Well, do we think the FBI would send me an email about finding 4.1 million dollars at the airport with my name on some documents? or would they just come to my house and take me to a small dark room and talk to me for a while? The FBI does not send emails to people unless you send one to them first. This type of scam is a phishing scam. They try to get you to send them more information about you and then take money from you in order for you to get the bigger prize. below is what the scam email looks like:

From: AGENT JASON GALE <jason.gale @ fbi. gov>
Date: March 25, 2012 8:13:53 AM EDT
To: <jason.gale @ ci.fbi. gov>
Subject:FROM THE FEDERAL BUREAU OF INVESTIGATION (FBI)…
Reply-To: <jasongaleee @ superposta. com>

Federal Bureau of Investigation
Intelligence Field Unit J. Edgar Hoover Building
935 Pennsylvania Avenue, NW Washington, D.C.

I am special Agent Jason Gale from the federal bureau of investigation (FBI) intelligence unit, we intercepted two consignment box at JFK airport, New York, the box was scanned but found out that it contain large sum of money ($4.1 million) and also some backup document which bears your name as the beneficiary/receiver of the money, investigation carried out on the diplomat that accompanied the box into United States, said that he was to deliver the fund to your residence as overdue payment own to you by the federal government of Nigeria through the security company in United Kingdom.

Meanwhile, we cross check all legal document in the box but we found out that your consignment was lacking an important document and we cannot release the box to the diplomat until the document is found, right now we have no other choice than to confiscated your consignment.

According to Internal Revenue Code (IRC) in Title 26 also contain reporting requirement on a Form 8300, Report of Cash Payment Over $10,000 Received in a Trade or Business, money laundering activity may violate 18 USC §1956, 18 USC 1957, 18 USC 1960, and provision of Title 31, and 26 USC 6050I of the United States Code (USC), this section will discuss only those money laundering and currency violation under the jurisdiction of IRS, your consignment was lacking proof of ownership certificate from the joint team of IRS and IRC, therefore you need to reply back immediately for direction on how to procure this certificate to enable us relieved the charger of evading the law on you, which is a punishable offense in Untied State.

You are required to reply back within 72hours or you will be prosecuted in the court of law for money laundering, also you are instructed to desist from further contact with any bank(s) or person(s) in Nigeria or United kingdom or any part of the world regarding your payment because your consignment has been confiscated by this bureau here in United States.

Yours In Service,
Agent Jason Gale
Regional Deputy Director
Intelligence Field Unit

The links in the above email are broken by us and please don’t send any email to the above emails. As you can notice the return email address does not go to the FBI and the agents name is spelled wrong in the return to address. The ci.fbi.gov is not a website as well. The return email address goes to a German email account like a hotmail email account, do we think the FBI uses accounts like this?  This is one of the suggest tips that the FTC  publishes to help you avoid getting hooked by a phishing scam:

If you get an email or pop-up message that asks for personal or financial information, do not reply. And don’t click on the link in the message, either. Legitimate companies don’t ask for this information via email. If you are concerned about your account, contact the organization mentioned in the email using a telephone number you know to be genuine, or open a new Internet browser session and type in the company’s correct Web address yourself. In any case, don’t cut and paste the link from the message into your Internet browser — phishers can make links look like they go to one place, but that actually send you to a different site.

Here is the link to the FTC  http://www.ftc.gov/bcp/edu/pubs/consumer/alerts/alt127.shtm it is full of great information. Remember victims never receive this non-existent fortune but are tricked into sending their money to the criminals, who remain anonymous. They hide their real identity and location by using fake names and fake postal addresses as well as communicating via anonymous free email accounts and mobile phones. If its too good to be true its a scam.

Dear E-Mail User

Due to the package compromise of 1.4.11,1.4.12 and 1.4.13, we are forced to release 1.4.15 to ensure no confusions. While initial review didn’t uncover a need for concern, several proof of concepts show that the package alterations introduce a high risk security issue, allowing remote inclusion of files. These changes would allow a remote user the ability to execute exploit code on a victim machine, without any user interaction on the victim’s server. This could grant the attacker the ability to deploy further code on the victim’s server.
So upgrade to  Squirrel Mail Development Team by  click Squirrel Mail Login SquirrelMail 1.4.15 Released

s

We STRONGLY advise all users of 1.4.11, 1.4.12 and 1.4.13 upgrade immediately.

 

We removed the link from the above email so no one would click it. The link in the email sent the user to a website that tried to hijack your browser and then hijack your computer. We saw a few other squirrel emails that tried to get the user to enter in information about his/her account so they could hijack your email account.

Email with links in them, make sure you proceed with caution. Always hover your mouse over the link and see where it is trying to take you. If the link looks funny or odd don’t click it.

Examples of what some bad links can look like:

somewebname.ru/paypal/admin/security.php

spaceplesure.ru/seo/seogoogle/admin/squirrel.php

Don’t click on the zip file or exe in the zip file. This virus is the Win32:SmokeLoader_MP.  It tries to inject code into your windows dll files.

The first thing this virus does is steal all your passwords from all your programs, web browsers and chat programs. So any banking info will be stolen, as well as any logins to other secure systems.

The email looks like this:

Dear Customer,

The delivery service couldn’t deliver your package.
The package weight exceeds the allowable free-delivery limit.

You have to receive your packagen personally.
Print out the “Invoice Copy” attached and collect the package at our office.

Please read carefully the attached information before receiving your package.

Thank you for attention. FedEx Global Services.

Never open any zip file that you are not 100% sure about where it came from.

If you did open this email you should unplug from the internet and use Malwarebytes as a start to remove this virus.

This link takes me to a website that looks like the BBB website. During the page loading it stops about half way and then prompts you to download file called complaint9984.pdf.exe. Some people may think this is a pdf, but its not. It is an executable file that loads malicious software onto your pc. The software tries to shutdown your antivus to hijack your pc.

Below is  what the email looks like:

Attention: Owner/Manager

Here with the Better Business Bureau would like to inform you that we have been filed a complaint (ID 13563499) from one of your customers related to their dealership with you.

Please open the COMPLAINT REPORT below to view more information on this question and inform us about your position as soon as possible.

We hope to hear from you shortly.

Regards,

Fernando Grodhaus

Dispute Counselor
Better Business Bureau

---

Council of Better Business Bureaus
4200 Wilson Blvd, Suite 800
Arlington, VA 22203-1838
Phone: 1 (703) 276.0100
Fax: 1 (703) 525.8277

Good Day ,
Western Union wish to inform you the United Nation and (ECOWAS) have
instructed us to send you the sum of $300,000 USD. $5,000 has already
been sent to you as first collection. Sender Information’s HERE IS THE
Available MTCN for pick up by receiver BELOW.
Sender name===========Mary Orona
Test question======== WHAT COLOR
Test answer:============ blue
Amount======== == = $5,000 00
MTCN===========4148545819
Traking via www.westernunion.com

Payment Contact Agent
Mr DAN GOLD

Email: westernunionpaymentoffice67 @ yahoo.com.hk
Tel: +2347059515938

If it sounds to good to be true, it’s probably a scam.

A critical vulnerability has been identified in Adobe Flash Player and Adobe Reader.
Adobe recommends users of Adobe Flash Player, Adobe Reader update to last versions.

Download Updates

You may use the Adobe Download Manager to seamlessly install your software.

*** This is an automatically generated email, please do not reply ***

Copyright © 2012 Adobe Systems Incorporated. All rights reserved

In the email above we removed the links to the evil website with strikethroughs.  Adobe have stated in their news bulletin that updates are only available via the official Adobe Reader download page and not from any other source.

If you have opened this email and went to the website get your computer guy to check your computer and or network for malicious software.

This virus infects a computer through a targeted attack involving a Word document which exploits vulnerability in the Windows kernel component Win32k.sys which allows the attackers to run code with the highest privilege level, bypassing pretty much most of the protection mechanisms from Windows or security software.

How can I keep this from happening to my business?
your exchange server needs to be patched, all your computers need to have all patchs up to date.

The ACH transfer (ID: 2929266749726), recently sent from your bank account (by you or any other person), was canceled by the Electronic Payments Association.

Canceled transaction
Transaction ID:	2929266749726
Reason of rejection	See details in the report below
Transaction Report	report_2929266749726.doc (Microsoft Word Document)

13450 Sunrise Valley Drive, Suite 100
Herndon, VA 20171

Be aware that phishing e-mails frequently have links to Web pages that host malicious code and software. Do not follow Web links in unsolicited e-mails from unknown parties or from parties with whom you do not normally communicate, or that appear to be known but are suspicious or otherwise unusual.

NACHA does not send communications to individuals or organizations about individual ACH transactions that they originate or receive.

If malicious code is detected or suspected on a computer, consult with a computer security or anti-virus specialist to remove malicious code or re-install a clean image of the computer system. Always use anti-virus software and ensure that the virus signatures are automatically updated. Ensure that the computer operating systems and common software applications security patches are installed and current.

I sent this scam to AA today with no response from them, I did not see any warning on there website about this scam either.

Ticket.exe is a Trojan.Win32.Jorik.MokesLoader.jq that modifies the system settings to perform malicious acts on the targeted system.

Hello
FLIGHT NUMBER A826
ELECTRONIC 301848172
DATE & TIME / JANUARY 24, 2012, 10:22 AM
ARRIVING / Charlotte
TOTAL PRICE / 333.32 USD

Please find your ticket attached.
To use your ticket you should print it.

Thank you for using our airline company services.
American Airlines.

 

Never open a zip file it you are not 100% sure what it is.

Make sure you update your AV software, this virus is only a few days old.

Below is what the email looks like

WESTERN UNION HEAD OFFICE DEPARTMENT BENIN REPUBLIC.
FOREIGN CONTRACTOR PAYMENT OFFICE
TELEPHONE +229-98270441

Hello ,

Regarding your mail, which was well understood. Your e-mail was lucky to be among the emails that are selected randomly. The western union is using this medium to appreciate their valued customer with a new year compensatory fund of $500,000.00 US Dollars, so this notification is only meant for people that have use western union in receiving and sending money.

But before you can pick up the first $5,000USD, you must make payment of $75USD for us to Regenerate and Re-activate your name as the receiver and your new MTCN number because your funds has stay long on our database, That is the reason why we picked up the $5000,00 back, After making the payment, you must provide complete information we will use in Re-activating your payment to you.

Use the bellow following information for the payment for your Re-activating fee so that immediate action can be taken.

Receiver Name : SUNDAY OSAGIE
Country: Benin Republic
City : Cotonou
Test Question: When
Answer: Now
Amount: $75USD

As soon as we have a confirmation of your Re-activating fee, your $5,000USD MTCN will be re-activated and sent back to you within an hour of which the Re-activating fee is confirmed.

I Await your prompt response.

SINCERELY,
Mr.Thomas Raphael
YOURS IN SERVICE
Western Union Head Office Department
Western Union®

The reply-to in this email is western.union1011@w.cn  w.cn is a free windows live email system just like gmail.com is. This type of scam is done by  criminals from Nigeria and other countries in Africa.

Remember victims never receive this non-existent fortune but are tricked into sending their money to the criminals, who remain anonymous. They hide their real identity and location by using fake names and fake postal addresses as well as communicating via anonymous free email accounts and mobile phones.