...and other information to keep staff in the Technology Loop

Wednesday, November 23, 2005

PSA: CIA Warning

(spoofing to transmit a virus)

Several staff have received emails that appear to be from the CIA. An example of the message is below:

-----Original Message-----
From: Post@cia.gov
Sent: Wednesday, November 23, 2005 3:37 AM
To: 0ILQ002W5BMMBI@plcmc.org
Subject: You visit illegal websites

Dear Sir/Madam,

we have logged your IP-address on more than 30 illegal websites.

Important: Please answer our questions!
The list of questions are attached.

Yours faithfully,
Steven Allison
++++ Central Intelligence Agency -CIA-
++++ Office of Public Affairs
++++ Washington, D.C. 20505
++++ phone: (703) 482-0623
++++7:00 a.m. to 5:00 p.m., US Eastern time

While this email looks like it is from post@cia.gov, rest assured that the CIA is not monitoring your Internet use. In fact, Internet use doesn’t even technically fall under the CIA’s jurisdiction…unless you are a terrorist.

This is an example of spoofing. Spoofing is commonly used by spammers and phishers to forge the From line of an email address.

In this case, the email had a virus attached. One of the clues that the email is a fraud is the email address that the email was sent to is not a valid email address. Another clue is the inconsistent capitalization — the "w" in we should have been capitalized. Phony emails also frequently have misspelled words in an attempt to sneak past junk mail filters.

In this case the "sphisher" (have I invented a new word) was sending a virus. If I would have opened the attached file then I would have gotten the virus on my computer. Luckily, PLCMC has sophisticated anti-virus and email filtering software installed, so the attachment never even made it to my Inbox.

When is doubt always close the email (or better yet don't even bother to open it), and go to the home page where the email appears to have come from. A quick trip to www.cia.gov brought up this message on their home page:

Some members of the public have in the past few days received a bogus e-mail falsely attributed to CIA's Office of Public Affairs. CIA did not send that message. In fact, it does not send unsolicited e-mail to the general public, period. If you have gotten such a message, we strongly encourage you not to open the attachment, which contains a destructive virus.

For more information about phishing make sure to read Helene’s post on 11/18/05 about Bank of America and a phishing fraud, and if you have time take a look at this article: http://techupdate.zdnet.com/techupdate/stories/main/Phishing_Spam_that_cant_be_ignored.html