Please support our effort by making a small donation. Thank you!

x

August 31, 2016

THE WEEK IN REVIEW

We have seen a significant jump in the overall number of malicious emails targeting our honeypot servers in the last week. This included an increase in attached malware in the form of zip files prompting this week’s Top Story to revisit “social engineering.” Amongst the thousands of scams and threats are those few gems that simply make us laugh and we’re grateful to the criminals for their sense of humor in the ocean of pain they push out to the public. Here’s one that had us smiling…

“CDC researcher warns: Yellow nails linked to deadly condition” “This crazy story gave us chills down our spines. This war-inspired breakthrough saved the life of a man who had been poisoned by toe and nail fungus!” This is some of the best fiction we’ve ever read! The link points to nailcurefungus.eu (.eu = European Union top level domain)

1-Yellow nails linked to deadly condition

 

 

 

Read our newest feature article… U.S. Government Agent Martin Robel Snr is Giving Away Money!


Sample Scam Subject Lines:

60 Minutes: Sir Paul McCartney no longer has alzheimer’s

Affordable Business Class tickets that could redefine

Browse water filtration products

Do you Qualify for Tax Debt Help?

Explore Alcohol Rehab Listings

Gwen Stefani Spills the Secrets

Johns Hopkins Doctor Changes the Course of Pain Treatment

Learning About Retirement Plans Can Help You Save Thousands

Monthly report

Online education has an endless variety of programs and courses

Pre owned cars for your driving pleasure

Re: Salary [$900 /week]

Re: You have (6) unread messages from hot wives wanting to meet you

Sample Scam Email Addresses

AlaskaCruises@parallies.stream

Auto-Warranty-Quote@aqwe3oi.wqadult.top

CarRental@tariker.stream

CheapSurveillanceCameras@predace.stream

Cloud_Computing@paquint.stream

Colombian_Dating@uiofaes4.fvaged.top

OutdoorWirelessSecurityCameras@predace.stream

RentToOwnHomes@strendence.stream

salesontires@tirecouppp.top

Sell_your_Asset@pea1una.bakedkq.top

Solar.Energy.Incentives@edie5ee.seizedb.top

The-Timeshare-Professionals@buei8oe.peachyx.top

WaterFiltrationSystems@whistock.stream

 

Phish NETS: Paypal

Check out this email sent from an address in Japan. An email address that ends in “dot-2 letters” is a country code. “.jp” means Japan. (Visit this Wikipedia page to see all 2-letter country codes.) “Hello Paypal User” “Recently we have detected different logins to your account from different country followed by some illegals buys…” In almost every instance, phishing scams can easily be exposed by looking at three things…

  1. “From” address – Does it come from the company/organization it claims to represent?
  2. Mouse-over link – Does the link point back to the domain for the company/organization is claims to represent?
  3. Grammar and language – Every legitimate email from a real company/organization will have impecable grammar and phrasing. Read the email below and you’ll know exactly what we mean.

A mouse-over of the link for “Click Here” reveals that the link points to a website in Chile (.cl) Now delete.

 

Your Money: Save BIG on Prescription Glasses, Get Eating Disorders Solutions, Dental Care For Your Dog

“Save Big on Prescription Glasses with 50% Off + Free Shipping” Once again, the “from” address says it all. Check out this scam sent from glassesusa@glases.download. Do you think a legitimate business would misspell “glases” in the name of their domain? And then there is the spammy hidden white text against the white background at the bottom of the email.

You know what to do…

In case it isn’t outragously obvious to everyone, the criminal gangs who target people often target those who are most vulnerable, in pain, and searching the Internet for help. These bastards don’t care how much people may be suffering from mental or physical health problems or emotional issues. Here’s another example of that. Check out this group of emails that hit one email server on August 23 in the course of one minute. Got an eating disorder? We can hurt… er, I mean help…

Our long time readers will recognize the design and layout of these emails as coming from one of the criminal gangs most responsible for sending these threats across the Internet. As we have pointed out many times with previous scams, these emails were not sent from an advertiser called Gloservices of Chicago. The domain nui0t.men was registered on August 23 to a fictitious organization we’ve exposed many times called “Futurebright Solutions” of Grandville, MI.

Important news for dog owner…. Does your dog have smelly breath? Did you know your dog’s smelly breath could be a sign of disease? Watch the video says this email from TruDog_Breath_Spray@nus7eal.mainath.top. This is malarkey. The “nus7eal” is a subdomain and can be ignored. When we look up the real domain (and top level domain) mainath.top we see that it was registered through Alpnames on August 28 by someone named Jacynthe Crivelli from Luxembourg. And that hidden white text at the bottom was lifted off a Yelp review for a restaurant in Fairmont, Maryland.

Deeeeleeeete!

6-Dental Care for your dog

TOP STORY: Effective Social Engineering Tricks That Infect Your Computer

Social engineering refers to a hacker’s clever manipulation of the natural human tendency to trust. If you got an email message with a sender’s name, you worked in a business, and it is your job to respond to messages such as these, wouldn’t you likely click the attached file?

  • Kindly see the attached bill concerning your overdrawn bank account
  • Please sign the attached contract with our technical service company for 2016-2017
  • There were some errors in the monthly report you submitted last week. See the highlights in the attachment and please fix as soon as possible.
  • There is a message to you from 01401884230, on 2016/08/23
  • Voice Message from Outside Caller (3min 32sec)
  • Please sign the attached purchase of the office equipment. We will send you back the receipt afterward.
  • The audit report you inquired is attached
  • Attached is the paper concerning with the cancellation of your current credit card.

Each of these social engineering tricks have several things in common that should raise suspicions:

  1. None of them identified the recipient by first or full name. Either they contained no name or the name used was the name on the email address.
  2. Besides the bogus name of the sender and sometimes their job position, none of these emails offered any identifiable information such as a company name and phone number, or physical address. Nothing that could be used to verify the email before downloading and opening the zip file.
  3. All contained an attached zip file. Zip files are the hacker’s file of choice for hiding malware that will spring to life the moment the file is opened. Read our article about dangerous file types called “Filenames Will Set You Free!”

Notice that we didn’t say that the recipients won’t likely recognize the email address. There are several reasons why the “from” address won’t be helpful to recipients including the fact the “from” addresses can be spoofed, email accounts are often hacked (and malicious emails sent in someone’s name) and the recipient may not recognize the sender anyway.

7-TS-bill

8-TS-contract

9-TS-monthly report

10-TS-new voicemail message

11-TS-voice message from outside caller

12-TS-Office equipment

13-TS-audit report

14-TS-credit card cancellation

Here are two interesting articles about social engineering tricks worthy of your time:

http://www.bullguard.com/bullguard-security-center/internet-security/social-media-dangers/what-is-social-engineering.aspx

https://www.webroot.com/us/en/home/resources/tips/online-shopping-banking/secure-what-is-social-engineering

If you know anyone at a business, non-profit or organization who might benefit from seeing this information, pass it on!

FOR YOUR SAFETY: Amazon Survey reward

Can You Spare 30 Seconds, Amazon Has A Reward Inside. This is another social engineering trick. There is no reward. No $1000. Just a computer infection waiting to happen.

Delete!

 

 

 

 

 

 

ON THE LIGHTER SIDE: Good News!

Last we looked in the mirror we didn’t see the word gullible across our foreheads. We really want to believe “the Secretary of the United State Department of Homeland Security.” And his email is so articulately worded as well!

From:  michaelrolle84@yahoo.com
Time:   2016-08-22 06:21:02
Subject: GOOD NEWS

GOOD NEWS

I,m Jeh Charles Johnson. the Secretary of the United State Department of Homeland Security. I contacted you because there is a consignment box containing a raw fiscal cash of $4.5 Million that was brought to our office by ECOWAS saying that it is yours. The $4.5 Million is a contractual inheritance Winning that was issued to you by (ECOWAS) ECOWAS means the (Economic Community of West African States) in collaboration with International Monetary Fund (I.M.F) through the U.S Embassy Benin Republic. You are expected to kindly reconfirm your information so that the release of the Consignment box containing your winning fund can be processed and released to you. The information needed from you are YOUR FULL NAME and HOME ADDRESS.and PHONE NUMBER

Until next week, surf safely.