This article is a brief excerpt from the soon to be published book,
"Street Smarts for a Virtual World"
Lessons in Personal Information Security from the Military Industrial Complex
See the Complete Table Of Contents Here
Recognizing Cyber Threats
I use the phrase "cyber threat" to mean a threat originating in, or being transmitted on, with, or by a telephone, computer or other electronic device or network. This includes threats to vulnerabilities in devices such as baby monitors and wireless security systems.
A cyber threat is separate from a "physical threat," or threat to the physical hardware or network. Fire, lightning and theft are physical threats to your information, i.e., they threaten the physical media upon which your information is stored. Identity thieves, black-hat hackers, well-intentioned but fumble-fingered people, scammers, phishers, children, viruses, and social engineering are cyber threats.
What I will emphasize here are threats originating from other human beings, (and I use the word "human" loosely) against you and your mission statement.
These are people who want to steal from you, use your name, and ruin your reputation, credit rating and credibility. They will do so with no guilt, conscience or remorse because to them, you are only a number. Don't take it personally. In their minds you and your personal information are merely a commodity to be bought, sold or used.
The perpetrator's attack vector is usually Unsolicited Commercial Email (UCE). Broadcasting E-Mail from stolen or throw away domains and addresses somewhere in Whereitsatistan, however, is a low-risk, low-cost operation that makes money on sheer volume.
Direct postal mail and telephone solicitation are other vectors of attack but they are less used because they are more easily traced and prosecuted.
Bulk E-Mail and online fraud is still a growing business because a very small part of the population is vulnerable. They are naïve, gullible, mathematically challenged and/or greedy. The majority of online scam victims are, however, just "ordinary people" and often those who can least afford the loss.
Three percent is traditionally considered the marginally acceptable return on a standard postal direct mail campaign.
A postal mail campaign might consist of a few hundred thousand pieces of direct mail. A bulk E-Mail campaign, on the other hand, can easily be broadcast to tens of millions of people.
A scam in the amount of one hundred dollars sent to ten million people only needs a 'victim rate' of .00001 to return ten thousand dollars to the thieves.
Does it pass the Smell Test?
Your first line of defense against cyber threats is your "inter-cranial threat detector," occasionally called intuition, and more commonly referred to as a "gut feeling."
If you do choose to read what may be a scam solicitation or phishing expedition, then do so very carefully.
Some Immediate Red Flags Are:
- URL Masking / Spoofing
- Errors in Grammar or Spelling
- Inconsistencies in Return Addresses
- All Upper Case Letters
- Inconsistent Case i.e. "… contacted by MR ASTAIREN MUMBUTO of the OFFICE OF ROYAL AFFAIRS to execute ..."
Your Bank, Broker or E-Mail Provider Doesn't Need Your Help
There are some scams that should immediately raise a red flag. Some of the most common of these are referred to as "Phishing." Phishing, a 'geek' way of spelling fishing, where a criminal launches a figurative fishing expedition to find out any information that they can, describes itself quite well.
Financial institutions and online merchants spend millions of dollars ensuring that their systems are secure and as 'hack proof' as possible. The expense and effort spent to protect customer's confidential information is completely negated, however, if a thief can simply con them out of their password and other account information.
A Phishing scam typically begins with an E-Mail, allegedly from the victim's bank, broker or E-Mail provider. We'll use a bank in this example.
The E-Mail informs the mark that there is a problem with their account. It may be unauthorized charges or that some new security policies are in place. In any case, they are instructed to log in to their account to keep it active or avoid some other terrible calamity.
Included in the E-Mail is a link to the login page for the victim's bank, and indeed the link does appear to take the victim to their bank's login page.
In the illustration, you can see that the link actually connects to yfakurisi.ibnsites.com, not PNC Bank.
The Website that the victim actually visits is not PNC Bank, but a copy or clone of the PNC Bank site sitting on a server controlled by the thief.
When we look up the domain using WHOIS we see that it really belongs to someone in Costa Rica.
Registrant:
Producciones Legendarias S.A.
Apartado 3-1150
La Uruca
San Jose 00000
Costa Rica
Even "Really Big" Companies can get Phished.
The obvious red flags in the above Google phishing expedition are bad grammar, the ciudad.com.ar and Gmail return addresses and the date, which is eight months prior to the date I actually received this spam.
In the above American Express™ example, the original E-Mail originated in Russia (.ru) and the included link doesn't go to American Express™, but to a URL Shortening Service.
When the mark 'logs in' to the phishing site they might receive an error screen, a message that their action was successful, a thank you screen or even be forwarded to the actual banking sites' home page. What actually happened, however, was the visitor's login name, password and any other entered information were either stashed in a database or sent by E-Mail directly to the scammer, who promptly transfers $100 dollars or so from the victim's account to theirs and then resells the account information. The most successful online scam artists and phishers make their money in volume, not by draining individual accounts. The net result, however, is the same. By the time a Red Flag shows up on an account the card has probably been resold five or six times.
Other variations of these phishing scams may include a legitimate looking file attachment that the thief says the victim must run, or a program that they must install to maintain access to their account. As soon as the victim does click to install the new 'Security Enhancement Program' or similar attachment, their system is loaded with any of an assortment of nasty malware including; trojans, keyloggers, password stealers and E-Mail robots. Some of the most currently popular remote control software, allows the criminal complete control of the victim's system.
WHOIS Services: 411 for the Internet
All Internet registrars, (the keepers of the domain names) maintain publicly searchable databases of ownership records for all of the domains that they host.
In the olden days of the Internet you could simply ask any computer terminal WHOIS [domain.name] and get a full report of the domain's ownership from the registration database.
The individual domain registrars provide searchable lists of their domain ownership, and there are now a few Web services that query all of the major registrars provide to the same information.
- Geektools: http://www.geektools.com/whois.php
- Domain Tools: http://whois.domaintools.com/
Note: Though the registration databases contain very detailed information, some registrants have paid an additional fee to have their street address, telephone and E-Mail address omitted from the listing, the equivalent of an unlisted number. You can still discover much important information, however, such as country of origin.
They Can Run, but They Can't Hide
Above is a screen from a Chase Bank phishing expedition. In addition to the obvious tip-offs like the unusual grammar and the threat to suspend the recipients account, when you roll over the verification link you can see in the status bar that you are going to a website http://75.126.191.80
What do these numbers mean?
A Short Lesson in IP Addresses – Phone Numbers for the Internet
Just like the telephone system understands numbers and not names, the Internet doesn't understand domain names, only the numbers connected to them. Domain names such as seggleston.com or whitehouse.gov mean nothing to a computer until they are 'converted' into a number that the Internet can understand. That number is an Internet Protocol address, usually shortened to "IP."
There are two addressing schemes being used on the Internet today, Version 4 and a newer version 6, (ipv4 and ipv6) with ipv4 being the most common as of this writing.
An ipv4 address consists of four groups of numbers, each between 0 and 255Luckily there are computers called "name servers" that are an integral part of the Internet. Name servers take the domain names that you enter into your browser or E-mail and look up the appropriate IP address for that mailbox or website. Think of name servers as an automated 411 service for the Internet, connecting names and numbers and then speed dialing them for you without your intervention.
This is good because it's certainly easier to remember Microsoft.com than 207.46.197.32
If you do happen to know the IP address of the device to which you want to connect, you can often can skip the Domain Name Services (DNS) lookup entirely and enter the number or IP Address instead. This is one way to access services and devices that may not have a domain name; Security systems, cable TV boxes, some the newest refrigerators, washing machines and HVAC systems are examples.
In the Chase Bank example above, either the scammer does not have a domain name, or they are attempting to hide it by using the IP address instead.
I ran the IP (207.46.197.32) through a WHOIS service and discovered that the address in question belonged to SoftLayer Technologies, Inc. or Dallas TX
This scam was using an IP address assigned to a United States corporation, so I took a few minutes to report the abuse.
If the address was connected to a server in China, Russia or country other than the United States it would generally be pointless to complain, and might even get your E-Mail address on a lot more SPAM lists.
Twitter Will Not Do This
We're Sorry, But the Postal Service Does Not Have Your Package
Dear customer!
Unfortunately we failed to deliver postal package sent on the
2nd of February in time because the recipient's address is wrong.
Please print out the invoice copy attached and collect the package at our office.
United Parcel Service of America.
------------------------------------------
Viruses found in the attached files.
The file UPS_invoice_1683.zip: Virus found FakeAlert.
Checked by AVG
Another common attack vector is an E-Mail, allegely from United Parcel, D&H or other shipping company. (Above) They advisie the mark that a package could not be delivered, followed by "please see the attached file for details." Of course the attached file contains a malware payload and as soon as it is opened the victim's system is compromised.
There will always be a certain percentage of people who touch the wall just to see if the paint really is wet, like it says on the sign. Some don't see the sign at all and a few who will complain because they got paint on their finger. It is this percentage that keep the virus and malware writers in business.
Drive-By Attacks
It is now possible, though unlikely, to expose your system to a threat by merely visiting some Websites.
Simply reading an E-Mail or surfing the Net will not normally expose someone with an up-to-date and well-patched system to an attack. The victim usually needs to download or open an attachment, allow a program to install or take some other overt action before an attack can succeed.
As Web browsers and E-Mail programs add capabilities and functions, however, they also expose additional vulnerabilities to attack.
A Drive-By Attack is an attack triggered by simply reading an E-Mail or visiting a Website.
The best way to avoid drive-bys it to make certain that your operating system and any software that you use to connect to the Internet is up-to-date with the latest security patches.
When reading E-Mail, don't leave the message pane open. The message pane in an E-Mail program is a great convenience. Each message opens up in its own section of the window (pane) as soon as you select it in the inbox.
With the message pane closed you may have to double click to open the message and click again to close it, but at least you have a choice to delete the Viagra, Make Money Now and URGENT PLEA FOR ASSISTANCE messages before they are opened.
The "Classic" Nigerian Money Scam
The Classic Nigerian Money Scam appeals to at least two vulnerabilities of the .00001%; naiveté and greed, a poisonous combination.
Version "A"
REQUEST FOR URGENT BUSINESS RELATIONSHIP
FIRST, I MUST SOLICIT YOUR STRICTEST CONFIDENCE IN THIS TRANSACTION. THIS IS BY VIRTUE OF ITS NATURE AS BEING UTTERLY CONFIDENTIAL AND 'TOP SECRET'. I AM SURE AND HAVE CONFIDENCE OF YOUR ABILITY AND RELIABILITY TO PROSECUTE A TRANSACTION OF THIS GREAT MAGNITUDE INVOLVING A PENDING TRANSACTION REQUIRING MAXIIMUM CONFIDENCE.
WE ARE TOP OFFICIAL OF THE FEDERAL GOVERNMENT CONTRACT REVIEW PANEL WHO ARE INTERESTED IN IMPORATION OF GOODS INTO OUR COUNTRY WITH FUNDS WHICH ARE PRESENTLY TRAPPED IN NIGERIA. IN ORDER TO COMMENCE THIS BUSINESS WE SOLICIT YOUR ASSISTANCE TO ENABLE US TRANSFER INTO YOUR ACCOUNT THE SAID TRAPPED FUNDS.
THE SOURCE OF THIS FUND IS AS FOLLOWS; DURING THE LAST MILITARY REGIME HERE IN NIGERIA, THE GOVERNMENT OFFICIALS SET UP COMPANIES AND AWARDED THEMSELVES CONTRACTS WHICH WERE GROSSLY OVER-INVOICED IN VARIOUS MINISTRIES. THE PRESENT CIVILIAN GOVERNMENT SET UP A CONTRACT REVIEW PANEL AND WE HAVE IDENTIFIED A LOT OF INFLATED CONTRACT FUNDS WHICH ARE PRESENTLY FLOATING IN THE CENTRAL BANK OF NIGERIA READY FOR PAYMENT.
HOWEVER, BY VIRTUE OF OUR POSITION AS CIVIL SERVANTS AND MEMBERS OF THIS PANEL, WE CANNOT ACQUIRE THIS MONEY IN OUR NAMES. I HAVE THEREFORE, BEEN DELEGATED AS A MATTER OF TRUST BY MY COLLEAGUES OF THE PANEL TO LOOK FOR AN OVERSEAS PARTNER INTO WHOSE ACCOUNT WE WOULD TRANSFER THE SUM OF US$21,320,000.00(TWENTY ONE MILLION, THREE HUNDRED AND TWENTY THOUSAND U.S DOLLARS). HENCE WE ARE WRITING YOU THIS LETTER. WE HAVE AGREED TO SHARE THE MONEY THUS; 1. 20% FOR THE ACCOUNT OWNER 2. 70% FOR US (THE OFFICIALS) 3. 10% TO BE USED IN SETTLING TAXATION AND ALL LOCAL AND FOREIGN EXPENSES. IT IS FROM THE 70% THAT WE WISH TO COMMENCE THE IMPORTATION BUSINESS.
PLEASE,NOTE THAT THIS TRANSACTION IS 100% SAFE AND WE HOPE TO COMMENCE THE TRANSFER LATEST SEVEN (7) BANKING DAYS FROM THE DATE OF THE RECEIPT OF THE FOLLOWING INFORMATIOM BY TEL/FAX; 234-1-7740449, YOUR COMPANY'S SIGNED, AND STAMPED LETTERHEAD PAPER THE ABOVE INFORMATION WILL ENABLE US WRITE LETTERS OF CLAIM AND JOB DESCRIPTION RESPECTIVELY. THIS WAY WE WILL USE YOUR COMPANY'S NAME TO APPLY FOR PAYMENT AND RE-AWARD THE CONTRACT IN YOUR COMPANY'S NAME.
WE ARE LOOKING FORWARD TO DOING THIS BUSINESS WITH YOU AND SOLICIT YOUR CONFIDENTIALITY IN THIS TRANSATION. PLEASE ACKNOWLEDGE THE RECEIPT OF THIS LETTER USING THE ABOVE TEL/FAX NUMBERS. I WILL SEND YOU DETAILED INFORMATION OF THIS PENDING PROJECT WHEN I HAVE HEARD FROM YOU.
YOURS FAITHFULLY,
DR CLEMENT OKON
NOTE; PLEASE QUOTE THIS REFERENCE NUMBER (73447MZ3) IN ALL YOUR RESPONSES.
Version "B"
OFFICE OF THE SENATE HOUSE FEDERAL
REPUBLIC OF NIGERIA COMMITTEE ON
FOREIGN PAYMENT(RESOLUTION PON CONTRACT PAYMENT)IKOYI-LAGOS
NIGERIA14th FLOOR51/55BROAD STREET.
DEAR BENEFICIARY,
CONGRATULATIONS WE BRING TO YOUR NOTICE!!!
THE OFFICE OF THE SENATE HOUSE HAS CHOSEN YOU BY THE
BOARD OF TRUSTEE AS ONE OF THE FINAL RECIPIENT OF THIS
NEW YEAR PROMOTION CASH GRANT/DONATION, TO
CELEBRATE THE 30th ANNIVERSARY CELEBRATE, WE ARE GIVING OUT A YEARLY
DONATION OF THE ATM CARD VALUE IS USD($500,000.00) FIVE HUNDRED
THOUSAND UNITED STATE DOLLARS TO 7 LUCK RECIPIENTS, AS NEW YEAR
PROMOTION FROM THE W.H.O,UN,AND THE EU in ACCORDANCE WITH THE ENABLING
ACT PARLIATED.THE ATM GRANT/AID ONLY COLLECT EMAIL ADDRESS OF FINAL
RECIPIENT FROM DEFFERENT COUNTRY: UNITED STATS, GREECE, SAUDI ARABIA,
EUROPE,ETC.AND WITH AN ELECTRONIC BALLOTING SYSTEM, WITHOUT THE
RECIPIENT APPLYING, YOU EMERGED ONE OF OUR LUCKY BENEFICIARY.
YOU ARE TO FILL OUT THE BELOW INFORMATION AND SEND IT BACK TO THE PAYMENT REMMITANCE OFFICE VIA EMAIL CONTACT ADDRESS.
WINNING BATCH No:(W-7453-7833836-55A)
FULL NAME:________________________
RESIDENTIAL ADDRESS:______________
OCCUPATION:_______________________
NATIONALITY:______________________
PRESENT COUNTRY:__________________
AGE:______________________________
SEX:______________________________
TELEPHONE NUMBER:_________________
FAX NUMBER:_______________________
ONCE AGAIN CONGRATULATIONS…..
(PAYMENT REMMITANCE OFFICE CONTACT)
Mr.Larry Musa
E-Mail:laryy.musa@yahoo.com.hk
From: PAYMENT REMMITANCE OFFICE (info@atmoffice.org)
Sent: Tue 10/28/08 5:15 AM
Above are only two of seemingly endless variations of the scam. In another version of the con, the sucker is notified that he or his E-Mail address has won a foreign lottery. When he attempts to collect his winnings he is told that he must pay taxes or mysterious "facilitation fees."
In other variations the scammer may pose as the grieving widow of a banker or former government official who is being persecuted and needs your help.
If your "scam detector" doesn't flash Red after reading any of these, it should.
These E-Mails, usually sent to addresses taken from large mailing lists or 'scraped' from Websites and blogs, promise obscene rewards.
They generally begin by asking a victim to help them move a huge amount of money into the United States. They can't legally do it themselves for various very legitimate sounding reasons.
They also assure the victim that everything they will be asked to do is 100% legal, and it is. -- There is no law against flushing away your own money.
When the victim agrees to participate everything speeds along smoothly. Soon thereafter though, when the mark is blinded by visions of retirement in Tahiti, things will run into a minor snag. There will be a tax, processing fee, license stamp, release fee or other minor cost. This might only be $25.00 and after all, the payoff is millions. Now that the victim has a bit of money invested, more fees pop up. Soon the sucker is into the scammers for several hundred dollars, if not more. When the victim is no longer willing or able to pay, or if they complain, the scammer evaporates, never to be seen again until their next scam.
You might wonder who would fall for such obvious frauds.
According to a 1997 newspaper article:
"We have confirmed losses just in the United States of over $100 million in the last 15 months," said Special Agent James Caldwell, of the Secret Service financial crimes division. "And that's just the ones we know of. We figure a lot of people don't report them."
Making Money At Home
Almost all of the "make money at home" plans that you receive through UCE (Unsolicited Commercial Email) are scams. Some are more elegant than others, but they are scams nonetheless.
From: Frances Shea <Frances@aol.com >
To: <sucker@gullible.con>
An import export company seeks remote employees.
Our company specializes in marketing and selling of the various products on the Internet and our goal is to connect sellers and buyers for various products online thus assuring the best possible outcome for the both parties involved.
Being foreign company makes it harder to manage sales transactions with US customers, thus we are looking for support of regional customer service representative.
The main duties include receiving and making payments on client's behalf, managing the preparation and distribution for expected transactions and ensuring accuracy and promptness of payments and reports.
Number of expected transactions per week: from 2-3 (at the beginning of work) to 5-7 (after the first probation month).
Benefits:
1. Base salary(after a month evaluation period), commissions + monthly bonuses
2. All banking and cellphone expenses covered
3. Earnings in addition to your current job
4. No need to sell anything or look for customers
Requirements:
1. Mobile and stationary phone
2. Access to e-mail via Internet or mobile phone
3. Minimum age: 25
4. Bank account
If you are interested in this job offer, please send the your free form application to:
Frances@us-consalt.com
I'll answer you as soon as possible.
Running the domain us-consalt.com through a WHOIS service tells me that it is owned by:
Maksim Rodkin
Email: mailto:roddsn@post.com
Organization: Private person
Address: Miichurinskij prospekt, d.10-2, kv. 144
City: Moskva
State: Moskovskaya
ZIP: 178234
Country: RU
Phone: +7.4956783214
Of course there is no guarantee that this information is 100% accurate, but it does show that the originator is allegedly in Moscow.
When a victim gets on-board with these slick culprits they will actually receive a cashier's check or bank draft, usually for one thousand dollars. When they receive the check they are instructed to send an amount, usually 80 to 90% to the "contracted person" within 12 hours via a Western Union money order.
That sounds good. The sucker deposits $1000, sends $800 to someone else and pockets $200 for their efforts. Not bad at all, assuming the check or bank draft that the victim received was genuine. The victim's wire transfer clears immediately and the scammer has the victim's money. That's why they have a 12 to 24 hour time limit and ask for a Western Union wire transfer. Since it will take the international cashier's check or bank draft a few days to clear, the victim sends $800 of their own money to the scammer or their cohort. Only after it's too late do they discover that the check or bank draft that they deposited was completely bogus. The mark is out eight or nine hundred dollars and the scammer is long gone with the money.
Some of these scammers will actually send a small amount of real money once the mark takes the bait. The victim might receive a genuine cashier's check, money order or bank draft or direct deposit for a trivial amount, ten dollars or so; allegedly to offset the cost of setting up a bank account. The genuine deposit builds credibility and gives the mark some confidence that the checks and/or bank drafts they are about to receive are genuine. Considering that the crooks are preparing to take the victim for eight or nine hundred dollars, if not more, their ten dollar investment is trivial.
Those victimized by online scams and frauds naturally want to see justice swiftly done. Often, however, there is little that can be done because the perpetrators are in other countries.
The laws of your country may mean nothing in another, so you should always exercise extra caution when dealing with foreign persons or companies.
If the F.B.I. Volunteers to Help.
The scammers soon figured out a way to further rip off those who have already been robbed.
You may be surprised to find out that the FBI will help you collect your money – at least that's what this scammer hopes.
Anti-Terrorist And Monitory Crime Division.
Federal Bureau Of Investigation.
J.Edgar.Hoover Building Washington Dc
Attn: Beneficiary,
This is to Officially inform you that it has come to our notice and we have thoroughly Investigated with the help of our Intelligence Monitoring Network System that you are having an illegal Transaction with Impostors claiming to be Prof. Charles C. Soludo of the Central Bank Of Nigeria,Dr Fred Scott, Mr Chris Nelson, Mr. Patrick Aziza, Mr peter Nweke, Dr. Philip Mogan, none officials of Oceanic Bank, Zenith Banks, Barr. Derrick Smith, kelvin Young of HSBC, Ben of FedEx, Ibrahim Sule,Larry Christopher, Dr. Usman Shamsuddeen, Puppy Scammers are impostors claiming to be the Federal Bureau Of Investigation. During our Investigation, we noticed that the reason why you have not received your payment is because you have not fulfilled your Financial Obligation given to you in respect of your Contract/Inheritance Payment.
Therefore, we have contacted the Federal Ministry Of Finance on your behalf and they have brought a solution to your problem by cordinating your payment intotal USD$11,000.000.00 in an ATM CARD which you can use to withdraw money from any ATM MACHINE CENTER anywhere in the world with a maximum of $4000 to $5000 United States Dollars daily. You now have the lawful right to claim your fund in an ATM CARD.
Since the Federal Bureau of Investigation is involved in this transaction, you have to be rest assured for this is 100% risk free it is our duty to protect the American Citizens. All I want you to do is to contact the ATM CARD CENTER via email for their requirements to proceed and procure your Approval Slip on your behalf which will cost you $350.00 only and note that your Approval Slip which contains details of the agent who will process your transaction.
CONTACT INFORMATION
NAME: MR. FRANK DUKE
EMAIL: frank.duke1111@yahoo.cn
Do contact Dr. Frank Duke of the ATM CARD CENTRE with your details:
FULL NAME:
HOME ADDRESS:
TELL:
CELL:
CURRENT OCCUPATION:
BANK NAME:
AGE:
So your files would be updated after which he will send the payment information's which you'll use in making payment of $350.00 via Western Union Money Transfer or Money Gram Transfer for the procurement of your Approval Slip after which the delivery of your ATM CARD will be effected to your designated home address without any further delay.We order you get back to this office after you have contacted the ATM SWIFT CARD CENTER and we do await your response so we can move on with our Investigation and make sure your ATM SWIFT CARD gets to you.
Thanks and hope to read from you soon.
ROBERT S. MUELLER, III
DIRECTOR, FEDERAL BUREAU OF INVESTIGATION
UNITED STATES DEPARTMENT OF JUSTICE
WASHINGTON, D.C. 20535
Note: Do disregard any email you get from any impostors or offices claiming to be in possession of your ATM CARD, you are hereby advice only to be in contact with Mr.Frank Duke of the ATM CARD CENTRE who is the rightful person to deal with in regards to your ATM CARD PAYMENT and forward any emails you get from impostors to this office so we could act upon and commence investigation.
There is so much wrong, on so many levels with the above scam that it's hard to know where to begin.
Numerous typos, spelling and grammatical errors should make it obvious that the originator has only a marginal grasp on the English language. Say what you may about the FBI, but they do know how to write a letter.
Scammers and Phishers also seem to have an affinity for upper case letters. An unsolicited E-Mail littered with inappropriate looking upper case words is almost guaranteed to be a fraud or scam.
It's also very unlikely that the FBI would suggest that you send $350.00 to a person with a Canadian Yahoo address. (frank.duke1111@yahoo.cn)
Furthermore, a quick examination of the E-Mail headers reveals that the true origination domain belongs to someone in Istanbul, Turkey.
** Registrant:
Tekofaks Ofis ve Haberleþme Ürünleri Pazarlama A.Þ.
Gürsel Mah.Sevilen Sok.No:65 Çaðlayan - 80340
Ýstanbul, Türkiye
mailto:gulincelik@tekofaks.com.tr
+ 90-212-2106900-
+ 90-212-2106809
Again, there is no guarantee that this information is completely accurate or current, but you may be confident that the FBI is not sending official E-Mail from Istanbul.
