Believe or not FBI called me once in Canada. Most law enforcement will call first. Talk to someone then follow up with email. I always ask for a number that I can call them back that shows up as a legit number that is traced back to the proper law enforcement. Then I trace the headers in the email.
They are used to making sure they verify their ID to you, so you wont have any problems if you ask. [ https://www.wavedirect.net/ | ] [ https://www.facebook.com/ruralhighspeed ] [ https://www.instagram.com/wave.direct/ ] [ https://www.linkedin.com/company/wavedirect-telecommunication/ ] [ https://twitter.com/wavedirect1 ] [ https://www.youtube.com/user/WaveDirect ] STEVEN KENNEY DIRECTOR OF GLOBAL CONNECTIVITY & CONTINUITY A: 158 Erie St. N | Leamington ON E: st...@wavedirect.org | P: 519-737-9283 W: www.wavedirect.net From: "Bill Prince" <part15...@gmail.com> To: "af" <af@af.afmug.com> Sent: Friday, September 18, 2020 3:26:23 PM Subject: Re: [AFMUG] FBI Virus? I am doubtful that the FBI would contact you via email. Most likely they would send you a letter (assuming the USPS could deliver it). If they're actually serving you a subpoena, I would expect agents or some legal officer would issue it to you in person. I would file it in the same category as this voice mail I got yesterday: BQ_BEGIN Listen to this message carefully, this message is to inform you that SSA and legal enforcement agency is filing a legal warrant against your name and your Social Security number for fraudulent activities and arrest em has also been issued on your name for money laundering and the investigating team of our department is investigating you and your family to get more information about your arrest warrant in case File from United States government. You may press one for more information before we download your case into the courthouse. Thank you, press one now. BQ_END bp <part15sbs{at}gmail{dot}com> On 9/18/2020 11:49 AM, Nate Burke wrote: BQ_BEGIN I got this message to the INFO mailbox of a company we acquired a year ago. Everything about it says that it's spam, but the headers look legit. Although the 153.31.119.142 IP address does not exist in the ARIN whois. BGP.he.net says that it's part of a /17 assigned to the FBI. It has an attached PDF that I have not yet opened. (file name SBP634366-WOW125412.pdf) I can't imagine this is anything other than Spam/virus? Is it possible this is how the FBI Actually sends out things? What's the best way to open a suspect PDF File? _____________________ *** CHILD EXPLOITATION *** Good afternoon - please review the attached administrative subpoena and proceed accordingly - thank you and have a great weekend! AS Jennifer L. Isom FBI Chicago Violent Crimes Against Children 312-829-5835 --------------------------------------------- Email Headers: Received: from mx-east-ic.fbi.gov ([153.31.119.142]) Received: from unknown (HELO HQV2-UEMBX-401.fbi.gov) ([10.93.22.26]) by mx-east-ic.fbi.gov with ESMTP; 18 Sep 2020 14:21:58 -0400 Received: from hqv2-uembx-402.FBI.GOV (10.90.70.12) by hqv2-uembx-401.FBI.GOV (10.90.70.11) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Fri, 18 Sep 2020 14:21:57 -0400 Received: from USG02-CY1-obe.outbound.protection.office365.us (10.90.70.8) by hqv2-uembx-402.FBI.GOV (10.90.70.12) with Microsoft SMTP Server (TLS) id 15.0.1497.2 via Frontend Transport; Fri, 18 Sep 2020 14:21:57 -0400 ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=fbi.gov; dmarc=pass action=none header.from=fbi.gov; dkim=pass header.d=fbi.gov; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=dojfbi.onmicrosoft.com; s=selector1-dojfbi-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=vBv3/mLV7bc3i7PO8fotIxOyxMy562h5qqwbW3309QI=; b=UqGJLZtTRQr6f1KaIJq/IjMFFc5skaGN4rQQMHgHWUAe4pw963vIjTILv/cQHH1CToFXgXUu980qar5uXnG7TKH5fVRIoVuWxu4VhWEEXZ8ePAQMkWXYdfKuR2NGS3cC3hVoxL6iHi/kXd5CKwbXopVnfiPgDuOFB84Rof0LTHk= Received: from CY1P110MB0551.NAMP110.PROD.OUTLOOK.COM (2001:489a:200:404::14) by CY1P110MB0567.NAMP110.PROD.OUTLOOK.COM (2001:489a:200:404::18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3391.17; Fri, 18 Sep 2020 18:21:54 +0000 Received: from CY1P110MB0551.NAMP110.PROD.OUTLOOK.COM ([fe80::75b8:922a:1a45:32c0]) by CY1P110MB0551.NAMP110.PROD.OUTLOOK.COM ([fe80::75b8:922a:1a45:32c0%10]) with mapi id 15.20.3391.017; Fri, 18 Sep 2020 18:21:54 +0000 BQ_END -- AF mailing list AF@af.afmug.com http://af.afmug.com/mailman/listinfo/af_af.afmug.com
-- AF mailing list AF@af.afmug.com http://af.afmug.com/mailman/listinfo/af_af.afmug.com