Please support our effort by making a small donation. Thank you!

x

December 14, 2016

THE WEEK IN REVIEW

Last week we published a feature article about malicious and scam emails disguised as Christmas holiday promotions. These emails continue to target people, such as this one for embroidered Christmas stockings from thangz55.com.  The scammers want you to believe it came from PersonalizationMall.com by adding this to the from address and into the body of the email but that is a lie.  Our longtime-readers will also recognize the commonly used scam address at the bottom of the email as well… 2885 Sanford Ave SW, Grandville, MI.

And then there was this very frightening subject line, designed to engender a click.  “Islamic State militants vow to attack major American cities.” “ISIS fighters might reach US borders anytime…”  Don’t believe this hyperbole!

2-islamist-state-militants


TDS is very excited to announce that MTV’s show called Catfish is now a proud sponsor of The Daily Scam!  If you have been involved in an online relationship and have a story to share, they would like to hear from you.  Visit Catfishcasting.com.


Sample Scam Subject Lines:

3-Step Diabetes Destroyer!

Drink (2 a day) to end obesity

Forbes: Mark Cuban Speaks Uut on the Election and the Economy

Get Creative. 16,000 Woodworking Plans for You.

Get your Free profile and Start Dating today

Grad your special bonus today!

Installing solar panels yourself

Jim Rogers: 9 Charts point to “Biblical” collapse

Loans for Retirement: FHA Insured Reverse Mortgage Plans

Review your eHarmony matches for free

The Perfect Wine-Opener. The Perfect Gift.

These 2 foods can take you from THIS to THIS

Your FREE NASA Developed Survival Blanket

Sample Scam Email Addresses

Healthy.Living@mirror.vjdealt.top

hometips@qualithd.download

Max.Loan.365@slowly.afastin.top

Mayo-Clinic-Study@trick.friesam.top

Neuropathy_Treatment_Group@planet.aranean.top

newsupdate@gtwoa.stream

paleosecret@fatzi.date

Personal.Water.Filter@emotion.gnareso.top

Public.Health.Awareness@smile.lzalean.top

Santa’s_Shop@tangled.typedjr.top

sharktankbreakingnews@fitnesclub.date

wirelesssafetycameras@wirelessecur.club

yourhealthylife@canbissoil.club

 

Phish NETS: Google Message Notification and Missed WhatsApp Voice Message

Russia has sure been in the news a lot lately.  Specifically, Russian hackers.  You can add this next email onto that bad press.  This phishing scam was designed to trick the recipient into clicking a link to log into a fake Google login window.  “Angelina Khan (Gmail Team) sent you a message.”  However, mousing-over a link in the email reveals that it points to a domain on a Russian server called adm-baksanenok.ru.  Certainly not Google.com.

If any of our readers communicate with friends or family abroad, they likely know about the popular app called WhatsApp.  It is fantastic for talking, sending text, photos, even sharing video across data networks and avoiding phone charges, especially if you are abroad and want to communicate back home.

So this next Phish isn’t as unusual as it may seem to some.  “Missed voice message 8:44 pm”  You have a new Voice mail.  However, a mouse-over of the link “Listen” points to a hacked webserver in Brazil… abcpaint.com.br.

Credit Scores 360, Freebee Tool, and Free Numerology Reading

“Are your credit scores naughty or nice this Christmas?” Let’s begin with an email that appears to come from CreditScores360.com but, of course, does not.  The email contains the same ads from the real website, same logo and address information but look at the real from address.  The email was sent from yourfree3bcheck @geturscor.club.  Links in the email point back to the same oddball domain “geturscor.clubB”  Clever, huh?  “Get Your Score.”  How about “deleeetethisemail.now.”

Here’s another malicious email meant to look like a promotion…. “Get a Kohl’s Friends and Family Gift Card”  Just register, complete the survey and get your gift card.  This is just a nasty social engineering trick to infect your computer.  The email came from yourkholsrewards.com which certainly looks official but it isn’t.  Did you notice the misspelling?  The domain name has khols not kohls.  A WHOIS again reveals the fraud.  Yourkholsrewards.com was registered on December 1 to someone named “Marie Newton” using the email address newtongirl75 @hotmail.com and the website description for the site is “The Superficial – Sarcastic, celebrity coverage, bikinis and uncensored photos.”  Also, note the oddball text found in the black box at the bottom of the email.  Sound like Kohl’s to you?

We’re guessing that the knife advertized in this bogus email is meant to appear to the survivalists out there who take the ad-line “don’t leave home without one” to a very different level. “Our friends at Survival Life are giving away 8000 free credit card knives as their way of saying thanks to those blue rubber glove lovers slowing us down at airports everywhere.”  (Really? Who writes this crap?)  The email came from the ridiculous survivallife@ creditknif.club.  Big surprise that the domain creditknif.club was registered on December 9 using a proxy privacy service in Panama.  The domain is being hosted in Hessen, Germany.  Just delete this junk.  No free anything is coming your way but malware.

Numerology deals with the belief in mystical or magical references to numbers.  So of course we were  excited to see an email from atticus@ numerist.club with the subject line “The Meaning of 04.” We used to think that four was just double two or half of eight.  Clearly, there is deeper meaning and we were hoping Atticus would inform us.  “Hi there, have you ever wondered why some people seem to have all the luck? Have you ever felt discouraged and like an outsider?  Well, we have created an opportunity you can’t afford to miss.”  We think we can miss this one.  Numerist.club was registered on December 3, 2016 once again using a proxy privacy service in Panama.  Keep in mind that the links in this meadow-muffin don’t point to numerologist.com, like they want you to believe.  They point to numerist.club.  There’s a big difference!  Numerologist.com  was registered in 1997 and Google shows a long history and information about the website.  Google hasn’t a clue what or where numerist.club is.  We suggest that the real meaning of numerist.club is zero.

Delete.

TOP STORY: Before You Give to Charity…

This is the time of year when giving to charities is way up.  Tis the season, and tis the end of the year if you are looking for any year-end tax incentives.  And more than likely, anyone with a snail-mail box is reminded to give generously at least ten times each week.  So we thought it appropriate to remind our readers that not all charities are created equally and they might want to consider how their donation dollars will be spent before sending a check to support their favorite cause.

In order to receive a chartity donation, for which the donor can get a tax credit, an organization must be more than just a non-profit.  It must be registered with the IRS in a special category.  For example, the most common types of religious or other charitable organizations are registered under tax code 501c3.  (Wikipedia has a good article explaining this.) This is good for consumers because all 501c3 registered entities must publish tax form 990 for the public to view.  Some websites, such as CharityNavigator.com will provide form 990, as well as a star rating and detailed assessment reflecting how well donations are put to use based on a  lot of information including form 990.  (To get the full benefit of information at Charity Navigator, you will need to sign up for a free account.)

Once logged in, Charity Navigator provides good tips for donors, and many “top ten” lists that can help you choose charities who will put the bulk of your donation to work where you want it.  This is in contrast to a donation in which most of your hard-earned dollars go to obscenely high-paid CEOs or other administrative staff, or their travel and party expenses, or perhaps to an organization that poorly manages the money it receives.  Charities are given one to four star ratings with 4-star as the highest rating.  Using their advanced search features, for example, we searched for charities containing the word “animal” but with only 1 star ratings.  Amongst the returns was a 5013c charity named “World Animal Protection” based in New York, NY.  As of this publication date, in addition to its 1-star rating, Charity Navigator offers the overall score of 69.76 out of 100 for “World Animal Protection.”  They also provide a graph reflecting a financial score versus an accountability and transparency score.  Look at the yellow dot to see where “World Animal Protection” sits on the graph:

By contrast, according to Charity Navigator, the “Animal Welfare Institute” based in Washington, DC with its 4-star rating, has an overall score of 92.92.  There is also quite a contrast in its graph showing showing financial score vs. accountability and transparency score.

As you plan your holiday giving to your favorite charities, check in with Charity Navigator and other similar services to have greater confidence that your giving dollars have the biggest impact you intend them to have.  Here are a few more resources to help you plan your philanthropic efforts.  Happy holidays!

https://www.charitywatch.org

http://give.org/

http://www.givewell.org/

Consumer Reports Articles:

http://www.consumerreports.org/charitable-donations/is-that-charity-a-scam-/

http://www.consumerreports.org/charitable-donations/best-and-worst-charities-for-your-donations/

http://www.consumerreports.org/cro/2012/12/make-sure-your-donation-counts/index.htm

FOR YOUR SAFETY: You Have Been Subpoenaed, Check Bounced, Anna From Delivery, and Attention Required

It is certainly meant to be intimidating when a colleague at your company sends you an email saying “you have been subpoenaed by the FTC.” However, the link for FTC Subpoena points to a webserver in Vietnam (2-letter country code = .vn) and the Zulu URL Risk analyzer informs us that the chances are 80 out of 100 that the link is malicious.  We’ll step up and say that the link is 100% malicious!

10-you-have-been-subpoened

re: nov check.  It bounced.  Get back to me asap…..  We don’t think so.  The link for “CHECK # 18400” points to a hacked website in the UK.
11-check-bounced

“It is Anna from the delivery service.  Recently, you’ve made the order in our store.  Sending you the receipt and full report in the attached file.”  –Notice subtle language issues in this email.  The attached zip file is full of malware.

Just delete.

“Attention required” says “Hazel Woods” from an address in Brazil. (From address shows 2-letter country code = .br) Once more the recipient is asked to check out the details in an attached zip file.  It’s like opening a hand-grenade.  Once you double-click, the damage is done.

Delete.

13-attention-required-pay-tax

 

ON THE LIGHTER SIDE: This is to Congratulate You

Apparently we’ve “scaled through the hurdles of screening by the Board of Directors of UN Compensation payment task force,” affectionately known as the BoDoUNCPTF.  We’re going to ask for an ATM card to hold that $5.7 million dollar payout and then swipe joyously for the rest of our lives!


From:  macillindally123@gmail.com
Time:  2016-12-08 19:40:55
Subject: This is to congratulate you

DEAR: BENEFICIARY.

This is to congratulate you for scaling through the hurdles of screening by the Board of  Directors of UN Compensation payment task force. Your payment file was approved and the instruction was given to us to release your payment Worth US$5.700(Five Million Seven Hundred Thousand United States Dollars Only)and at any of your Options; The options are as follows

* Bank To Bank Transfer
* Diplomatic Cash payment
* ATM Card.
* Bank Draft(ICBD)

We look forward for your immediate response to enable us start the necessary arrangement for the release of the fund to you.

Best regards.
Mr.Marcellin Dally
Director of Payment UN  African Liaison Office
E-mail:dallymarcellin123@gmail.com
Tel:+234-805-466-784

 

 

Until next week, surf safely.