Complaint Review: Colt Obrien - Hanoi Other

Today I received an unusual e-mail from a Colt Obrien, Tax Officer. The body of the e-mail text stated: Warning!! This is alert four your comany that your main office address was typed incorrectly while completing the recent tax form for previous year. In order to avoid large fine fees during next time please email our tax controller as soon as you view the statement attached with this emai. Best regards, Colt Obrien, Tax Officer. There was a Word document attached to the e-mail labeled Tax Form J172 Colt Obrien.doc (96KB).

By analyzing the text the whole thing is worded wrong and looked to me like broken English from someone overseas trying to run a scam. I paid attention to the Obrien name, which is an Irish name by descent. It is normally spelled O'brien. Then I noticed "avoid large fine fees", which made no sense. Obvious at this point! I also noticed there was no company name or address in the body of the e-mail. There are also no phone numbers as well.

I copied the document to the desktop and ran it through a virus scanner and it found no viruses. I double clicked it to open it in Word, which automatically stopped the document from opening. It had a message that said: Attention! To view this docuemnt, please turn on the Edit mode Macroses! Word automatically puts out an alert to be cautious about opening this type of document because they can contain viruses. Once I saw this I said no way!!!

Then I opened the e-mail header and noticed it was received from mail.lofantele.com (IP address 66.38.0.165). A little research on the IP address using an online WHOIS for IP addresses led me to a website: logantele.com, which is a telephone cooperative with two locations in Kentucky and Tennessee. I looked further into the e-mail header and found: Received: from localhost (HELO HIEU-MDC) ([email protected]@113.175.18.212). I checked the IP address 113.175.18.212 through the WHOIS and found it was located in Hanoi, Vietnam. BINGO folks we have Organized Crime originating from another country.

Since I didn't allow the Word document to run the Macros I do not know what it is or what it will do. I can only guess it will unpack a virus and probably install a root kit to report back your log in information to your financial institutions or scour your personal files for your identifying information.

I wanted to share this information here since I couldn't find anything on this with a Google or Bing search. There was one line in the e-mail header that indicated: X-MagicMail, which did yield a hit on a Google search. This hit related to a scam, which was not specific in nature. I saw enough to know this e-mail was no good. My best guess on how I received this is from someone in my e-mail contacts that was infected.

Understand this. If there is something wrong with your taxes the IRS will not correspond in this nature with you. They will more than likely mail you a letter with adequate phone numbers for contact to inquire further. One other thing, the J172 Tax Form kept finding hits on Google to West Virginia. I believe it had something to do with filing state income tax. Another clue this was a bogus e-mail. The state I live in has no state income tax. I would love to hear your comments if you also received this e-mail.