So I Got An Email From Waldorf Frommer Today
-
The easiest way of checking is to open the Properties | Details from the rightclick pulldown. If you read through that, you should be able to spot email addresses that tell you where it has come from. If they have funny country codes, then delete it immediately. I have had a couple of emails recently purporting to come from the UK Tax department saying I have a tax refund, "Please Click Here". When you look at the property details, they were both from Brazil.
Fact is often stranger than fiction, though. I'm in NL, but to renew my UK passport, I had to send it to France.
I wanna be a eunuchs developer! Pass me a bread knife!
-
I haven't a clue what to do with it. I did a search, of course, and this outfit is famous for pursuing copyright infringement cases against people who use BitTorrent. I don't. The odd part is that they claim to have found content owned by me on a commercial website, and want to prepare a case against the thief. I've never heard of that happening before; has anyone else received this odd notice? Should I risk opening the two PDF files they attached? Weird... Will Rogers never met me.
-
I would stand with my esteemed colleagues in that I would advise contacting the firm to check on the email's authenticity. Moreover, every reputable law firm that I have ever had contact with would send that type of message via the post or in-person and not with an email.
if (Object.DividedByZero == true) { Universe.Implode(); } Meus ratio ex fortis machina. Simplicitatis de formae ac munus. -Foothill, 2016
Agreed. Lawyers don't seem to trust email.
We're philosophical about power outages here. A.C. come, A.C. go.
-
You could check the PDFs with VirusTotal - Free Online Virus, Malware and URL Scanner[^] It scans with something like 56 different virus scanners. If you find they're clean you can _probably_ safely open them. Good luck.
Or more likely the link will take you to a download site that installs nastyware on your pc.
We're philosophical about power outages here. A.C. come, A.C. go.
-
I just got one from the Australian Taxation Office, very well laid out with all the bells and whistles you would expect from a major govt department. Oh and no spelling mistakes and the grammar is better than mine. They want me to open a fax attachment, doh!
Never underestimate the power of human stupidity RAH
That's probably the only copy of your data they've got left! :laugh: HPE storage crash killed ATO online services - Hardware - iTnews[^]
"These people looked deep within my soul and assigned me a number based on the order in which I joined." - Homer
-
The easiest way of checking is to open the Properties | Details from the rightclick pulldown. If you read through that, you should be able to spot email addresses that tell you where it has come from. If they have funny country codes, then delete it immediately. I have had a couple of emails recently purporting to come from the UK Tax department saying I have a tax refund, "Please Click Here". When you look at the property details, they were both from Brazil.
Anything in the
Received:header beyond the servers that you trust could easily be a lie. Each server in the chain adds its own line to the header to say which server it received the message from, but it has no way to verify that the existing header value is correct. Unless the sender's domain has SPF or DKIM set up, it's virtually impossible to know whether or not the message actually came from who it says it came from.
"These people looked deep within my soul and assigned me a number based on the order in which I joined." - Homer
-
Anything in the
Received:header beyond the servers that you trust could easily be a lie. Each server in the chain adds its own line to the header to say which server it received the message from, but it has no way to verify that the existing header value is correct. Unless the sender's domain has SPF or DKIM set up, it's virtually impossible to know whether or not the message actually came from who it says it came from.
"These people looked deep within my soul and assigned me a number based on the order in which I joined." - Homer
-
The easiest way of checking is to open the Properties | Details from the rightclick pulldown. If you read through that, you should be able to spot email addresses that tell you where it has come from. If they have funny country codes, then delete it immediately. I have had a couple of emails recently purporting to come from the UK Tax department saying I have a tax refund, "Please Click Here". When you look at the property details, they were both from Brazil.
If it's a spoof, it's remarkably well done: Return-Path: frank.metzler@waldorf-frommer.de Delivered-To: xxxxx@yyyyyyyy.dom Received: from mxout44.expurgate.net (mxout44.expurgate.net [194.37.255.44]) by ROSE.arvixe.com with ESMTP ; Wed, 14 Dec 2016 07:12:08 -0600 Received: from [127.0.0.1] (helo=localhost) by relay.expurgate.net with smtp (Exim 4.80.1) (envelope-from ) id 1cH9Nd-0007hW-Ta; Wed, 14 Dec 2016 14:13:58 +0100 Received: from [213.61.181.19] (helo=MAILSRV02.waldorf.local) by relay.expurgate.net with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:128) (Exim 4.80.1) (envelope-from ) id 1cH9Nc-00020p-FF; Wed, 14 Dec 2016 14:13:57 +0100 Received: from MAILSRV02.waldorf.local ([fe80::99f1:adb2:aa02:644b]) by MAILSRV02.waldorf.local ([fe80::99f1:adb2:aa02:644b%11]) with mapi; Wed, 14 Dec 2016 14:13:54 +0100 From: Frank Metzler To: "'xxxxx@yyyyyyyy.dom'" CC: "'barry.mcgrath@gettyimages.com'" Date: Wed, 14 Dec 2016 14:13:53 +0100 Subject: Confirmation of rightholdership (reference number: 01043/2016) Thread-Topic: Confirmation of rightholdership (reference number: 01043/2016) Thread-Index: AdJWCT1Ivv27TzfBSjyMa+lrn1K5/g== Message-ID: Accept-Language: de-DE Content-Language: de-DE X-MS-Has-Attach: yes X-MS-TNEF-Correlator: acceptlanguage: de-DE Content-Type: multipart/mixed; boundary="_005_DA044CD2DA4C5B438149765BD67E0C9C010FF9AE0BBCMAILSRV02wa_" MIME-Version: 1.0 X-purgate-relay-fid: relay-1fca43 X-purgate-sourceid: 1cH9Nc-00020p-FF X-purgate-Ad: Checked for spam and viruses by eXpurgate(R), see www.eleven.de for details. X-purgate-ID: 151534::1481721237-00000715-AA3711FC/0/0 X-purgate: clean X-purgate-type: clean X-purgate-relay-bid: relay-5443cb Note that they even thoughtfully checked the message for spam. :-D I wish I had a spare PC lying around that I could open the attachments on, then wipe and start over if it turns out to be malicious! Will Rogers never met me.
-
I haven't a clue what to do with it. I did a search, of course, and this outfit is famous for pursuing copyright infringement cases against people who use BitTorrent. I don't. The odd part is that they claim to have found content owned by me on a commercial website, and want to prepare a case against the thief. I've never heard of that happening before; has anyone else received this odd notice? Should I risk opening the two PDF files they attached? Weird... Will Rogers never met me.
Look, give me $10,000 and I will gladly look into this and make it go away. Trust me, I am a Prince! :-)
-
Look, give me $10,000 and I will gladly look into this and make it go away. Trust me, I am a Prince! :-)
:laugh: :laugh: Will Rogers never met me.
-
Or more likely the link will take you to a download site that installs nastyware on your pc.
We're philosophical about power outages here. A.C. come, A.C. go.
Herbie Mountjoy wrote:
Or more likely the link will take you to a download site that installs nastyware on your pc.
That's the nice thing about VirusTotal.com too: you can scan URLs before visiting them to determine if they contain malware. It's quite nice.
-
I haven't a clue what to do with it. I did a search, of course, and this outfit is famous for pursuing copyright infringement cases against people who use BitTorrent. I don't. The odd part is that they claim to have found content owned by me on a commercial website, and want to prepare a case against the thief. I've never heard of that happening before; has anyone else received this odd notice? Should I risk opening the two PDF files they attached? Weird... Will Rogers never met me.
From a legal POV, you can't be "served" via email. And everyone's "out there"; unless you take explicit steps, every time you create an MS Office document, your profile is all over it. If I can be bothered, I save questionable attachments to disk and take a hex editor to them; then a virus scan; then a virtual machine ...
-
If it's a spoof, it's remarkably well done: Return-Path: frank.metzler@waldorf-frommer.de Delivered-To: xxxxx@yyyyyyyy.dom Received: from mxout44.expurgate.net (mxout44.expurgate.net [194.37.255.44]) by ROSE.arvixe.com with ESMTP ; Wed, 14 Dec 2016 07:12:08 -0600 Received: from [127.0.0.1] (helo=localhost) by relay.expurgate.net with smtp (Exim 4.80.1) (envelope-from ) id 1cH9Nd-0007hW-Ta; Wed, 14 Dec 2016 14:13:58 +0100 Received: from [213.61.181.19] (helo=MAILSRV02.waldorf.local) by relay.expurgate.net with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:128) (Exim 4.80.1) (envelope-from ) id 1cH9Nc-00020p-FF; Wed, 14 Dec 2016 14:13:57 +0100 Received: from MAILSRV02.waldorf.local ([fe80::99f1:adb2:aa02:644b]) by MAILSRV02.waldorf.local ([fe80::99f1:adb2:aa02:644b%11]) with mapi; Wed, 14 Dec 2016 14:13:54 +0100 From: Frank Metzler To: "'xxxxx@yyyyyyyy.dom'" CC: "'barry.mcgrath@gettyimages.com'" Date: Wed, 14 Dec 2016 14:13:53 +0100 Subject: Confirmation of rightholdership (reference number: 01043/2016) Thread-Topic: Confirmation of rightholdership (reference number: 01043/2016) Thread-Index: AdJWCT1Ivv27TzfBSjyMa+lrn1K5/g== Message-ID: Accept-Language: de-DE Content-Language: de-DE X-MS-Has-Attach: yes X-MS-TNEF-Correlator: acceptlanguage: de-DE Content-Type: multipart/mixed; boundary="_005_DA044CD2DA4C5B438149765BD67E0C9C010FF9AE0BBCMAILSRV02wa_" MIME-Version: 1.0 X-purgate-relay-fid: relay-1fca43 X-purgate-sourceid: 1cH9Nc-00020p-FF X-purgate-Ad: Checked for spam and viruses by eXpurgate(R), see www.eleven.de for details. X-purgate-ID: 151534::1481721237-00000715-AA3711FC/0/0 X-purgate: clean X-purgate-type: clean X-purgate-relay-bid: relay-5443cb Note that they even thoughtfully checked the message for spam. :-D I wish I had a spare PC lying around that I could open the attachments on, then wipe and start over if it turns out to be malicious! Will Rogers never met me.
The email looks legit but I wouldn't trust it. Like others said, they would contact you via written letter. And, unless you have ever implemented a project under your own name, they would contact the company and not the worker (you) as the company is also more likely to have money to spare than any worker. I don't have a spare PC either but when I am really curious about something like that, I turn off my laptop, physically remove the hard drive and any writable medium (like SD cards), hook an external DVD drive and boot a linux OS I know works flawlessly on my laptop on a non-rewritable CD. When I am done, I turn off the laptop and, before the first boot, re-flash the BIOS with a backup copy (there are some nasty BIOS infecting things crawling around). Then, one last turn off to reassemble the hard drive. Never use a virtual machine as some software can detect the virtual environment and move out of virtualization. Call me overzealous but better safe than you know what :)
-
If it's a spoof, it's remarkably well done: Return-Path: frank.metzler@waldorf-frommer.de Delivered-To: xxxxx@yyyyyyyy.dom Received: from mxout44.expurgate.net (mxout44.expurgate.net [194.37.255.44]) by ROSE.arvixe.com with ESMTP ; Wed, 14 Dec 2016 07:12:08 -0600 Received: from [127.0.0.1] (helo=localhost) by relay.expurgate.net with smtp (Exim 4.80.1) (envelope-from ) id 1cH9Nd-0007hW-Ta; Wed, 14 Dec 2016 14:13:58 +0100 Received: from [213.61.181.19] (helo=MAILSRV02.waldorf.local) by relay.expurgate.net with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:128) (Exim 4.80.1) (envelope-from ) id 1cH9Nc-00020p-FF; Wed, 14 Dec 2016 14:13:57 +0100 Received: from MAILSRV02.waldorf.local ([fe80::99f1:adb2:aa02:644b]) by MAILSRV02.waldorf.local ([fe80::99f1:adb2:aa02:644b%11]) with mapi; Wed, 14 Dec 2016 14:13:54 +0100 From: Frank Metzler To: "'xxxxx@yyyyyyyy.dom'" CC: "'barry.mcgrath@gettyimages.com'" Date: Wed, 14 Dec 2016 14:13:53 +0100 Subject: Confirmation of rightholdership (reference number: 01043/2016) Thread-Topic: Confirmation of rightholdership (reference number: 01043/2016) Thread-Index: AdJWCT1Ivv27TzfBSjyMa+lrn1K5/g== Message-ID: Accept-Language: de-DE Content-Language: de-DE X-MS-Has-Attach: yes X-MS-TNEF-Correlator: acceptlanguage: de-DE Content-Type: multipart/mixed; boundary="_005_DA044CD2DA4C5B438149765BD67E0C9C010FF9AE0BBCMAILSRV02wa_" MIME-Version: 1.0 X-purgate-relay-fid: relay-1fca43 X-purgate-sourceid: 1cH9Nc-00020p-FF X-purgate-Ad: Checked for spam and viruses by eXpurgate(R), see www.eleven.de for details. X-purgate-ID: 151534::1481721237-00000715-AA3711FC/0/0 X-purgate: clean X-purgate-type: clean X-purgate-relay-bid: relay-5443cb Note that they even thoughtfully checked the message for spam. :-D I wish I had a spare PC lying around that I could open the attachments on, then wipe and start over if it turns out to be malicious! Will Rogers never met me.
You could boot a LiveCD or a USB drive with your favorite flavor of Linux or such.
-
I haven't a clue what to do with it. I did a search, of course, and this outfit is famous for pursuing copyright infringement cases against people who use BitTorrent. I don't. The odd part is that they claim to have found content owned by me on a commercial website, and want to prepare a case against the thief. I've never heard of that happening before; has anyone else received this odd notice? Should I risk opening the two PDF files they attached? Weird... Will Rogers never met me.
-
Fact is often stranger than fiction, though. I'm in NL, but to renew my UK passport, I had to send it to France.
I wanna be a eunuchs developer! Pass me a bread knife!
Mark_Wallace wrote:
I'm in NL, but to renew my UK passport, I had to send it to France.
Not exactly that, but I feel your pain :sigh: :sigh: :sigh: :sigh: burocracy :doh: :doh: :doh: :doh: :doh:
M.D.V. ;) If something has a solution... Why do we have to worry about?. If it has no solution... For what reason do we have to worry about? Help me to understand what I'm saying, and I'll explain it better to you Rating helpful answers is nice, but saying thanks can be even nicer.
-
If it's a spoof, it's remarkably well done: Return-Path: frank.metzler@waldorf-frommer.de Delivered-To: xxxxx@yyyyyyyy.dom Received: from mxout44.expurgate.net (mxout44.expurgate.net [194.37.255.44]) by ROSE.arvixe.com with ESMTP ; Wed, 14 Dec 2016 07:12:08 -0600 Received: from [127.0.0.1] (helo=localhost) by relay.expurgate.net with smtp (Exim 4.80.1) (envelope-from ) id 1cH9Nd-0007hW-Ta; Wed, 14 Dec 2016 14:13:58 +0100 Received: from [213.61.181.19] (helo=MAILSRV02.waldorf.local) by relay.expurgate.net with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:128) (Exim 4.80.1) (envelope-from ) id 1cH9Nc-00020p-FF; Wed, 14 Dec 2016 14:13:57 +0100 Received: from MAILSRV02.waldorf.local ([fe80::99f1:adb2:aa02:644b]) by MAILSRV02.waldorf.local ([fe80::99f1:adb2:aa02:644b%11]) with mapi; Wed, 14 Dec 2016 14:13:54 +0100 From: Frank Metzler To: "'xxxxx@yyyyyyyy.dom'" CC: "'barry.mcgrath@gettyimages.com'" Date: Wed, 14 Dec 2016 14:13:53 +0100 Subject: Confirmation of rightholdership (reference number: 01043/2016) Thread-Topic: Confirmation of rightholdership (reference number: 01043/2016) Thread-Index: AdJWCT1Ivv27TzfBSjyMa+lrn1K5/g== Message-ID: Accept-Language: de-DE Content-Language: de-DE X-MS-Has-Attach: yes X-MS-TNEF-Correlator: acceptlanguage: de-DE Content-Type: multipart/mixed; boundary="_005_DA044CD2DA4C5B438149765BD67E0C9C010FF9AE0BBCMAILSRV02wa_" MIME-Version: 1.0 X-purgate-relay-fid: relay-1fca43 X-purgate-sourceid: 1cH9Nc-00020p-FF X-purgate-Ad: Checked for spam and viruses by eXpurgate(R), see www.eleven.de for details. X-purgate-ID: 151534::1481721237-00000715-AA3711FC/0/0 X-purgate: clean X-purgate-type: clean X-purgate-relay-bid: relay-5443cb Note that they even thoughtfully checked the message for spam. :-D I wish I had a spare PC lying around that I could open the attachments on, then wipe and start over if it turns out to be malicious! Will Rogers never met me.
Roger Wright wrote:
I wish I had a spare PC lying around that I could open the attachments on, then wipe and start over if it turns out to be malicious!
VM-Ware is a good option for that.
M.D.V. ;) If something has a solution... Why do we have to worry about?. If it has no solution... For what reason do we have to worry about? Help me to understand what I'm saying, and I'll explain it better to you Rating helpful answers is nice, but saying thanks can be even nicer.
