In October 2007, scam emails purporting to be from the Federal Trade Commission began hitting inboxes.
The bogus messages claimed that a complaint has been filed against the recipient. The message urged the recipient to click a link or open an attachment to access more information about the complaint.
However, the messages do not originate from the FTC and clicking links or opening attachments can install a trojan on the victim’s computer.
The messages try to gain credibility by including the FTC logo. However, poor spelling and grammatical errors help to identify the messages as fraudulent.
The FTC has published a News Release warning email users about the scam. The News Release notes:
A bogus email is circulating that says it is from the Federal Trade Commission, referencing a “complaint” filed with the FTC against the email’s recipient. The email includes links and an attachment that download a virus. As with any suspicious email, the FTC warns recipients not to click on links within the email and not to open any attachments.
The spoof email includes a phony sender’s address, making it appear the email is from “email@example.com” and also spoofs the return-path and reply-to fields to hide the email’s true origin. While the email includes the FTC seal, it has grammatical errors, misspellings, and incorrect syntax. Recipients should forward the email to firstname.lastname@example.org and then delete it. Emails sent to that address are kept in the FTC’s spam database to assist with investigations.
Scam messages of this nature are designed to panic recipients into clicking links or opening attachments without due caution. If recipients believe that an unjustified complaint has been made against them, they are quite likely to follow the instructions in such messages in the hope that they can quickly resolve the issue.
Criminals have used this sort of social engineering tactic in the past to steal personal information from unwary recipients.
Earlier in 2007, bogus emails purporting to be from the IRS were also distributing trojans. Like this FTC scam, one version claimed that a serious complaint had been lodged against the recipient. Another version claimed that the person was under investigation by the IRS.
In 2005, emails purporting to be from the FBI or CIA claimed that the recipient had been logged visiting illegal websites and instructed him or her to open an attachment and answer a list of questions. In fact, the attachment contained a copy of the Sober worm.
Government departments are extremely unlikely to contact people via unsolicited emails. Internet users should be very cautious of any unsolicited emails claiming to be from a government entity such as the FTC or the IRS. Do not click on links in these messages or open attachments. Do not reply to such emails.
Dear [name removed] A complaint has been filled against you and the company you are affiliated to by Mr. George Hanson and sent to Federal Trade Comission by fax,in witch he’s claiming that he has been cheated by you and your company in paying a greater ammount of money than the one appearing on the invoice you gave him for using your services.
The complaint states he contacted your company on MON,22 OCT 2007, trying to solve this situation without interference from any Governmental Institution , but your company refused to take action.
On WED,24 OCT 2007, the complaint was sent by fax to Federal Trade Commission and we forwarded it to Internal Revenue Service and Better Business Bureau.
Complaint was filled against :
Name : [name removed]
Company : – [name removed]
If you feel that this message has been sent to you in error or if you have any questions regarding the next steps of this process, please download the original complaint by clicking the link below :
Please take knowledge of the complaint’s content and complete the form at the bottom of forward it to
Federal Trade Commission,Fraud Department