Is This A Scam?

[Ford Prefect]

I hope someone in the CP community can help me with this one. I'm familiar with most e-mail scams, but I received an e-mail today that I've never seen before and can't find on sites like snopes.

Following is the text of the message:

"hello.
i work in a private detective agency. my name is not important now.
I'm warning you that i'm going to watch you and monitor your telephone line. Do you want to know who paid for shadowing you? Expect my next e-mail.

P.S. I know, you don't believe me. But i think that the record of your yesterday's telephone conversation will assure you that everything is real. The record is in archive. The password is 123qwe"

The message also included a file attachment with a .rar file extension that supposedly contains the alleged record of my phone calls from yesterday. I use a Mac though and I gather a .rar file is some kind of Windows archive so I can't open it.

Anyway, this is a rather strange message, which I assume is a scam, but I can't confirm it. Has anyone seen or heard of this one before?

FWIW, the domain name of the sender's e-mail address is for some kind of corporate consulting firm in France.

Thanks.

[FlamesFanInEdm]

sure sounds like a scam. i wouldnt recommend touching that rar archive.

edit: heres a link for you explaining it http://montyy0.livejournal.com/146287.html#cutid1
________
PLYMOUTH EXPRESSO HISTORY

[Ford Prefect]

Quote:

Originally Posted by FlamesFanInEdm

sure sounds like a scam. i wouldnt recommend touching that rar archive.

Trust me I don't intend to, aside from the obvious reason that a windows file isn't going to work on a mac.

[ricosuave]

LOL sure sounds like it to me.

found evidence of something similar on google.

[J pold]

Quote:

Originally Posted by Ford Prefect

Following is the text of the message:

"hello.
i work in a private detective agency. my name is not important now.

And at that point I stop reading and just delete

[CaramonLS]

Open it on a library computer, no one cares about those getting infected with viruses.

[octothorp]

Quote:

Originally Posted by Ford Prefect

I hope someone in the CP community can help me with this one. I'm familiar with most e-mail scams, but I received an e-mail today that I've never seen before and can't find on sites like snopes.

Following is the text of the message:

"hello.
i work in a private detective agency. my name is not important now.
I'm warning you that i'm going to watch you and monitor your telephone line. Do you want to know who paid for shadowing you? Expect my next e-mail.

P.S. I know, you don't believe me. But i think that the record of your yesterday's telephone conversation will assure you that everything is real. The record is in archive. The password is 123qwe"

The message also included a file attachment with a .rar file extension that supposedly contains the alleged record of my phone calls from yesterday. I use a Mac though and I gather a .rar file is some kind of Windows archive so I can't open it.

Anyway, this is a rather strange message, which I assume is a scam, but I can't confirm it. Has anyone seen or heard of this one before?

FWIW, the domain name of the sender's e-mail address is for some kind of corporate consulting firm in France.

Thanks.

Definitely sounds like a scam. But for what it's worth, there's a few applications that will open rar files on the mac: http://mac.softpedia.com/get/Compres...Mac-OS-X.shtml.
If it were me, I wouldn't bother. But if you're curious or you've been doing something lately that would attract the attention of a private investigator, it's probably safe to open on your mac: if it's a virus in a rar file, it's fairly certain to have no effect on a mac.

[Ford Prefect]

Quote:

Originally Posted by octothorp

Definitely sounds like a scam. But for what it's worth, there's a few applications that will open rar files on the mac: http://mac.softpedia.com/get/Compres...Mac-OS-X.shtml.
If it were me, I wouldn't bother. But if you're curious or you've been doing something lately that would attract the attention of a private investigator, it's probably safe to open on your mac: if it's a virus in a rar file, it's fairly certain to have no effect on a mac.

Thanks ... I might try that if I get time. I don't have a guilty conscience about anything, but I am a private business owner and a new competitor is in the process of opening up in Quebec ... and I'm taking another business to court over a delinquent account they owe me for. If it's a serious e-mail it would pretty much have to relate to one of those two things. On the other hand, if it's a scam I'm curious as to what their angle is ... are they just trying to spread a virus, or are they going to try to extort some money out of me on the chance I have a guilty conscience about something. They only thing I feel guilty about right now is the second helping of pie I had for dessert last night so I wish them luck if that's their angle.

[foofighter15]

Well i did send my buddy who sits close to me at the office a message like that once, but that wasn't me sending you that so it sounds like a virus to me

[BlackArcher101]

What kind of private investigator makes himself known to the person he is monitoring? Talk about a career killing move right there.

[arsenal]

The attached file contains a virus. Its just a social engineering move to get you to open the attached .rar file and install the file. I would just delete it, forget about it and move on.

[gottabekd]

For clarification: A rar is an archive file. It is not executable, and cannot infect you with a virus just by opening and extracting it. Of course, any executable files inside may (and in this case) likely have a virus.

[MelBridgeman]

of course its a freaking scam...

[Ford Prefect]

Quote:

Originally Posted by MelBridgeman

of course its a freaking scam...

I realize that, but since I have never seen this particular one before and I couldn't find it on snopes or other scam sites to verify that, I was curious to know if anyone at CP has seen it before. I take it by your response that you have, or are you just restating the obvious?

[Bobblehead]

I just did a search on "Do you want to know who paid for shadowing you?" (which is pretty unique) and saw there are at least 13 other people asking about the exact same email, all fairly recently. So this will probably be on the hoax sites within the next few days.

[Ford Prefect]

Quote:

Originally Posted by Bobblehead

I just did a search on "Do you want to know who paid for shadowing you?" (which is pretty unique) and saw there are at least 13 other people asking about the exact same email, all fairly recently. So this will probably be on the hoax sites within the next few days.

Thanks Bobblehead ... that's the sort thing I was looking for. when I did similar searches earlier I didn't come up with anything, so it would seem it is very recent alright. What I'm still curious about is the purpose of it ... to spread a virus or scam money. It would seem spreading a virus is the most likely.

[llama64]

Quote:

Originally Posted by gottabekd

For clarification: A rar is an archive file. It is not executable, and cannot infect you with a virus just by opening and extracting it. Of course, any executable files inside may (and in this case) likely have a virus.

It's possible that there is an exploit in the format that allows for execution of code upon decompression. I believe there was a similar issue with an image format (jpeg?) on windows a year or two ago.

If one is really curious, just open it up in a virtualized instance of something like Ubuntu linux.

[ken0042]

I know a rar file is a sort of compressed file, like a zip. Some porn distributers use that format for some reason- or so I've heard.

And 7-zip will open it. I wouldn't; however.

[MelBridgeman]

Quote:

Originally Posted by Ford Prefect

I realize that, but since I have never seen this particular one before and I couldn't find it on snopes or other scam sites to verify that, I was curious to know if anyone at CP has seen it before. I take it by your response that you have, or are you just restating the obvious?

No I havent seen it, and i dont clarification on snopes or scam sites, and just because i have never seen an email before wont make me think it's legit...you get an email from someone you dont even know,stating something outrageous...hinting that maybe you should open the attachment ..is clue enough for me to think its a bunch of crap and its headed for the delete box.

[gottabekd]

Quote:

Originally Posted by llama64

It's possible that there is an exploit in the format that allows for execution of code upon decompression. I believe there was a similar issue with an image format (jpeg?) on windows a year or two ago.

I believe the issue with jpegs was IF someone was already infected with a worm that alters the way the operating system handles jpegs, then it is possible for a jpeg to "execute" malicious code.

Quote:

If one is really curious, just open it up in a virtualized instance of something like Ubuntu linux.

Great advice for anything fishy...Vmware Server is a great, free product. You can load up a guest OS, run some fishy attachment, whatever. If it is a virus, hit the "Revert" button to the previous state, before downloading the virus.