SparrowCrystal Sky Premium Member join:2002-12-03 Sachakhand 1 edit |
Sparrow
Premium Member
2014-Apr-18 9:07 pm
Email recipient claims scanned photos sent were infectedLast night, I sent three 9 year old scanned photos and one composite photo, created in Photoshop, during the same time period, to a person I met about a month ago, while looking at local real estate.
A few minutes ago, they called me and claimed I had "taken over" their computer with some sort of backdoor. They stated when they downloaded the files, it "crashed" their computer and they currently have no access to the computer. The files are small (112, 56, 61 and 41 KB) respectively.
I scanned all the files with KAV and then scanned with Virustotal.com and each one came up perfectly clean.
The person insists it was the photos I sent and stated he is going to have his computer/laptop(?) analyzed by the FBI at his place of employment on Monday and that I should be prepared for a full investigation. I said I would certainly like to know the results as well and said I will gladly submit the files in a password protected zip to whomever will be doing the analysis. They laughed and said, "They won't need the files. they will confiscate your computer."
Needless to add, I'm not only baffled, but a bit frightened at the prospect of having my Lenovo "confiscated". I know the files are clean, they must have gone through literally thousands of scans over the last nine years, on this and other laptops and PCs. Can 50 different scanners at Virustotal all be wrong?
By the way, I sent the original email through Outlook 2010 (my personal site's email address, which is a Microsoft website) to this person's .msn account.
I then forwarded the entire email to my Yahoo account before posting here, to see if it would go through, with the same results - clean.
Any thoughts from those who know me and others?
Leah |
|
BlackbirdBuilt for Speed Premium Member join:2005-01-14 Fort Wayne, IN
10 recommendations |
What file formats were the pictures mailed out as?
I'm not aware that the FBI can be so abruptly summoned to "analyze" a personal or office computer at the drop of a hat (Monday?) unless he's involved in some kind of LEA, 3-letter agency, or other similar profession, and his other comments seem equally off-the-wall and judgmental. As to what (or if) the FBI could or might do would depend on what was alleged and what they might initially find, but I would think they'd simply do a full dump of your drives if they ever did actually get involved. If the FBI got involved every time a computer owner had a computer crash or virus infection and blamed somebody else for it, they'd never be able to do anything else.
Personally, I believe this character's angry at his crash, blaming the first thing in sight, making wild accusations, and threatening all manner of Draconian action - whether real or wishful. |
|
GadgetsRmeRIP lilhurricane and CJ Premium Member join:2002-01-30 Canon City, CO
8 recommendations |
to Sparrow
Phtt!! Sounds like someone who needs someone to blame or the start of a shake down-"you need to pay for my computer repair". The FBI isn't going to check this persons computer unless it has something to do with national security or something like child porn. |
|
SparrowCrystal Sky Premium Member join:2002-12-03 Sachakhand 1 edit |
to Blackbird
.jpg
My thoughts precisely. Personally, I think he may not be very computer savvy and as Gadgets states above, looking for a shake-down for computer repairs as he actually DID state that "someone will pay for this", during the course of the conversation.
Let's wait to see what he comes up with. Very strange, indeed. |
|
SnowyLock him up!!! Premium Member join:2003-04-05 Kailua, HI
7 recommendations |
to Sparrow
said by Sparrow:... he is going to have his computer/laptop(?) analyzed by the FBI at his place of employment on Monday That is absolutely, positively, no way, going to happen. You have either connected with an unstable person or a scammer, take your pick but either way I would sever the connection immediately. If your personally identifiable information is known by this person I suggest you also file a police report about the empty threat of a Federal investigation. |
|
SparrowCrystal Sky Premium Member join:2002-12-03 Sachakhand
2 recommendations |
Sparrow
Premium Member
2014-Apr-18 10:12 pm
I was thinking about filing a police report, but thought that may be a bit paranoid on my part, until you solidified that idea with your post. He does indeed have a great deal of personal information about me, since I was going to do a real estate deal with him, but then decided against in the end. |
|
John Galt6Forward, March Premium Member join:2004-09-30 Happy Camp
2 recommendations |
said by Sparrow:I was thinking about filing a police report... Sounds like this person is making threats. A trip to the PD and a discussion with the detectives would be appropriate...just so they are informed of the issue. |
|
3 recommendations |
to Sparrow
So he's going the long game and not asking,yet , for payment for damages? Google terms you remember of your interactions with the subject and see if anything fits the standard scammers pattern of collection of data on a victim and then BAM! » www.fbi.gov/scams-safety/e-scams mid page 02/21/12 payday loan version scam. The IC3 has observed variations of this scam in which the caller tells the victim that there are outstanding warrants for the victims arrest. The caller claims that the basis of the warrants is non-payment of the underlying loan and/or hacking. If its the latter, the caller tells the victim that he or she is wanted for hacking into a business computer system to steal customer information. The caller will then demand payment via debit/credit card; in other cases, the caller further instructs victims to obtain a prepaid card to cover the payment. |
|
|
PrntRhd Premium Member join:2004-11-03 Fairfield, CA 3 edits
2 recommendations |
to Sparrow
I agree with most of the others, no way will the FBI or DHS Secret Service be involved. Empty threats but threats nonetheless.
I suggest you find someone with access to a lawyers return envelope. Have someone type a letter expressing the thought that you will be forced to file a Cease and Desist action if the false accusations don't stop immediately. Put the letter in the envelope and mail it. It makes it look like you retained a lawyer and are ready to get money and a pound of flesh from him in a civil action. He will only persist if he is crazy, in which case you then place a lawyer on retainer. Civil cases don't require proof beyond reasonable doubt, only probability. The guys recklessness works against him in civil actions. |
|
dib22 join:2002-01-27 Kansas City, MO
2 recommendations |
to Sparrow
Don't know you, but the fact that you already tested by re-sending to another address, and showed no infection shows you are acting in good faith. Might want to make a new account (gmail, yahoo, whatever) and re-send again so that you can hand over the credentials to the new account if proof is ever needed.
It sounds like you are dealing with either a scammer or a blame shifter. |
|
2 recommendations |
to John Galt6
said by John Galt6:Sounds like this person is making threats. A trip to the PD and a discussion with the detectives would be appropriate... I wouldn't go that route. He says he's going to have a forensic expert, FBI or otherwise examine his computer. As far as a "threat" aspect is concerned, I think this person would have to communicate an intent to engage in an unlawful action, such as an assault. However, if this guy lets his mouth run a little too much, the words "slander" and/or "libel" come to mind. Of course, to proceed, there would have to be damage to reputation. At this point, I would simply preserve the evidence, namely, the sent email. |
|
4 recommendations |
to Sparrow
said by Sparrow:He does indeed have a great deal of personal information about me, since I was going to do a real estate deal with him, but then decided against in the end. 1) All his threats sound like a huge pile of shit. 1a) Some years back, I knew of a lawyer in a major city who was the victim of identity theft. The Secret Service said they did not bother with cases in which damages were under 25,000. No one has the resources for such little crap. 1b) Yeah, let him call the feds and get laughed at or worse. But write down all these major points in an orderly, concise fashion so you can tell anyone who ends up asking you. 2) Sounds like you are lucky that the real estate deal fell through. 3) I bet this whole thing happened because of that. He's seeking revenge or remuneration. 4) I [would] contact the 3 major credit agencies (Experian, Equifax, TransUnion) and have them put credit freezes on you. Or you can sign up with Lifelock---they are not perfect, but will do all that and more to safeguard your credit. 5) Might want to alert your bankers.... This guy may well want some money or revenge on you, but the FBI stuff is silly. He's been watching too many TV shows. |
|
DownTheShorePray for Ukraine Premium Member join:2003-12-02 Beautiful NJ
4 recommendations |
to Sparrow
Did you send the photos at your own instigation, or did the other person request them? If they asked for them, then they may have been setting up a scam.
It is also possible they are nuts.
Preserve your evidence. No way the FBI is going to get involved with a crashed computer. If you've got caller ID, let any calls from them go to voice mail, and if you have the capability of downloading and saving them, do so. If they keep calling, I'd file a harassment report with the police just for additional protective documentation. |
|
dib22 join:2002-01-27 Kansas City, MO
1 recommendation |
to PX Eliezer1
said by PX Eliezer1:4) I [would] contact the 3 major credit agencies (Experian, Equifax, TransUnion) and have them put credit freezes on you. Or you can sign up with Lifelock---they are not perfect, but will do all that and more to safeguard your credit. or at the very least a fraud alert. » www.equifax.com/answers/ ··· ts/en_cp» www.transunion.com/perso ··· rts.page» www.experian.com/fraud/c ··· ter.html(I listed all three so you can have information to read, but once you set the fraud alert flag at one, it automatically carries over to the other two agencies). If you are currently or in the near future going to be doing a big credit purchase like a house or car be aware that a freeze will lock down the reports for everyone, and you will have to contact the agency you froze it with to have them lift it (credit thaw) for each company that needs to access your CR. ...also he most likely already has a copy of your CR if you were indeed getting to the financing section of the deal. |
|
vaxvmsferroequine fan Premium Member join:2005-03-01 Polar Park
2 recommendations |
to Sparrow
said by Sparrow:The person insists it was the photos I sent and stated he is going to have his computer/laptop(?) analyzed by the FBI at his place of employment on Monday and that I should be prepared for a full investigation. I said I would certainly like to know the results as well and said I will gladly submit the files in a password protected zip to whomever will be doing the analysis. They laughed and said, "They won't need the files. they will confiscate your computer." They forgot to mention when the FBI comes to confiscate the computer it'll happen at 3 AM by a SWAT team of 12 people armed with machine guns and tazers and bomb sniffing dogs. Maybe a tank and helicopter for extra protection. puh-leeze |
|
3 recommendations |
to Sparrow
There's an old saying... having a lawyer can cost you a lot... not having a lawyer can cost you everything. I don't know what jurisdiction you live in (US I presume from references to "FBI"). If you don't have a lawyer, check with your local law society or whatever it's called, and ask for a lawyer for a preliminary consultation, and possibly writing an initial letter. I don't know whether the other person is nuts, or ignorant, or a scammer. A lawyer should know the ins and outs of protecting you. If he recommends filing a police report or whatever, do so. |
|
SparrowCrystal Sky Premium Member join:2002-12-03 Sachakhand
2 recommendations |
to DownTheShore
I sent the photos without being asked. The reason I contacted him was he failed to cash a small check that had been sent at the end of March after I decided not to do business with him. (Frankly, I ended the deal because something did not feel right and I politely told him I was "uncomfortable" with some aspects of the deal.) I wasn't sure if he hadn't received it or was simply holding it. In any case, I wanted my books to balance. He then wrote back stating he would deposit the check over the weekend and because we had some background in common, he added, "We must get together for tea one day." As a person, I liked him and would not have minded getting together with him and his family on a personal, but not business level. Thus, I sent the four old photos that I thought would be of interest to him. Believe it or not, it's our spiritual background that we hold in common and having recently moved to another state, would not mind new friends in that part of my life. I have complete records of all phone calls and duration - one of the advantages of using a VoIP service. When he called, I was glad to see his name on the Caller ID and picked up quickly. The conversation went to the effect of, "Hi, how are you?" His response, "You know how I am." My response was a puzzled, "Huh?" Then he said, "Your photos have taken over my computer." At first blush, I thought this was his way of saying he really liked them, akin to being "blown away" by something. (By the way, these are serious photos - nothing amiss.) When I realized he sounded angry, I asked him what he meant and then he went on saying that I hacked his computer and was trying to get HIS personal information and finances! Needless to add, I was dumbfounded and tried to calmly reassure him I had done no such thing. While I was on the phone with him, I scanned the four .jpg files with KAV and scanned the original email, all of which came up clean and told him that. Then he started laughing and going into the riff about the FBI. I told him to go ahead, I had nothing to hide and offered to give the files to the FBI. Then he went on and on about I knew "exactly what was wrong", and that I would "be held liable for any damages to his computer". Baffled, we ended the conversation and after an hour of scratching my head about the event, came to the only place I feel comfortable putting a situation like this out there - BBR. I want to thank everyone who has chimed in with their opinions, questions and suggestions. As always, it helps to put the situation in perspective, although, admittedly, my heart is still pounding. I am going to go to the local police today, just to ease my own mind and file a report, in the event he moves forward with some frivolous claim against me. Not going to bother with an attorney at this point, but having a police report is a good start. They have to take a report even if they feel it is not viable. I like Vaxvms response! Thanks for the early morning chuckle. |
|
MangoUse DMZ and you get a kick in the dick. Premium Member join:2008-12-25 www.toao.net
1 recommendation |
Mango
Premium Member
2014-Apr-19 9:55 am
said by Sparrow:Frankly, I ended the deal because something did not feel right It sounds like this was a very good decision! |
|
nonymous (banned) join:2003-09-08 Glendale, AZ
1 recommendation |
to Walter Dnes
said by Walter Dnes:There's an old saying... having a lawyer can cost you a lot... not having a lawyer can cost you everything. I don't know what jurisdiction you live in (US I presume from references to "FBI"). If you don't have a lawyer, check with your local law society or whatever it's called, and ask for a lawyer for a preliminary consultation, and possibly writing an initial letter. I don't know whether the other person is nuts, or ignorant, or a scammer. A lawyer should know the ins and outs of protecting you. If he recommends filing a police report or whatever, do so. Sure spend money on a lawyer, why? |
|
SparrowCrystal Sky Premium Member join:2002-12-03 Sachakhand 1 edit
1 recommendation |
Sparrow
Premium Member
2014-Apr-19 11:06 am
Quick update: Spent the last hour at the local PD and although they "understand the situation", feel that filing a report is not warranted at this time.
Spoke with three different officers and they all recommend not responding to any calls or emails and wait for his next move. All calls should go to voice mail, emails ignored, (but of course kept) and if he starts demanding money, then I have a reason to report.
As others here have recommended, I should call all banks, social security, etc... to notify them of possible red flag activity.
An attorney should be avoided, since that may further incite him and "...spend money on a lawyer, why?" is correct.
As it stands, HE is the one who should be filing a report or seeking a court action, not me. So, we shall wait and see. Not much else to do at this point.
Thanks again.
Edit to add: Is it possible Heartbleed could be the cause of his problems? Was going to mention it to him when he called, but felt he should discover that through his sources, since he was so adamant in his accusation against me. |
|
1 edit
1 recommendation |
to Sparrow
Sounds to me like this guy has been hitting the peyote pretty hard. |
|
mackey Premium Member join:2007-08-20
2 recommendations |
to Sparrow
said by Sparrow:Edit to add: Is it possible Heartbleed could be the cause of his problems? Nope, not possible. |
|
1 recommendation |
to Sparrow
FBI? Hahaha.. FBI wont do anything. He's just pissed or trying to scam you some how. They wont confiscate anything anyway unless its used in a crime....
Tell them its highly doubtful the virus came from you and leave it at that.
|
|
2 recommendations |
to Sparrow
Sounds like the local police gave good advice, and in a worst case scenario at least you are the one who talked to them first.
-----
A giant PITA but thank heavens that you did not go into business with the fellow. |
|
EGeezer Premium Member join:2002-08-04 Midwest
3 recommendations |
to Sparrow
Having worked with federal LEOs, I can safely say that the FBI isn't going to be trotting out to his house with an EnCase forensic toolkit and analyst to make a forensic copy or run an analysis his PC. Feds don't get involved unless it's a federal issue like child porn or if proven financial losses are over $25,000. The official threshold is $10,000 but they usually set $25,000 to be sure the federal prosecution requirements are met.
The police's recommendation are solid. Keep voicemails, emails etc. and file a report if there is any threatening or demands for money.
Yes, request a fraud alert.
Change passwords, ensure your own system and network is protected. Change your wireless key if you have one. (I know, far fetched, but easy and cheap to do).
The other party sounds to me like a crackpot, scammer or worse. If he threatens violence, present the evidence to cops and court and request a protection order. At any rate, keep evidence and logs of all contact you've had and will have in the future.
edit - Heartbleed is a server-side exploit, exploiting a vulnerability that steals credentials from the traffic going to and from the server. It doesn't infect client PCs. |
|
SparrowCrystal Sky Premium Member join:2002-12-03 Sachakhand |
Sparrow
Premium Member
2014-Apr-19 2:46 pm
Spent the last several hours freezing whatever needed to be frozen, changing what needed to be changed, running all scans (including all networks) in paranoid mode and making sure I'm "battle ready." Hoping he realizes he made a mistake and returns with an apology. Doesn't appear to be the violent type, but not underestimating his intelligence or ability to create a problem. He's nobody's fool and a sly business operator, which is why I opted out rather quickly in the beginning. My weakness has always been gravitating toward "interesting" people... Wasn't sure about Heartbleed, but thanks to you and mackey for the verification. |
|
EGeezer Premium Member join:2002-08-04 Midwest
1 recommendation |
EGeezer
Premium Member
2014-Apr-19 8:47 pm
Re:heartbleed,One would hope that any banks, websites etc with which you have online accounts would notify you if their servers had been compromised, but that's just a hope.
I did receive an email from Logmein that their servers had been vulnerable. However, I had deleted my systems from their site after they went to 'pay only' service, but changed my Logmein password anyway. I guess I have to contact Logmein to delete my whole account... |
|
ashrc4 Premium Member join:2009-02-06 australia |
to Sparrow
Re: Email recipient claims scanned photos sent were infectedLet's cut to the chase.....Cease all contact with person. He threatened with good intentsion to involve authorities yet did not and has not found away yet to apologise. That would make him interesting to have a report done by at least the FBI. I would take their advise from there. |
|
3 recommendations |
to Sparrow
You're in trouble now Sparrow. That guy paid the FBI investigation fee via UKASH, just like his computer monitor told him to.They'll be coming for your computer any time now.
/end sarcasm |
|
2 recommendations |
to Sparrow
It sounds a bit like an experience I had with a friend who (until this incident) I didn't know was (evidently) subject to bouts of paranoia (this retrospectively explained a lot of the problems she had recounted about difficulties she'd had in relationships and jobs).
She was running an art gallery and emailed me an invoice for a painting. I called her back thinking she must have mixed up email addresses, and after making it clear it wasn't a mistake, she acted as if I must know why she had sent me the invoice. Eventually it came out that I had been on the telephone with her when (purportedly) someone had come into the gallery and stolen it. I was responsible because I was distracting her by talking to her on the phone, in spite of the fact that she had called me (go figure).
Who knows whether this fellow's computer has actually been "taken over" by anything or anyone. Paranoids easily imagine things like this. Or perhaps there is a virus or something.
Some sort of paranoia seems likely to me, since no normal person would jump to the conclusion that photos someone had sent were the cause of any computer problems they are having. But it is just my intuition.
Whether your acquaintance is mentally ill or not, I agree with what has been said that no law enforcement personnel would take him seriously, so you can probably just avoid dealing with him. Freeze your credit record if it makes you feel better, but someone who is strange enough to make such a paranoid sounding accusation is probably quite unlikely to be a perpetrator of identify fraud. |
|