LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Non-*NIX Forums > General
User Name
Password
General This forum is for non-technical general discussion which can include both Linux and non-Linux topics. Have fun!

Notices


Reply
  Search this Thread
Old 12-14-2017, 11:46 AM   #1
hazel
Senior Member
 
Registered: Mar 2016
Location: Harrow, UK
Distribution: LFS, AntiX, Slackware
Posts: 3,206
Blog Entries: 9

Rep: Reputation: 1715Reputation: 1715Reputation: 1715Reputation: 1715Reputation: 1715Reputation: 1715Reputation: 1715Reputation: 1715Reputation: 1715Reputation: 1715Reputation: 1715
One born every minute!


I have mentioned Bernard Wood before. This is the nom-de-plume of a scammer who is constantly sending me emails with links to things that I just must see.

Since I never rose to the bait, today he changed his tack. He has just sent me an email with the following content:
Quote:
U.S. Department of Justice
Federal Bureau of Investigation
Internet Crime Investigation Center/Cyber Division
FBI - Minneapolis Suite 3378
137 Washington Avenue, West
MN 55594
Phone: +18883481766
Fax: +18883481766

November 14, 2017

Case: 8712174823

The IP address registered on your name was referred to the FBI's ICC Center (IC3) several times as being a possible victim of cyber fraud.

We believe that your IP address was used to commit several computer fraud and abuse crimes. This investigation covers the time period from September 8, 2017 to the present.

We will appreciate your instant attention . Please contact us urgently with all of the information concerning this case, at telephone number listed above.

Respectfully, Sam Gilbert
Internet Crime Investigation Center
Minneapolis Suite 1122
148 Washington Ave, East
MinneapolisMN 55326
Note that I am apparently both a victim of cyber fraud (paragraph 1) and a perpetrator (paragraph 2). Also the addresses given at the top and the bottom of the email are different.

Still it's nice to be the subject of so much attention!
 
Old 12-14-2017, 12:13 PM   #2
Habitual
LQ Veteran
 
Registered: Jan 2011
Location: Yawnstown, Ohio
Distribution: Mojave
Posts: 9,374
Blog Entries: 37

Rep: Reputation: Disabled
1-888-348-1766 says to browse <redacted> to get "verified"

I'd forward any "case number" to the Office of the real FBI, or call and ask about it?

I' sure they'd be very interested in who it originated from?

Code:
host checkmyinternet.com && host 188.225.37.215
seems to be hosted in Russia.

I recognize it is a scam.

Last edited by Habitual; 12-14-2017 at 04:12 PM. Reason: removal hostile link
 
Old 12-14-2017, 01:04 PM   #3
hazel
Senior Member
 
Registered: Mar 2016
Location: Harrow, UK
Distribution: LFS, AntiX, Slackware
Posts: 3,206

Original Poster
Blog Entries: 9

Rep: Reputation: 1715Reputation: 1715Reputation: 1715Reputation: 1715Reputation: 1715Reputation: 1715Reputation: 1715Reputation: 1715Reputation: 1715Reputation: 1715Reputation: 1715
So I followed your link and got a screen that said my Windows was infected with Zeus!
Quote:
Please call us immediately at: 44-163-074-0014
Do not ignore this critical alert.
If you close this page, your computer access will be disabled to prevent further damage to our network.
Your computer has alerted us that it has been infected with a Spyware and riskware.
The following information is being stolen...
Financial Data
Facebook Logins
Credit Card Details
Email Account Logins
Photos stored on this compute
You must contact us immediately so that our expert engineers can walk you through the removal process over the phone to protect your identity.
Please call us within the next 5 minutes to prevent your computer from being disabled or from any information loss
Good thing I don't use Windows, isn't it! Where did you get that link from anyway?
 
Old 12-14-2017, 02:14 PM   #4
Habitual
LQ Veteran
 
Registered: Jan 2011
Location: Yawnstown, Ohio
Distribution: Mojave
Posts: 9,374
Blog Entries: 37

Rep: Reputation: Disabled
Quote:
Originally Posted by hazel View Post
So I followed your link and got a screen that said my Windows was infected with Zeus!
I dialed 1-888-348-1766

Last edited by Habitual; 12-14-2017 at 02:15 PM.
 
Old 12-14-2017, 03:20 PM   #5
Terry Coats
Member
 
Registered: Mar 2017
Posts: 103

Rep: Reputation: 25
That checkmyinternet link caused my firefox browser to get caught in an endless loop that I couldn't kill.
I looked just for curiosity because linux and firefox are usually immune.
I had to kill firefox using its process id and then restart it from a command line
and specifying a safe link(google) otherwise it would start up again on the endless loop page.
 
Old 12-14-2017, 04:16 PM   #6
Habitual
LQ Veteran
 
Registered: Jan 2011
Location: Yawnstown, Ohio
Distribution: Mojave
Posts: 9,374
Blog Entries: 37

Rep: Reputation: Disabled
site showed me the attached.

And I removed the hostile link above.
Don't need any "accidents"

Terry:
Clean your browser's cache and possibly a new profile if it endures.
Attached Thumbnails
Click image for larger version

Name:	Screen Shot 2017-12-14 at 3.13.37 PM.jpg
Views:	75
Size:	136.7 KB
ID:	26534  

Last edited by Habitual; 12-14-2017 at 04:20 PM.
 
Old 12-14-2017, 08:51 PM   #7
frankbell
LQ Guru
 
Registered: Jan 2006
Location: Virginia, USA
Distribution: Slackware, Ubuntu MATE, Mageia, and whatever VMs I happen to be playing with
Posts: 15,237
Blog Entries: 25

Rep: Reputation: 4340Reputation: 4340Reputation: 4340Reputation: 4340Reputation: 4340Reputation: 4340Reputation: 4340Reputation: 4340Reputation: 4340Reputation: 4340Reputation: 4340
If the FBI was interested in you, they would not send an email. You would likely be visited by a representative of your local constabulary at the request of the FBI, if they agreed with the request.

It's like emails from the US IRS. The IRS and other US government agencies does not initiate contact via email. You get a letter with a return address that you really don't want to see in your mailbox . . .
 
Old 12-15-2017, 12:54 AM   #8
!!!
Member
 
Registered: Jan 2017
Posts: 666

Rep: Reputation: 289Reputation: 289Reputation: 289
Quote:
Originally Posted by Habitual View Post
I dialed 1-888-348-1766
Now your ph# (or whatever ph# you called it from)
is on the 'suckers hot list for sale', aka now a 'destroyed ph#'

ooops: unless VoIP: https://productforums.google.com/for...ce/AoEwD7udhAU
http://www.dslreports.com/forum/r193...l-free-numbers Were you using VoIP?

Last edited by !!!; 12-15-2017 at 01:06 AM.
 
Old 12-15-2017, 01:58 AM   #9
hazel
Senior Member
 
Registered: Mar 2016
Location: Harrow, UK
Distribution: LFS, AntiX, Slackware
Posts: 3,206

Original Poster
Blog Entries: 9

Rep: Reputation: 1715Reputation: 1715Reputation: 1715Reputation: 1715Reputation: 1715Reputation: 1715Reputation: 1715Reputation: 1715Reputation: 1715Reputation: 1715Reputation: 1715
OMG, what have I done? I started this thread so that we could all have a good laugh and now I've got people into trouble. Please, I'm really sorry about this.

My browser on LFS is Pale Moon with Noscript plugged in and it didn't get into a loop. In fact I came to no harm at all as far as I can see. Bravo, Pale Moon! But perhaps Habitual shouldn't have posted that link; I notice that he has now removed it.

@frankbell: I live in the UK so the FBI has no hold on me. If they had a genuine case against me, they'd have to apply to the Home Office for extradition. The letter was obviously angled at US citizens.
 
Old 12-15-2017, 06:23 AM   #10
Terry Coats
Member
 
Registered: Mar 2017
Posts: 103

Rep: Reputation: 25
Quote:
Originally Posted by hazel View Post
OMG, what have I done? I started this thread so that we could all have a good laugh and now I've got people into trouble. Please, I'm really sorry about this.

My browser on LFS is Pale Moon with Noscript plugged in and it didn't get into a loop. In fact I came to no harm at all as far as I can see. Bravo, Pale Moon! But perhaps Habitual shouldn't have posted that link; I notice that he has now removed it.

@frankbell: I live in the UK so the FBI has no hold on me. If they had a genuine case against me, they'd have to apply to the Home Office for extradition. The letter was obviously angled at US citizens.
No problem. My own fault for clicking the link but I'm always curious to see what's going on.
What happened to me was I got a page with audio that I couldn't close. I would close it only
to have it start up again. Closing firefox and then restarting would bring back the silly
page and audio again. Fortunately I knew the trick to getting straightened out. Silly me.
Yes I am one of those born every minute but think I am invulnerable.
 
Old 12-15-2017, 07:17 AM   #11
ntubski
Senior Member
 
Registered: Nov 2005
Distribution: Debian, Arch
Posts: 3,496

Rep: Reputation: 1790Reputation: 1790Reputation: 1790Reputation: 1790Reputation: 1790Reputation: 1790Reputation: 1790Reputation: 1790Reputation: 1790Reputation: 1790Reputation: 1790
Quote:
Originally Posted by hazel View Post
My browser on LFS is Pale Moon with Noscript plugged in and it didn't get into a loop. In fact I came to no harm at all as far as I can see.
You should definitely have Javascript disabled before investigating such links. Image display and audio playing too, probably. Really, wget+text editor is more appropriate than a browser for this.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
One born every minute! hazel General 6 11-30-2017 03:22 AM
One born every minute! hazel General 17 11-27-2017 01:57 PM
One born every minute! hazel General 3 11-17-2017 09:06 PM
New Born sreeni85 LinuxQuestions.org Member Intro 1 04-24-2014 12:06 AM
crontab: minute hour or hour minute rjo98 Linux - Newbie 2 11-04-2009 03:09 PM

LinuxQuestions.org > Forums > Non-*NIX Forums > General

All times are GMT -5. The time now is 11:27 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration