If you find our resources valuable, please support us by making a small donation. Thank you!

x

August 2, 2017

THE WEEK IN REVIEW

Last week’s Top Story was about bogus domain names disguised as legitimate promotions or claiming to represent well known companies.  These bogus domains continue to be registered and used to sucker you  into a visit.  We’ve included several more in the scam email addresses below.  Have a look at this scam email pretending to be from Costco.  It came from the domain coscowholesalez-DOT-com.

A reminder about the words “shocking video.”  From our viewpoint, anytime you see those two words used anywhere online, in an email, social media post, or text, it is likely a malicious social engineering trick.  Here’s another one of these shocking video lures…

Two ongoing scams that have been sizzling hot that we’re hearing a lot about are the “underage girl sext” scam and the “personal assistant/advance check” scam. We update both of these are articles regularly on our website.

Please check out our newest feature article on the Secret Shopper Scam.


Sample Scam Subject Lines:

Build Your own chicken coop

Clinton attacks Trumps son on camera: full report 3327351

Did you see it?

EAT THIS Ace any Test!

Every reason you need to be armed

Exotic Mix Burns Calories?

Home Warranty Insurance Plans. $30 Off

I used this today and made $300

Pandora Jewelry $9.9 SALE, HURRRY UP!!!

Start earning more than $8k/month

Stop paying high priced dental prices

Your $50 Amazon Certificate is now ready to use

Your new weekly reward from Costco is ready to use

Sample Scam Email Addresses

amazonrewards-[YOUR EMAIL] @ freeshopps.com

amazon_com-[YOUR EMAIL] @ amznpriime.com

costcowholesale-[YOUR EMAIL] @ costktodai.com

costco.accounts-[YOUR EMAIL] @ ideasngift.com

macys-rewards-[YOUR EMAIL] @ nowmacyz.com

macyscom-[YOUR EMAIL] @ macysuz.com

samsclubcom-[YOUR EMAIL] @ rewarfromsams.com

TacticalPen @ frnchhss.us

TheFungusTerminator @ funguss.us

ANY EMAIL THAT ENDS WITH “.date” such as:

Doited @ irecol-DOT-date

Interloan @ indfret.date

   Osar @ wusdj.date

Phish NETS:  Wells Fargo Account Verification Required

This Wells Fargo phish came from an address in Czech.  “You are receiving this message due to errors encountered in our regular verification process of Online Banking records.”    A simple mouse-over of the link “Account Verification Process” reveals the fraud.  It points to a hacked webserver toddfernandez.com. We’ve informed Mr. Fernandez.

Now delete.

 

Here’s another lame phishing scam for web email accounts.  The link points to the shortening service bit.ly, often a favorite of scammers.  We used Unshorten.it to see where the lead will send you and discovered that it points to a website called myartsonline-DOT-com. At first we thought this was a legitimate website that was hacked but now we’re not too sure.  That website was registered by someone from Germany and is being hosted in Sofia, Bulgaria.  BitDefender has identified the domain as a phishing site.  Just move on, people….

YOUR MONEY:  Complimentary Shopping at Sam’s Club, Pandora Jewelry Sale, and Become a Real Estate Investor

Who wouldn’t like a $50 voucher and some complimentary shopping at Sam’s Club!  But this next email is just click-bait for a predator.  The domain, voucherfreeb-DOT-com, was registered by someone named Gary Little from Georgia on the same day this email came out.  The only information Google finds out about this site are similar emails associated with temporary email sites in Germany.

Deeeleeete!

We’re certain this next scam email did not come from native English-speaking criminals.  Who lists a sale for $9.9?  The content in the email suggests it is associated with SunglassWarehouse.com but trust us, it isn’t!  The email came from the domain pandoer-sale-DOT-top and the links point back to pandoraye-DOT-com.  The former site was registered by Liang Kai Jun from Yu Lin Chi, China, while the second domain was registered by Long Chen from FuZhou, China at about the same time the email came out.  Some readers may think that this is just advertising for Chinese knock-offs of Pandora jewelry but you would be wrong.  The Zulu URL Risk Analyzer scored pandoraye-DOT-com 90% chance of being malicious and identified multiple malicious scripts waiting on the site for visitors.

The “Road to Financial Freedom” this is NOT!  It’s a nice pitch, though, to trick you into clicking a link for a free webinar.   Unfortunately, what’s waiting for you at lyehowf-DOT-date is bad news.  Zulu URL Risk Analyzer scored this one 97% malicious and found the domain blacklisted on many Internet domain blocklists already.

 

TOP STORY:  Caller ID Spoofing

We want to raise our reader’s awareness of a very deceitful practice that is being used more and more by criminals and proving to be an effective tool in their scams.  It’s called caller ID spoofing.   Most of us grew up in an era when phone calls were not identified with a caller’s number.  Then technology made it possible to identify the name and/or number of the person calling – Caller ID.  According to the Virtual Museum of the Telecommunications History Group, Caller ID was introduced in 1991.  Caller ID Spoofing, according to Wikipedia,  is the “practice of causing the telephone network to indicate to the receiver of a call that the originator of the call is a station other than the true originating station.”  Simply, the number calling you may not be the number calling you!  Though phone companies and law enforcement have had the ability to spoof a call since the 90’s, spoofing only became available to the public in the fall of 2004. (Read the Wikipedia article.)

Unfortunately, this technology was never effectively regulated in any way by the U.S. government or FCC.  Especially since the development and expansion of “Voice over IP telephony,” in the mid-2000’s, caller ID spoofing has exploded in use and misuse.  Misuse has become so common that it is now possible to install phone apps that can spoof your call to appear as any phone number you enter.  There are also more than a dozen prank call websites and most of them allow users to enter whatever number they choose.

Criminals are taking great advantage of caller ID spoofing to target victims.  TDS has documented dozens of instances in the “underage girl sext scam” where the male victim receives a call from someone pretending to be a sheriff or detective and the phone number used corresponds to the victim’s local police department.  In several of these instances the victim called the real police department, rather than the number he was asked to call by the imposter, only to learn that no phone call was ever made to him from the real police department.  In one particular instance this abuse has become severe!  The very real Police Detective named Jim Perry, from the Greenville County Sheriff's Department in South Carolina, has had his name and phone number spoofed  so many times that he posted a voice message on his phone (as of July 9) saying “if you are calling about a father talking to you about an underage sext you sent, it is a scam and to call your local police.”  Read more about this in our article Plenty of Fish (POF) Has Plenty of Sharks.

The Internet is full of stories about caller ID spoofing being used as a successful criminal tool.  Here are links to just a few recent articles:

We at TDS believe that blame for this explosive misuse of technology rests squarely on the shoulders of the FCC, the Federal Communications Comission.  Once again, “caller ID spoofing” is a perfect example of just because it can be done, should it be done?  Should technology companies and software programmers have the right to create tools that enable others to hide their identity/location without any oversite or regulation of the people using these tools?  It is easy to find many articles addressing the fact that online fraud is exploding and costing U.S. businesses and citizens billions of dollars every year. (Read this Forbes.com article How Online Fraud is a Growing Trend.) Certainly, Congress should appoint a special committee to investigate and see if regulations can be enacted that will make it harder for criminals to victimize Americans.  But Congress can’t even tie their own collective shoelaces at the moment so don’t expect any help from them.  Congress is also so severely behind the technological times that we wonder if they are using smartphones and the Internet at all.

So what can we do to best protect ourselves from caller ID spoofing?  Here are several best practices to consider.  Also, equally important, teach your elderly relatives and teen/young adult children these practices as well!

  1. Change the way we think about Caller ID. Stop trusting caller ID and recognize that spoofing is routinely used by marketers, surveyors, pranksters and criminals.
  2. Do NOT answer phone calls that come from numbers you don’t recognize. PERIOD!  If it is important, let the caller leave a message and you can decide whether or not to call him or her back.  (If you are truly curious why a number calls you repeatedly but never leaves a message, Google the number.  In most instances you’ll learn that others are reporting that number as a scam or marketing spam.  In that case, use your smartphone built-in feature to block the number.)
  3. You can sign up on the U.S. Government FTC service DoNotCall.gov but it is completely ineffective at stopping the vast majority of calls.
  4. Sign up with the acclaimed service NoMoRobo.com  (Read this article on the Best Spam Call Blocking apps for iPhones or this article for Android phones.
  5. Finally, as always, when it comes to the Internet AND telephones, keep a healthy dose of skepticism at hand.

To learn more about VoIP phone systems in general, visit this blog post at the Network Union titled "A Simple Guide to Buying a VoIP System."

FOR YOUR SAFETY:  New Mail Address, Its Me and Job Application

We think it’s pretty effective social engineering when an email subject lines says “new email address here, it’s me.”  Would you have opened it?  If you look, the sender never identifies himself but we wouldn’t trust that link for all the tea in China.  In fact, we were able to trace that link back to China!

Delete.

 Another effective social engineering trick we’ve reported on in the past is this email for a job application.  “How’s your day?”  Well, it’s about to get a lot worse.  That attached Word doc contains a Trojan malware.

 


ON THE LIGHTER SIDE:  Confusion From a Money Mule

We read this priceless conversation between an attorney baiting a 419 scammer and simply had to share it!  419Eater.com is a service that encourages and offers guidance for people to scam the scammers and waste their time and money.  This guy does a beautiful job of it with a scammer who doesn’t seem to be working with a full deck or good command of English.

Enjoy!

http://forum.419eater.com/forum/viewtopic.php?t=287363#2326353

---

Until next week, surf safely!

 

 

s2Member®