Please support our effort by making a small donation. Thank you!

x

August 17, 2016

THE WEEK IN REVIEW

Scammers never truly go away but they might take vacations and we think mid-August could be their vacation time. We actually saw a drop in the volume and variety of scams targeting consumers during the past week, including that rare event of no phishing emails.   What did you think? Did you notice a drop in spam or scams during the past week? Drop us a note at feedback@thedailyscam.com and let us know.

But we don’t want to give you the wrong impression. There were plenty of scams to go around. Readers will recall last week’s top story about malicious emails disguised as money-saving coupons. They continued in earnest for a few more days such as this email disguised as coffee coupons sent from the bizarre address undisputed@jealousy.wuzal.us. And don’t fall for the ridiculous claim that the email was sent from an advertiser named Gloservices. The legitimate Gloservices is a company that offers IT services to medical and dental offices.

 

We also want to remind readers that the criminals who push out these malicious and fraudulent emails often find effective social engineering content through daily world news. This has been obvious in the bogus political emails with subject lines like “Trump quits presidential race!” The latest topic we discovered that scammers are exploiting is the Zika threat from mosquitos.   Check out this email from irregular@fleeciness.kiwom.us with the subject line “Use THIS to Make Yourself Invisible To Mosquitos.” The domain kiwom.us was registered on August 12 by the bogus company called “Adrenaline Ads.” We’ve written about scams from this fake company in both the May 25 and July 27 newsletters.

2-Make yourself invisible to mosquitos


Sample Scam Subject Lines:

(1) New Message – Read It Now

1 Year MBA options

Certified Education Paralegal Programs for You

Contact Lenses Could be yours Today

Explore These Remodel Bathroom Solutions

Find Information on Hybrid Cars

Get New Auto Coupons Options

Last Notice Before Collections

Last Notice: Today is the Last Day

Need something fixed? Look up local electricians

New sleep aid takes CVS by storm

Save up to 70% on life insurance now!

Trump did it again – CNN Report

Sample Scam Email Addresses

alert@asianwomanonlinelink.stream

Bloomberg@bloombergbusinessweeklink.stream

BusinessClassFares@literoid.stream

CellPhones@capitaka.stream

consigner@politicking.wusil.us

Employment@consultprediner.site

glassesonlineless@glassesusa.download

LowInterestBalance@patchine.stream

LowInterestCreditCards@caromagne.stream

NewCarPrices@ultraved.stream

PlumIslandKayak@tangerine-soft.de

Reverse_Mortgage@otherner.stream

Semifinalist@entitative.tolio.us

 

Phish NETS: This Site May Be Hacked!

We are phish-free this week as we said above but would like to use this week’s column to point out something that we believe should be obvious to the world and often is not. How many times have you conducted a Google search and seen the five small words “This site may be hacked.”

STORY UPDATE 2-16-17: The Webmaster of Northern-shire-dot-com contacted us to let us know that after an “exhaustive fix” of their site, it is once again secure and no longer hacked.  Out of fairness to Northern-shire-dot-com, we have modified this article but leave it up for educational purposes:

We recently found this email pushing an absurd claim to “increase your brain activity by 200%” in a matter of minutes by taking some drug. A mouse-over of the link HERE points to a website called northern-shire-dot-com.

Northern-shire-dot-com sounded like a legitimate website but the email suggested otherwise. We visited Google and entered the domain northernshire-dot-com (in August, 2016) and look what we found…

It was obvious to us that Northern-shire-dot-com had been hacked and was being used to host malicious or fraudulent content. Apparently Google was suspicious as well. Our experience with Google is that it is always right when it says “this site may be hacked.” We wonder why Google chooses to present their findings in small blue print that is easily overlooked within a sea of text. It should be displayed in LARGE BOLD RED CAPITALS and say “DO NOT VISIT. GOOGLE SUSPECTS THIS SITE HAS BEEN HACKED.”

The next obvious step would be for Google and us to notify both the website/domain owner and webhosting company about the suspected hack and likely malicious/fraudulent content. We believe that Google doesn’t do this because we have found some sites that have been identified for months by Google as “may be hacked.” In the case of Northern-shire-dot-com, we couldn’t find an owner’s name to contact using a WHOIS tool because the site was registered through a domain proxy service and there is no email address listed for the site that Google can find. However, we did learn that the website and domain name are hosted and registered through GoDaddy.com. When we tried to report the hack and abuse via their website form we found it to be so discouragingly difficult to use that we gave up. We sent an email to abuse@godaddy.com and received a auto-generated reply saying that the reported site would be investigated. Let’s see how long it takes to remove the offending content.

Once again we feel that this is an example of how ICANN and the Registrars have created an Internet system that favors the criminals. It should be very simple to report abuse to a central database run by an independent organization whose job it is to help keep us all safe and investigate abuse. Registrars should be required to respond to reports in 24 hours or less. There should be an automated system so that GoDaddy should be immediately notified of Google’s identification of a possible hack. And finally, the site/domain owner should be automatically notified. If the hack is not fixed, the site should be blacklisted and identified across the Internet as suspicious. But ICANN, the governing body of Internet names and numbers, doesn’t care about you or us. It’s still a wild, wild, west out there and someone is making lots of money off of the current set up.

Your Money: Charging Your Phone, Licensed Child Care Providers, Handyman Services and Online Will/Trust Services

newinventions@portcharger.eu is such a clever email address to introduce a device to consumers that will charge your phone three times faster than any other charger, has all the cables you need for charging any phone, and can be used “on the go.” But none of this is true. The email identifies itself as being associated with the firm “Free Bird Research” in Nevada. We’ve identified this company as fake several times as far back as our January 27 and February 17 newsletters. A reminder that “.eu” is the 2-letter code for the European Union. According to Eurid.eu, the domain was registered on the day the email was sent.

Just Delete!

Parents with young children often struggle trying to find quality and affordable day care or nanny services. Many turn to Care.com and other similar services. (Care.com members are being hammered by scammers using the advance-fake-check scam. Read our latest article on this very successful scam!) So this next email from childcarecosts@steelvine.stream is likely to get a lot of consideration by many parents. “Look for licensed child care providers.” The random white text against the white background at the bottom of the email should be enough to send readers for the delete key. The domain steelvine.stream was registered on August 12 through a proxy service in Panama.

Deeeleeete!

There never seems to be enough time in a weekend to do all the jobs around the yard and house. The idea of hiring a handyman sounds like a good idea, right? “Need to Get a Job Done Well???” “Get the help you need to fix just about anything” says this email from HandymanServices@jaguaricon.stream. Do you notice the remarkably similar design to the scam email above? We’re certain they were created by the same criminal gang. It contains hidden text like the email above to try to fool antispam servers and you can guess when the domain was registered.

Now delete.

The criminal gangs responsible for these malicious emails use the same templates over and over, substituting content and domain names. Here’s one more disguised to look like online wills and trust services sent from the domain breezelight.stream. By the way, for the Internet geek readers like us, the dot-stream is a new global top level domain that ICANN made available to the world at the end of June, 2016. Based on the domain names we see in scam emails and the fact that nearly 40% of the names have been registered through Alpnames.com (the registrar-of-choice for top criminal gangs in our opinion), we suspect that a significant number of the nearly 8000 registrants came from criminals organizations, as of August 15. Check out the dot-stream domain statistics here.

8-Online will and trust services

TOP STORY: Loans Online – Let The Buyer Beware!!

Have you ever received a random solicitation for a loan, loan forgiveness program, or get-out-of-debt offer? We see them all the time and they range from the ridiculous and lame, to the legitimate but spammy. We have a few to share with you here and a simple bit of advice… Delete them all!

Let’s begin at the bottom of the barrel with this obviously lame effort that came from a Spanish email address with the subject line “Loan Offer.” “We are offering out loan at a very cheap rate of 2%, please get back to us if you are interested.” No company information. No verifiable phone number. Not even a business name. (“.es” is the 2-letter country code for Espana –Spain) Deleting this is a no brainer.

9-Loans-loan offer

How about this next email sent via clickdimensions.com for an $85,000 credit line from Nic Stephens at Main Street Business Capital? The email states “On Monday, my credit department reviewed your account marketplace history and have pre-qualified you for a $85,000 credit line” and “Click here to verify that your business information is up to date…” This is odd because we have confirmed that the recipient is a teacher who works at a not-for-profit school. He has no marketplace history. He is not an owner of a business or even someone who works in the business office. At best this appears to be spam. Clickdimensions.com is a marketing service delivering this to tens of thousands of email addresses. Both MainStreetBusiness.Capital and mainstreetbusinesscapital.com appear to be a legitimate business registered to a Michael Thomas, according to a WHOIS lookup. The business appears to have a website and even advertises through Google. All in all, this company seems to have an easily identifiable presence on the Internet and looks legit despite the spammy email. But we can’t find much else about this company. After a lot of digging, we only find 4 reviews posted on Google. Two are glowing and two are horrific. This seems a bit odd especially since the glowing remarks were made after the 2 bad reviews. We also found some generic information on the company from Bizapedia.com:

http://www.bizapedia.com/ca/MAIN-STREET-BUSINESS-CAPITAL-LLC.html

https://www.google.com/#q=main%20st%20business%20capital%20reviews&lrd=0x80dcdecf87bb6ee3:0x204661946daa8509,1,

Would this inspire confidence in you to take out an $85,000 loan with them?

10-Loans-credit line notification

Looking for financial assistance to help you get that degree you wanted? Check out this offer from… Well, we’re not quite sure who it is from. The odds are that it is from a company identified as Degree Streams, but the email was sent from counselor@edcounselingemails.com and the link points to finance-your-education.com. “Funding opportunities available to get you back into school.” “At DegreeStreams, we partner with regionally accredited universities that are 100% online.” According to the Arizona Corporation Commission, Degree Streams LLC was first registered in 2012 in Phoenix.

Though we found precious little information about “DegreeStreams” or “finance-your-education.com“ using Google, we visited finance-your-education.com as well as other domains we discovered that belong to this business. They included:

educationquestionanswered.com

edadministrationdegree.com

tech-education-online.com

dedicatedcounselors.com

Here are several screen shots to some of these websites…

12-degreestreams 1 13-degreestreams 2

14-degreestreams 3 15-degreestreams 4

Ultimately, despite a lengthy search for reviews, first-hand accounts, well documented reports from those who did business with DegreeStreams, or one of its many other names, or information we could evaluate on the BBB.org website, we found little. Once again we ask our readers if this information would inspire you to reach out to this company if you needed a school loan? As in so many things online, caveat emptor.

FOR YOUR SAFETY: UPS Notification, Shipment Delivery Problem, and Documents Requested

If you have ever made a delivery using UPS you’ll immediately recognize the next email. Except that it wasn’t sent from UPS. The email was perfectly crafted to look like a notification from UPS though it was sent from admin@powerrgeneratorr.com. A search for powerrgeneratorr.com turns up several online inquiries for malware using the service URLquery.net and not much else. The links confirm that this domain is being hosted in South Africa and two of the links confirm that malware was found on August 13.

https://www.google.com/?gws_rd=ssl#q=powerrgeneratorr.com&nfpr=1

Here is another email claiming to be from FedEx saying that your parcels have been shipped. The attached details contain malware.

Delete!

And finally, this “Documents Requested” email was actually spoofed to look like it came from someone in the same organization as the person who received it. Nasty trick. The zip file is 100% malicious.

18-Documents requested

 

 

ON THE LIGHTER SIDE: Your Compensation

We really stood up and took notice when this email arrived in our inbox from info@presidency.com! It isn’t everyday we get an email from the office of the Presidency of Nigeria! We figured that Dr. Obi is writing in caps because what he has to tell us is so very important. We’re all ears!

 

From:  info@presidency.com
Time:   2016-08-10 03:30:12
Subject: THE TRUTH OF THE MATTER

I AM DR. PATRICK OBI ,CHAIRMAN DEBT RECONCILIATION COMMITTEE FROM THE OFFICE OF THE PRESIDENCY AS THE NEW APPOINTED BY MUHAMMADU BUHARI PRESIDENT FEDERAL REPUBLIC OF NIGERIA AND OTHER HOUSE OF REPRESENTATIVE MEMBERS, WORLD BANK, UNITED NATIONS AND INTERNATIONAL MONETARY FUND (IMF), THEY AGREED TO PAY YOU THE SUM OF $5,000,000.00 (FIVE MILLION US AMERICAN DOLLARS ONLY) AS YOUR COMPENSATION.

THE WORLD DEBTS DELEGATE ENCONJUNCTION WITH UNITED STATES GOVERNMENT AND NIGERIA GOVERNMENT HAS RESOLVED ON A DIPLOMATIC MISSION IN NIGERIA TO FIGHT AGAINST GOVERNMENT OFFICIALS CORRUPTION ON-BEHALF OF SCAMS VICTIMS TO BE COMPENSATED AFTER POLICE ARRESTED SOME FRAUDSTERS AND SACKED GOVERNMENT OFFICIALS IN LAGOS NIGERIA WHO MENTIONED YOUR PARTICULARS AS ONE OF THE VICTIMS OF CIRCUMSTANCES.

IN THE LINE CONCLUSION OF THE MEETING HELD WITH THE AMERICAN GOVERNMENT AND NIGERIAN GOVERNMENT AS MUHAMMADU BUHARI, PRESIDENT FEDERAL REPUBLIC OF NIGERIA WITH THE ENTIRE BODIES HAS AGREED TO PAY YOU $5,000,000.00 (FIVE MILLION US AMERICAN DOLLARS ONLY) AS YOUR COMPENSATION.

CONGRATULATIONS FOR YOUR NAME AND EMAIL WERE AMONG THE LIST TO BE PAID $5M US DOLLARS COMPENSATION PAYMENT. SO RE-CONFIRM BELOW INFORMATION SO THAT THERE WILL NOT BE ANY MISTAKE:

1) YOUR FULL NAME: —————
2) YOUR CURRENT HOUSE ADDRESS: ————-
3) CURRENT DIRECT TELEPHONE: ————-
4) OCCUPATION & AGE: ————-

AS SOON AS I RECEIVE THE INFORMATION, I WILL TELL YOU WHAT TO DO TO RECEIVE YOUR PAYMENT WITHOUT ANY FURTHER DELAY. GET BACK TO ME IMMEDIATELY BECAUSE I DON’T HAVE MUCH TIME OVER YOUR APPROVED COMPENSATION PAYMENT FUND OF THE YEAR 2016.

CALL ME WITH THIS NUMBER FOR MORE INFORMATION: + 234-90-952-869-31

CONGRATULATIONS ONCE AGAIN.

MY BEST REGARDS.

MR. PATRICK OBI
OFFICE OF THE PRESIDENCY.
CHAIRMAN DEBT RECONCILIATION COMMITTEE
ANTI CORRUPT MONITORING DEPARTMENT
FEDERAL REPUBLIC OF NIGERIA.
No 10 Mambilla Street ,Off Aso Drive
Maitama District Abuja Nigeria
Direct Telephone Number: (+234-90-952-869-31 )
Email Address: patrick.obi19@yahoo.co.nz

 

Until next week, surf safely.