A fake email that purports to be from the US Federal Bureau of Investigation (FBI) is circulating on the internet with a computer virus as its payload.
In an announcement made this week, the FBI warned that the fake unsolicited email tells users that "their internet use has been monitored by the FBI's Internet Fraud Complaint Center and that they have accessed illegal websites."
The bogus message then asks recipients to click on an attachment and answer some questions about their alleged illegal internet use. But rather than being a questionnaire, the attachment contains a virus that infects the recipient's computer, according to the agency. It was not immediately clear what the virus does once it has infected a computer.
Paul Bresson, an FBI spokesman, says the agency discovered the fake email over the weekend after several recipients of the messages notified the FBI. Bresson said he didn't know exactly how many complaints were received.
The latest scam appears to be the first time a virus has been distributed through an email allegedly from the FBI, he says. A previous scheme involved emails that lured recipients to a fake Web site that looked like the FBI's official site, then asked recipients to enter their credit card number and personal information to determine if their card was one that recently had been stolen.
The latest message has multiple misspellings and is written in broken English, Bresson says. "The wording is very poor, which helps us," he says. "We're hoping that that flags people that this is not legitimate."
The message warns recipients that their internet use continues to be watched and that the alleged illegal activity should be halted. "If there will be anover [sic] attemption [sic] you will be busted," the message states.
Bresson did not know if any victims of the scam have provided their credit card numbers or other information.
The FBI said it never sends official unsolicited emails to citizens for any reason and that any messages purporting to be from the agency should be ignored. Recipients can also report them to the FBI's Internet Crime Complaint Centre.
Pete Lindstrom, a security analyst at Spire Security, said fake email messages will continue to be a problem until tighter standards for sending emails are adopted by senders and recipients. "The way we use email today, anyone can impersonate anyone else," he says.
To stop that, users need to consider using trust certificates for all mail, so recipients know that an incoming message is from a trusted sender.
"Folks are going to have to rethink how easy this is [to send and receive mail today], which made it very functional in the past," Lindstrom says, noting that the technical know-how to make mail more secure is already here.
"It becomes more of a question of willingness to do it," he says.