IE 11 is not supported. For an optimal experience visit our site on another browser.

Spate of fake e-mails spooks agencies

A recent spate of e-mails that aren't what they appear to be have confused consumers and led to a series of government warnings.
/ Source:

Perhaps recently you've been warned that you've visited illegal Web sites. Or you've been asked to help recover money that belongs to the family of a U.S. soldier killed in Iraq.  You're hardly the only one.

A recent spate of e-mails that aren't what they appear to be have confused consumers and led to a series of government warnings. The messages are fake, but convincing, because of a simple programming trick that allows cybercriminals to change the return address attached to Internet e-mail.

Experts warn consumers to be very suspicious of any e-mail they receive unexpectedly, and to never respond to such e-mails with personal information.

"It's gotten to the point where you can't trust anything you get in e-mail, and that's very sad," said Mary Landesman,'s computer virus expert. "E-mail is quickly becoming a very untrustworthy source."

Fake "From" lines in e-mails are nothing new, but this latest flurry got the attention of  the Department of Homeland Security, U.S. Immigration and Customs Enforcement, and the FBI. 

The fake message appears to be the most widespread.  The e-mail claims to be from the government agency and accuses recipients of visiting over 40 illegal Web sites. It also tells recipients to contact the FBI.

"These e-mails did not come from the FBI. Recipients of this or similar solicitations should know that the FBI does not engage in the practice of sending unsolicited e-mails to the public in this manner," the agency said in a warning on its Web site. "Opening e-mail attachments from an unknown sender is a risky and dangerous endeavor as such attachments frequently contain viruses that can infect the recipient’s computer."

Sober virus blamed
Experts believe a computer virus named Sober-L (some firms call it Sober-K) is behind the e-mails. That same virus also arrives promising a peek at Paris Hilton videos, and as a warning from the Microsoft Corp., according to Craig Schmugar, a virus researcher at McAfee.   In each case, the addressing information of the e-mail has been forged convincingly.

Most anti-virus firms rate the virus a low or medium risk, saying it hasn't spread as widely as some well-known malicious programs like MyDoom. Still, Alex Shipp of MessageLabs said the worm has had surprising staying power. MessageLabs filters detected a sharp increase in the number of infected e-mails on Wednesday. On Tuesday, the firm had trapped only 30,000 infected e-mails carrying the worm, down from 40,000 the day before. But on Wednesday, it caught 109,000 Sober-L infected e-mails.

Landesman says the FBI e-mail may be particularly convincing because the agency's name can alarm recipients and catch them off guard.

"Getting an e-mail from the FBI is akin to having a state trooper in your rear view mirror," she said.  "Even if you are doing the speed limit, your heart will go faster, and you'll think, 'Maybe I did go to a bad Web site, or maybe my kid did.'"

On Friday, the Department of Homeland Security issued its own a warning about two separate fake e-mails. Both are variations on the famous Nigerian scam, which invites recipients to help move millions of dollars out of the country.

In one scam, an e-mail writer poses as a volunteer working with U.S. forces, saying he was friends with a U.S. soldier killed in Iraq, and asking for help returning the soldier's money to his family. Another e-mail claiming to be from the immigration department asks recipients for help tracking down funds looted from the Iraqi Central Bank by Saddam Hussein’s son.

"These new Internet fraud schemes are among the worst we have ever encountered. Most troubling is the fact that some are targeting the relatives of U.S. soldiers killed in Iraq," said Michael J. Garcia, the Department of Homeland Security’s Assistant Secretary for U.S. Immigration and Customs Enforcement, in a statement.

It's nearly impossible to give consumers general guidance on how to tell a real e-mail from a fake one, Landesman said. But one piece of advice she offered: take the subject line of a suspicious e-mail and paste it into the Google search engine to see if it has generated any complaints. 

Still, it's hard to give consumers general safety guidelines, Schmugar said.

"There's so much illegitimate email running around the Internet right now that you are more likely to get something illegitimate than legitimate," Schmugar said.