Re: [AFMUG] FBI Virus?

Fri, 18 Sep 2020 13:01:58 -0700

We had the FBI leave a card with us too years gone by, His name... Agent Agent. No kidding. Said it on his card. 

On 9/18/2020 2:56 PM, Ken Hohhof wrote:



If they are going from a whois database or abuse contact, an email 
address might be all they have.



I remember many years ago I sold T1 service to the FBI, actually the 
Chicago Cybercrime task force, joint with Chicago PD.  I think they 
used it for sting operations or something, didn’t want an IP address 
that would like like government or LEA.  They were just ordinary folks 
trying to do a job.  I would not rule out that they would contact you 
by email.  Or that the inquiry would not involve a court order but 
just investigating a lead.



It was kind of funny when I went there to install the service.  Lots 
of trim young men in suits looking exactly like you’d expect an FBI 
agent to look, and lots of not so trim not so young men in blue 
looking like you’d expect a Chicago cop to look.  The FBI guys looked 
like Josh Brolin (young K) from MIB, the cops didn’t quite look like 
Will Smith.  I don’t remember anybody looking like Alice Eve, I’d 
remember that.



Also many years ago I remember an FBI agent knocking on the office 
door, was doing outreach to ISPs, just wanted to explain what they did 
and who to call about what and leave a business card.  Actually very 
nice.  I think a lot of “deep state” workers get a bum rap.


*From:* AF <[email protected]> *On Behalf Of *Bill Prince
*Sent:* Friday, September 18, 2020 2:26 PM
*To:* [email protected]
*Subject:* Re: [AFMUG] FBI Virus?


I am doubtful that the FBI would contact you via email. Most likely 
they would send you a letter (assuming the USPS could deliver it). If 
they're actually serving you a subpoena, I would expect agents or some 
legal officer would issue it to you in person.


I would file it in the same category as this voice mail I got yesterday:

        Listen to this message carefully, this message is to inform
        you that SSA and legal enforcement agency is filing a legal
        warrant against your name and your Social Security number for
        fraudulent activities and arrest em has also been issued on
        your name for money laundering and the investigating team of
        our department is investigating you and your family to get
        more information about your arrest warrant in case File from
        United States government. You may press one for more
        information before we download your case into the courthouse.
        Thank you, press one now.

bp
<part15sbs{at}gmail{dot}com>

On 9/18/2020 11:49 AM, Nate Burke wrote:

    I got this message to the INFO mailbox of a company we acquired a
    year ago.  Everything about it says that it's spam, but the
    headers look legit.  Although the 153.31.119.142 IP address does
    not exist in the ARIN whois.  BGP.he.net says that it's part of a
    /17 assigned to the FBI.  It has an attached PDF that I have not
    yet opened. (file name SBP634366-WOW125412.pdf)  I can't imagine
    this is anything other than Spam/virus?  Is it possible this is
    how the FBI Actually sends out things?

    What's the best way to open a suspect PDF File?


    _____________________

    *** CHILD EXPLOITATION ***

    Good afternoon - please review the attached administrative
    subpoena and proceed accordingly - thank you and have a great
    weekend!

    AS Jennifer L. Isom
    FBI Chicago
    Violent Crimes Against Children
    312-829-5835


    ---------------------------------------------
    Email Headers:
    Received: from mx-east-ic.fbi.gov ([153.31.119.142])
    Received: from unknown (HELO HQV2-UEMBX-401.fbi.gov) ([10.93.22.26])
      by mx-east-ic.fbi.gov with ESMTP; 18 Sep 2020 14:21:58 -0400
    Received: from hqv2-uembx-402.FBI.GOV (10.90.70.12) by
    hqv2-uembx-401.FBI.GOV
     (10.90.70.11) with Microsoft SMTP Server (TLS) id 15.0.1497.2;
    Fri, 18 Sep
     2020 14:21:57 -0400
    Received: from USG02-CY1-obe.outbound.protection.office365.us
    (10.90.70.8) by
     hqv2-uembx-402.FBI.GOV (10.90.70.12) with Microsoft SMTP Server
    (TLS) id
     15.0.1497.2 via Frontend Transport; Fri, 18 Sep 2020 14:21:57 -0400

    ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass
     smtp.mailfrom=fbi.gov; dmarc=pass action=none
    header.from=fbi.gov; dkim=pass
     header.d=fbi.gov; arc=none
    DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
     d=dojfbi.onmicrosoft.com; s=selector1-dojfbi-onmicrosoft-com;
     
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;

     bh=vBv3/mLV7bc3i7PO8fotIxOyxMy562h5qqwbW3309QI=;
     
b=UqGJLZtTRQr6f1KaIJq/IjMFFc5skaGN4rQQMHgHWUAe4pw963vIjTILv/cQHH1CToFXgXUu980qar5uXnG7TKH5fVRIoVuWxu4VhWEEXZ8ePAQMkWXYdfKuR2NGS3cC3hVoxL6iHi/kXd5CKwbXopVnfiPgDuOFB84Rof0LTHk=

    Received: from CY1P110MB0551.NAMP110.PROD.OUTLOOK.COM
    (2001:489a:200:404::14)
     by CY1P110MB0567.NAMP110.PROD.OUTLOOK.COM (2001:489a:200:404::18)
    with
     Microsoft SMTP Server (version=TLS1_2,
     cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3391.17;
    Fri, 18 Sep
     2020 18:21:54 +0000
    Received: from CY1P110MB0551.NAMP110.PROD.OUTLOOK.COM
     ([fe80::75b8:922a:1a45:32c0]) by
    CY1P110MB0551.NAMP110.PROD.OUTLOOK.COM
     ([fe80::75b8:922a:1a45:32c0%10]) with mapi id 15.20.3391.017;
    Fri, 18 Sep
     2020 18:21:54 +0000







-- 
AF mailing list
[email protected]
http://af.afmug.com/mailman/listinfo/af_af.afmug.com























					Reply via email to