Page 1 of 1

RIAA

Posted: Fri Feb 17, 2012 4:01 pm
by JamesVincent
Received this email the other day in my business email account (and no the email address mentioned is not my email account).
Dear theresakremm@yahoo.com, hereby we notify you that your IP address has been identified as distributing copyrighted content. Please see the attachment to this message for illicit Internet traffic details.
Failure to respond to this message within 14 days will result in copyright infringement accusation and standard legal procedures.


Recording Industry Association of America (RIAA)
1330 Connecticut Avenue NW Suite 300
Washington, DC 20036
tel: 202-775-0101
fax: 202-775-7253
Took a quick look around Snopes and didnt see anything about it. Anybody else hear anything about this? It was not addressed to me but came to me so obviously a scam of some sort. And I dont see the RIAA sending out love letters before they have you charged with something if their that certain your pirating.

Re: RIAA

Posted: Fri Feb 17, 2012 6:52 pm
by webhick
It's not legit. Last I knew, the RIAA doesn't inform you of this stuff by email. They send a cease and desist to your ISP and then your ISP threatens you on their behalf.

Re: RIAA

Posted: Fri Feb 17, 2012 7:01 pm
by Mr. Mephistopheles
JamesVincent wrote:Received this email the other day in my business email account (and no the email address mentioned is not my email account).
Dear theresakremm@yahoo.com, hereby we notify you that your IP address has been identified as distributing copyrighted content. Please see the attachment to this message for illicit Internet traffic details.
Failure to respond to this message within 14 days will result in copyright infringement accusation and standard legal procedures.


Recording Industry Association of America (RIAA)
1330 Connecticut Avenue NW Suite 300
Washington, DC 20036
tel: 202-775-0101
fax: 202-775-7253
Took a quick look around Snopes and didnt see anything about it. Anybody else hear anything about this? It was not addressed to me but came to me so obviously a scam of some sort. And I dont see the RIAA sending out love letters before they have you charged with something if their that certain your pirating.
'Betcha that attachment contains a Trojan.

Re: RIAA

Posted: Fri Feb 17, 2012 7:05 pm
by Mr. Mephistopheles
webhick wrote:It's not legit. Last I knew, the RIAA doesn't inform you of this stuff by email. They send a cease and desist to your ISP and then your ISP threatens you on their behalf.
Wow, you got off lucky. The RIAA goons showed up in their black helicopters on a moonless night and put me in the dunking chair until I admitted I was distributing unauthorized copies of "Jim Dandy".

Re: RIAA

Posted: Sat Feb 18, 2012 5:37 am
by Torp
I second the "do not reply." Here is why:

Even if you pirated material, and I'm not saying you did, the RIAA identifies you by asking your ISP (who owns block addresses) who was using your specific address during the time period they identify.

The thing is, your ISP will be able to identify your specific account and your home address.

Your ISP doesn't know (because they don't care to, yet) any webmail you use. Webmail, because it is run by another company, will necessarily have a different IP address (the multitude that Yahoo! uses) than you use.

It is absolutely impossible for your ISP to trace the ISP Yahoo! uses to your specific account.

This would be much more believable if it came to your ISP address.

Please, don't reply to this email! Don't feed the trolls!

Re: RIAA

Posted: Sat Feb 18, 2012 4:01 pm
by Judge Roy Bean
JamesVincent wrote:Received this email the other day in my business email account ... It was not addressed to me but came to me so obviously a scam of some sort. And I dont see the RIAA sending out love letters before they have you charged with something if their that certain your pirating.
Actually, here's what the RIAA says:
... There continues to be paralyzing levels of illegal downloading that require a variety of approaches and the help of partners like Internet service providers (ISPs). That’s why we send copyright notices to educate and notify downloaders in advance that they are breaking the law and could face more serious consequences. ...
They (whomever sent the message) may be phishing - look carefully at the link they provided. If it is to an ISP, the original recipient of the message may actually have been identified/turned in. You can report (anonymously) on the RIAA web site:

https://www.riaa.com/reportpiracy.php?c ... acy-online

Their normal procedure is to notify the ISP. I've never heard of them contacting someone directly.

Re: RIAA

Posted: Sun Feb 19, 2012 2:03 am
by Kestrel
Mr. Mephistopheles wrote:'Betcha that attachment contains a Trojan.
'Betcha you're absolutely right.

The grammar is better than most, but typical of grammar used by someone who is not a native English speaker: "hereby we notify you" "will result in copyright infringement accusation"

James, did you check the message header and look at the sender's email address domain?

Re: RIAA

Posted: Sun Feb 19, 2012 2:14 am
by JamesVincent

Re: RIAA

Posted: Sun Feb 19, 2012 2:26 am
by Kestrel
JamesVincent wrote:RIAA <JustinLecea@riaa.com>
Still could be a fake name.

The header (source) info could give some detail. In Windows Mail I look at the header by selecting "File - Properties - Details - Message Source."

Re: RIAA

Posted: Sun Feb 19, 2012 4:46 pm
by Arthur Rubin
JamesVincent wrote:RIAA <JustinLecea@riaa.com>
How about the Sender: field in the header? The Reply-To: field? Does the Received: field looks like it actually came from riaa.com?

Note, this last sometimes requires expert analysis. However, if it was inserted in the .ng domain, you're on your own. Note also that the Received: field may contain information about your E-mail addresses that you might not want to publish; if, for example your E-mail is forwarded from your stated E-mail address to an E-mail address where you actually read it, the latter is also available. Finally, publishing it here may violate our site privacy guidelines. Check with the management to be sure if you want help.

You might also see if RIAA is interested in the theft of their identify.

Re: RIAA

Posted: Sun Feb 19, 2012 8:34 pm
by Kestrel
James PM'd me the complete IP header. It's almost certainly a fraud. It looks like it originated from an IP address in Pakistan.

You can find out where any message came from by tracing the IP address trail at a website like http://ip-lookup.net/index.php

I looked up the X-Originating-IP: [182.182.6.162]
The ip-lookup reply was:
Lookup an IP address :
IP: 182.182.6.162
Host: ?
Country: Pakistan