Outline Email purporting to be from the FBI claims that the recipient has been logged visiting illegal websites and is required to answer a list of questions contained in an attached file.
The email is not from the FBI and the attachment does not contain a list of questions as claimed. In fact, opening the attachment will launch a fake anti-virus program that tries to trick users into providing credit card details. The same ruse has been used to distribute worms or malware for several years.
Sir/Madam, we have logged your IP-address on more than 40 illegal Websites. Important: Please answer our questions! The list of questions are attached.
This email, which claims to be from the FBI, warns recipients that they have been logged as visiting more than 40 illegal websites. The message advises recipients to answer a list of questions that are supposedly contained in an attached zip file.
However, the email is certainly not from the FBI and the attachment does not contain a list of questions as claimed. Instead, the attachment harbours a fake anti-virus program that tries to trick users into submitting their credit card details. Once launched, this fake anti-virus program will supposedly scan the user's computer before displaying a message warning that the computer has a large number of serious virus infections. The message will also claim that the user must pay an immediate fee via a credit card before the anti-virus program can remove the virus infections. In fact, the supposed scan is entirely bogus and the viruses it "finds" do not exist. The fake program will continually display annoying and intrusive "virus warning" messages until the user pays up.
Some inexperienced computer users, first panicked by what they believe is a genuine message from the FBI, and then further panicked by dire warnings that their computer is riddled with dangerous viruses may hastily hand over their credit card information.
And the FBI ruse is apparently an effective tactic for criminals intent on distributing worms or malware. Back in 2005, another email that also claimed that the recipient had been logged by the FBI as visiting illegal websites was used to distribute the Sober worm. In fact, the wording of the two emails is virtually identical. Only the malicious payload is different. Some of the Sober worm versions claimed that it was the CIA rather than the FBI that had logged the illegal website visits. In 2007, another malware campaign used emails that falsely claimed that the recipient was under investigation by the IRS.
Users should be very cautious of any email that claims to be from the FBI or another law enforcement or government agency. If you receive such an email, do not open any attachments that it may contain. Do not follow any links included in the email. Rest assured, if the FBI (or the CIA) has a problem with your online activities it will not contact you via an unsolicited email.