If you find our resources valuable, please support us by making a small donation. Thank you!

x

April 5, 2017

THE WEEK IN REVIEW

Yet another “Shocking Video!” (yawn)  Why do people fall for this crap?  If we had a dollar for every malicious email that said…  You get the idea.  However, criminals wouldn’t keep using these old tired social engineering tricks if they didn’t work.  So, here’s another shocking video.  “Do You Have Anxiety of Pain?” (We think they meant to say “or pain”)  “Cannibis Oil Without a Prescription in All 50 United States”  The link points back to azuremethod-dot-com. That domain was registered to our most famous misused mail drop in Grandville, Michigan.  Read our Top Story from November, 2016.

Delete.

 

 

Another common social engineering trick we see over and over is cloaking malicious intent with a legitimately recognized news source.  Such as this email saying “The Economist Has News About the US Dollar.”  It’s a long email filled with social engineering malarky.  Once again, you’ll see the address for that most reviled Grandville, Michigan maildrop at the bottom of the email.

Delete.


Sample Scam Subject Lines:

Blow out sale on printer ink! Save up to 85%

Can you afford a broken A/C this Summer?

Do you have anxiety of pain?

First Month FREE on Every Home Warranty!

Get High-Quality, Affordable Printer Ink

HEALTH SHOCKER! Watch What Happened to THIS Man Who Didn't Treat His Back Pain

Order ready #(67879929): The greatest product ever created (Bill Gates)

Savings on Windows From Renewal By Andersen

Stop Letting Cellulite Cripple Your Confidence

Urgent news about Metformin!

Wanted! Motivated Individuals to Work From Home!

Will the Fed Issue New Currency?

You have notifications pending

Sample Scam Email Addresses

1-i-n-kcom-[YOUR EMAIL]@ monlogoexpress.com

asianladiesonline-[YOUR EMAIL]@ barokahmas.com

costcogifts-[YOUR EMAIL]@ famiilyrewards.com

GlassesOnline@ glasstests.club

healthy-report-[YOUR EMAIL]@ azuremethod.com

messages@ usuallow.com

oncology@ bebedada.com

PhotoStick@ forgelive.party

postmaster@ sotto-costo.net

ReduceConsuption@ libertygenerater.us

save-on-solar-[YOUR EMAIL]@ eclipsetips.com

tinnitussolutions@ tifncle.top

womenshealth@ eonqueror.top

 

Phish NETS:  American Express and Amazon

Except for the from address and the link revealed by the mouse-over, this email certainly feels like an application for an American Express credit card.  Fortunately, the from address and a mouse-over the link tell the real story.  From user-ru@ mailerassist.com –on behalf of American Express India?  The domain mailerassist.com was registered July of 2016 to “jyoti kumar” and is hosted in Canada.  The link actually contains a redirect to a website in India called icwononline.in.  If you look carefully at the link at the bottom of the email you can spot it.  Does any of this sound like AmericanExpress.com to you?  You know what to do.

“Still haven’t received your amazon ThankYou reward card?  We’re sending this reminder because your card is still pending, and a few questions still need to be completed” says an email from messages@ busioler.com.  If you continue to read this bogus pitch you’ll see that you’re pressured to respond quickly.  Meadow muffins!  The Zulu URL Risk Analyzer says that there is an 85% chance that the link in this email is malicious.  Gee…. We’ll go out on a limb and call it 100%!

 

YOUR MONEY:  Sam’s Club Easter Rewards, Walgreens Card, and Tickbox

Check out this somewhat clever bogus email claiming to represent Sam’s Club from the domain samsclubgiftz.com. The domain was registered on March 29 but what’s so funny is that the screenshot history of this website shows that it had a front page titled “American Green Card DV Lottery Program Services” on April 1.  Looks like the scammers are multitasking their scam sites.

Does anybody  read the from address of an email?  Why would anyone believe an email that came from lindsay-[YOUR EMAIL]@ adherenceselfish.men?  Adherence selfish men?  This sounds a lot like Walgreens, right?  “Your Walgreens card is ready!”  This is really another reminder how greed serves to put all of us at risk.  Criminal gangs register thousands of ridicilous malicious domains that should raise suspicions from the services they use. We often see that the same “registrant” (name used to register) will register hundreds of malicious domains over the course of months.  Many are found to be malicious, so why aren’t the other domains investigated and taken down?  But ICANNs doesn’t care and the registrar companies licensed by ICANNs don’t care either because they all make money.  It’s you and I that get hurt.  Jump for the delete key. (For those who don’t know, ICANN is the only governing body that controls Internet names and numbers.  Read our article “How to Make the Internet Safer for Everyone.”

TickBox is an android media streaming system meant to compete with the cable giants for getting TV content.  This next email wants you to believe it represents TickBox.com but it doesn’t.  The email came from cableinstantlys.com and links point back to the same domain.  But that lame domain (“cable instantly”) was registered just a few hours before the email was sent by someone from Plantation, Florida named “Cody Antonio.”

Delete.

TOP STORY:  If It’s Free, It’s Risky!

We all like “free.”  The Internet was predicated on many things being free.  And because of this criminals often lure unsuspecting netizens into their traps by offering free things.  The sheer volume and malicious content stamped with the word “free” is overwhelming.  Even legitimate services and websites offer “free” things but expect us all to hand over gobs of personal information for it, never realizing how much our information can be monetized. (And how badly it erodes our personal privacy. Ever read the Privacy policy or Terms of Service of Snapchat?  Eye opening.)  The Daily Scam is amongst a decreasing population of apps and services, offering truly free content to visitors even though it costs us money and we don’t support our effort with advertising.  (Don’t misunderstand us.  We welcome sponsorships of companies that are aligned in some way with our mission. And we would love to earn some income from this effort but since we started this effort a few years ago the $$ going out far exceed the $$ coming in.  We continue to do this work because we feel it is so important for someone to stand up against Internet criminals and try to shame ICANN into serving the public interest!)

To make our point that “free = risk” on the Internet, we offer these examples starting with free samples of laundry detergent.  According to this email, we can look forward to many free product samples!  Oh joy!  But we need to hurry because “we don’t know how long this will last so take this opportunity to claim your samples today.”   Though the email comes from educationgrantsearched.com the links all point back to a subdomain (s11) of verifiedblue.com.  According to a WHOIS lookup, verifiedblue.com was registered in August, 2016 but little information was posted by the person who registered it.  Could this be legit?  The domain is already seven months old.

Sorry to dash your hopes of free detergent but the Zulu URL Risk Analyzer took a close look at the links in this email and rate the risk to be 80% chance of being malicious.  The website also contains several redirects and who knows how safe those are.  Step away from that detergent…

How about just a little something that starts free but we have to pay for later?  “First month free on every Home Warranty.”  Look at the accolades listed at the top of the email.  Seems like a great deal, especially 1 month free!  But that little tickler, and this email in general, are phony baloney.  Links in the email point back to the domain responsible for it… steamedkeys.com. The domain was registered to our esteemed bogus mail dropbox in Grandville, Michigan.  A recent screenshot of the domain’s website shows it to be a phony news mimic of a legitimate news site in Nigeria called Vanguard News.  Run, don’t walk, away from this BS.

How about a free chat with an astrologer and psychic?  “Exceptional Ron” has sent us an invitation for a free chat about our future.  (We’re no psychic but we kinda think we know where this is going…)  He wants to use his skills in clairvoyance to change our life for the better.   Therefore he must already know we’re going to avoid him like the plague of death!  The email came from January-Updates@ rp.militaryscholarshipmia.com.  Don’t you know where the links in this email point to?  Oh, right. You’re not clairvoyant either so we’ll tell you.  Verifiedblue.com.  Yup.  Same as the free laundry detergent scam above.

OK, one last shot at free.  Actually… better than free!  How about someone who says they’re willing to pay us for our opinion!  It doesn’t get more straight forward than this pitch… “Take Surveys. Get Paid.”  Sounds perfect and we’ve been selected.  The email seems to have come from a market research recruiter at bestgeofilters.com.  Geo filters?  Do you smell a rat?  Cast your eyes on that marvelous address at the bottom of the email where folks can opt out.  Can you guess?  We bet Exceptional Ron knows…

FOR YOUR SAFETY:  Facebook Notifications and Shipment delivery Problems

We’re so sick of the phony Facebook notifications and wish we were done with them but they keep coming!  Fortunately, the criminals who create this junk sent us one disguised to look like a Live.com friend request too.  And the links in all of them point back to websites in Russia.  Initially we pegged them for phishing pages but we we dug deeper on this one and it points to a fake Canadian online pharmacy… in Russia.  We don’t have much hope for the legitimacy or efficacy of any medicine purchased from this site.  Hell, we wouldn’t trust giving them our credit card info either.  But we’re pretty confident that Putin would deny their exisitence.

 

 

Oh, and in case you missed them, the malware-disguised delivery scam emails keep coming….

 


ON THE LIGHTER SIDE: Dear Lucky Winner!

We are the lucky 2017 Samsung winner!  At least that’s what the email says from Mostafa from Saudi Arabia. (2-letter country code = .sa)  We were selected from 30 million email addresses!  This is exciting.  All we have to do is meet the claims requirements, statutory obligations, verifications, validations and satisfactory report.  We wonder what all of that will cost us?


From:  prvs=0262dd71e4=mostafa@shary.com.sa
Time:  2017-03-29 21:56:09
Subject:  Congratulations

Dear Lucky Winner,

We are happy to inform you that you have been selected as a lucky winner in our 2017 Samsung Consumer Promotions. Your email address was picked by our Electronic Random Selection System (ERSS) from an exclusive list of 30,000,000 e-mail addresses of individual and corporate bodies in our database. Your email address is identified with Batch Number: SM/12/25/0036 and Serial number 5918/2017 in Category "B" and your claims portfolio is filled with Ref Number:SM/09005/DE. You are therefore awarded a cash prize of $800,000.00 (Eight Hundred Thousand Dollars) from the total payout.

Your prize award of $800,000.00 (Eight Hundred Thousand Dollars) has been insured under a bonded depository policy with your e-mail address and will be transferred to your account upon meeting the claims requirements, statutory obligations, verifications, validations and satisfactory report.

You are advised to contact our Certified and Accredited claims agent with the information below:

*************************************

Name: Mr. Vasselin Angelo

E-mail: vesselinangelov@yahoo.com.tr

Fiduciary Agent

*************************************

Endeavour to provide him with the following information in your contact with him.

Names:

Telephone:

Age:

Occupation:

You are to keep all information confidential, especially your Reference and Serial number. This is important as a case of double claims will not be entertained.

Congratulations once more from all members and staffs of Samsung. Furthermore, should there be any change of address do inform our agent as soon as possible.

Yours Faithfully,
Lee Moore
Promo Co-ordinator.

---

This email has been checked for viruses by Avast antivirus software.
https://www.avast.com/antivirus

--

This email was Virus checked by Astaro Security Gateway. http://www.sophos.com

Until next week, surf safely!

 

 

s2Member®