until we verify that your account has not been used in a violation of the Patriot Act.
As a result Department Of Homeland Security Director Tom Ridge has advised the Federal Deposit Insurance Corporation to suspend all deposit insurance on
your account until such time as we can verify your identity and your account information.
Please verify through our IDVerify below. This information will be checked against a federal government database for identity verification. This only takes
up to a minute and when we have verified your identity you will be notified of said verification and all suspensions of insurance on your account will be
lifted.
Failure to use IDVerify below will cause all insurance for your account to be terminated and all records of your account history will be sent to the
Federal Bureau of Investigation in Washington D.C. for analysis and verification. Failure to provide proper identity may also result in a visit from Local,
State or Federal Government or Homeland Security Officials.
Thank you for your time and consideration in this matter.
Forgive the hijack please, but how do you tell that it takes you to fdc.gov@ IP address of scammer? I know that anything that comes before the @ is to be ignored, so it is a redirect to the IP of the scammer, but I don’t see the @. Could someone please expand my tech understanding?
I use MS Internet Explorer, so this is the only clarification I can give you:
When you hover the cursor over a link, in the bottom, left corner of the window the address that the link leads to is printed. If you use IE it’s where it says “done” when a page is finished loading.
If you right click on a link and select properties you can see where the link leads to in the Address: field. For example, right click on User CP, select properties part of the information will be "Address (URL): http://boards.straightdope.com/sdmb/usercp.php?"
The two things I mentioned won’t reveal an alternate link for the link in my OP because I copied the text of the message, not the HTML. So the link in my OP is not actually the link that came in the email.
Where does one report a suspicious email such as this?
I’d say don’t bother reporting it anywhere.
Just like you should not click on any link that says “click here to be removed…” on a SPAM email.
There seems to be very little any government agency could really do about this. And any time they spend responding to people who report such scams, it will just use up time they could have spent on doing their mission.
The exception to this would be if you know you are the very first person to receive a new type of spam email. You could check that by looking at the obvious places (snopes, urban legends, etc.) or just a simple google search for it. Most likely you’ll see warnings already posted about it (like there were on this one).
That’s the thing, though. I did do a Yahoo!* search for this email…didn’t get any hits. Maybe that’s because of the manner in which I conducted my search…namely pick a random passage and search for that, and then search for the enclosed link and the sender address. None of those searches turned anything up, so I didn’t know what the status of this scam was.
In my experience Yahoo! turns up the same results as Google, for those out there who would say “You should have used Google…”
You could also try submitting it to Anti-Phishing.org, which maintains an archive of such scams and works to get them shut down.
[Disclaimer: I work for one of the companies involved in this organization.]
(And t-bonham, it does indeed do some good to report such scams somewhere, whether to Anti-Phishing, Snopes, the FCC, or what have you: they can get the ISP to shut down the account, and perhaps also put some pressure on Microsoft to close the relevant security holes in Internet Explorer, such as the one that Call me Frank noted that allows the scammers to obfuscate the real URL.)
More info : The info in front of the @ is not just ignored. It can be used to transmit useful data, and that is why it exists. Consider this: user:pass@web.server.com
That would log you into a server as the user account, with the password pass. This can be handy to set up in link to avoid log-ons and such. The problem is that, AFAIK, webservers don’t generate a visible error condition for invalid data. Therefore microsoft.com@1.2.3.com will just dump you at 1.2.3.com, with no indication that something wonky just happened.
Worse yet is the flaw that hides the end of a URL (an Internet Explorer only flaw, luckily), which is explained and demonstrated here.
I would be very curious about how this email targeted you as an account holder. Was it a mass emailing shotgun type approach, or did they actually target known account holders? Any ideas?
Everybody (well those of us who have a public e-mail address) gets them. It’s just plain old spam/scam stuff. The last major one claimed to be from citibank
I agree with Tapioca. You have to think about spam for a minute. How many hundreds of thousands of emails do they send versus how many suckers do they actually hook?
The whole reason spam is profitable is because you can target thousands of people with very little cost to you. So this was just a blind barrage, if you as me…
Yeah, I get emails like this all the time, of all shapes and sizes. In fact, I wouldn’t be shocked if I’d actually gotten the very same email. It looks familiar. I just delete them unread. There is so much horse shit out on the internet today, I’ve just become desensitized by it. (-: