Randolf Richardson (Zhang Wen Dao)

Inter-Corporate Computer & Network Services, Inc.

SearchBin.CA - Proudly Canadian

Electronic Frontier Foundation Blue Ribbon Campaign

Official definition of atheism (and atheist)

Academia.edu profile for Randolf Richardson

YouTube channel for Randolf Richardson

Google+ profile for Randolf Richardson

Facebook profile for Randolf Richardson

LinkedIn profile for Randolf Richardson

SETI @home profile for Randolf Richardson

Friday, July 21st, 2017 Profile|Contact|Canada
Home | Profile | Freedom | Philosophy | Technology | Other topics | Links & Resources
 
Navigation...
Home page
Technology
False court appearance notices with malicious software attachments
 
Highlights...
Richmond Signage challenge

Freedom - Canadian Charter of Rights and Freedoms

Educational resources

False court appearance notices with malicious software attachments disguised as .zip or .pdf files (or other types of documents)
Tuesday, August 18th, 2015 by Randolf Richardson

Recently I've noticed an increase in spam (a.k.a., junk eMail) that falsely claims to be a court appearance notice. The details tend to be somewhat vague, and there is always a file attachment (usually a .zip or .pdf file) that contains malicious software. Here's an example of one such notice I just received today:

From:  "County Court" 
Subject:  Notice of appearance in Court #0000988198

Notice to Appear,

This is to inform you to appear in the Court on the August 27 for your
case hearing. You are kindly asked to prepare and bring the documents
relating to the case to Court on the specified date. Note: If you do not
come, the case will be heard in your absence.

You can find the Court Notice is in the attachment.

Yours faithfully,
Byron Sheehan,
District Clerk.

There are a number of problems with this junk eMail message, and I'm including hereunder some of my key suspicions for your convenience in the hopes that it will be helpful to you:

  1. The descriptive name in the "from" address doesn't appear to be related to the eMail address, for "County Clerk" is very different from "byron.sheehan." Normally I would expect the full name in this case to read “Byron Sheehan” or “Sheehan, Byron.”
     
  2. The internet domain name portion of the eMail address (that's what comes after the @ symbol) does not look like an official government domain name, and in this case it includes a jumble of seemingly random letters and digits (I changed part of it to "example.com" in case an innocent third party's domain name was being being used without authorization by its owner{s} in the real eMail message).
     
  3. The subject line refers to a numbered court location, which doesn't help the average person determine which court this notice is concerned with. If it was meant as a case file reference number, then I would expect it to be described as a case or file number.
     
  4. The body of the message specifies the month and the day, but not the year, which is essential information to include when scheduling anything, especially including a court hearing.
     
  5. The body of the message, which mentions a "court hearing," is inconsistent with the subject line, which mentions a "court appearance." I would normally expect consistency on such simple points.
     
  6. The body of the message includes a vague request to bring documents relating to the case, but sufficient information about the case was not provided. This will be particularly problematic for someone who isn't aware that they are involved in any court cases, or someone who is involved in multiple cases simultaneously.
     
  7. The final statement that "You can find the Court Notice is in the attachment" is poorly written, and also redundant because the body of the message already seems to have provided that notice, albeit in a vague manner without sufficient information.

In my opinion, there are too many problems with this message that lead me to question its legitimacy, and the absence of a telephone number (which I should be able to verify actually belongs to the court by simply asking my telephone company to look it up for me) is a major hint that this eMail is bogus (or at least highly suspicious).

With regard to the file attachment, if the body of the eMail message doesn't provide adequate contact information for the court official who allegedly sent this notice (e.g., because it's a forgery), then it's reasonable to assume that the file attachment won't either. The risk of opening the file attachment is that it may have a filename that can appear to be a harmless data file when it's actually a program file that runs instructins on your computer -- one step to improving your chances of detecting this deception is to ensure that your computer is configured to "display file extensions for all files" (this is disabled by default on most computers, and unfortunately this has unwittingly facilitated abuses as was attempted in the spam eMail cited above that I received).

Consider also: Would you trust an adversary to operate your computer or install software on it? This is a very bad idea because it provides an opportunity for third parties to install software that can monitor your activities and access your private data, then secretly send copies to your adversary.

If you still feel it necessary to verify the legitimacy of the notice by contacting the sender, then it's important to do so in a manner that doesn't divulge new information about you (they already have your eMail address, but they may not know your name), so the following approach may be helpful:

  1. Temporarily change your "Full name" in your eMail program to "Private Individual" (or something along these lines -- I like this because it's generic, like "Anonymous Coward," which is used on a lot of internet forums by many different people). A better alternative would be to set up a free Google gMail account ( http://www.gmail.com/ ) and use it to send your reply because Google's gMail service doesn't reveal your IP address (at least that seems to be the case at present, so you may want to verify this).
     
  2. In your reply, indicate that file attachments are not accepted for security reasons, and then ask only for official contact information such as the telephone number and street address of the court house.

If they send it to you in an attachment, then it's bogus because it's trivial for them to provide this information in a regular eMail message, plus they are not respecting your stated policy of not accepting file attachments.

If they don't provide you with this information, then it's bogus because they're not cooperating in a reasonable manner by answering your reasonable question.

If they ask other questions, then it's bogus because that's a diversion tactic which indicates that they're not being straightforward with you. (Questions they might ask include requesting additional information about who you are or how to send you a letter via postal mail, or to ask you to provide information about your security setup or policies {which is information an adversary desires but shouldn't possess}).

One of the reasons for not providing unverified anonymous third parties with information about who you are, where you work, etc., is "social engineering" which involves obtaining as many portions of information no matter how small from as many different sources as possible, then combining that information to appear legitimate during future attempts to gain goods or services from you or your company without having to pay for them beforehand, or to deceive you or your company into paying for fake invoices -- after those goods or services or money are received by the social engineer, they often disappear with little or no trace of who they really are or their new location(s).

The more likely possibility, it seems to me, is the intention of these spammers to install malicious software on your computer that spies on you, or encrypts your data and holds it for ransom, etc.

Copyright © 2001-2017 Randolf Richardson.  Beautiful British Columbia, Canada.
All rights reserved.  All trademarks are the property of their respective owners.