Every time I read about a scam that’s catching the public imagination, I’m always intrigued to actually receive a copy of the message so I can see for myself how believable it is. Currently the big scam is that there’s a virus being sent purporting to be from the Federal Bureau of Investigation accusing the recipient of visiting illegal Web sites. If you haven’t received the message yet, here’s what it says…
To give these virus writers some modicum of credit, at least they do appear to have identified the correct street address for the FBI, but that’s easily found by visiting the FBI Web site anyway. The phone number is valid too. In fact, call it and you might be lucky enough to know how busy the Feds really are: “Hello, you’ve reached FBI headquarters, but all of our lines are currently busy.”
What doesn’t make sense to me is why people are so gullible. If the FBI did in fact identify that you’d visited illegal Web sites and were sending you an attached ZIP file entitled “text-indictment_cit1246.zip” (at least, mine was), then wouldn’t they figure out if you’re a Sir or Madam before sending out the message? Further, let’s get real. This is the Feds. Do you think that they’re going to email you a questionnaire if they have even the slightest hint of illegal activity? I think a firm knock on your door is much more likely!
But let’s say that you are paranoid, guilty, and afraid that you have somehow violated the law and visited illegal Web sites. Why would you then click on a ZIP archive? If it were a “.doc” Word file, maybe, but a ZIP file?
If you do unpack the ZIP archive, you’ll find that there’s a file inside called “doc_data-text.txt.pif” which leads to another question: is there ever a legitimate reason to receive a .pif file? In case you’re curious, the answer, as far as I can tell, is “no”. The PIF extension denotes a Windows Program Information File and even neutral third-party sites describe the format as “Program Information File dates back to the early versions of Windows. Basically, it’s an information file that when you click on it the information in the file is used by Windows to run some program; including code that can be in the PIF file. It is a potentially dangerous file type and one should never click on one received via E-mail without extensive knowledge of exactly what it will do first. Note: This file type can become infected and should be carefully scanned if someone sends you a file with this extension.” (source).
I usually don’t believe that it’s the responsibility of the user to avoid spams and scams — I’d like to see the system solve these problems, the network infrastructure companies and the end-product providers (like Microsoft) — but in situations like this, the raw stupidity of people who believe that the FBI is sending them a legitimate questionnaire, well, it’s just astonishing. A little bit of user education would go a long way to making this sort of scam a footnote, not a news story.