Please support our effort by making a small donation. Thank you!

x

December 21, 2016

THE WEEK IN REVIEW

Do you still have a Yahoo email account?  We hope not!  Nearly three years ago we wrote an article titled Why Yahoo is the Worst Email Service on the Planet. There have been many Yahoo hacks and disappointments with Yahoo since then and the pain for Yahoo users keeps coming.  On December 14 news broke that Yahoo had yet another hack back in 2013 in which a billion user’s account data was stolen (including passwords) and it is just being revealed now.  Know someone with a Yahoo account?  They use it at their own peril.

Criminals continue to use the hint of sex and hyperbole as a staple to trick you into clicking malicious links.  Check out this email from naughtysecret @desiresystem.date with the subject line “This NAUGHTY trick will blow his mind…”

Also in the news in varying degrees has been the use of fake news on social media.  Apparently, fake news has been used (misused) to push political agendas and drive click-traffic to make money, in addition to the usual nefarious, harmful intentions.  Despite Facebook’s promise and effort to crack down on it, this “sponsored ad” appeared on Faceback this past Sunday and was sent to us by a reader.

According to the reader, when you click the link you are sent to a page that looks like CelebrityDirt.com (though we cannot confirm that) and to an article titled “20 Cute Child Actors Who Grew Up To Be Ugly.”  However, we did get the code for the actual link on this “SAD DAY IN HOLLYWOOD” ad and it is very suspicious.  Look at this screenshot of it:

3-fb-fake-news-link

 

The link for the “ad” contains some web coding called “URL Encoding” which makes it harder to read by most people.  But if you look carefully at the long string of text after facebook.com you might recognize the “http” and the domain celebritynewsmedia.com.  We have no idea how this is related to celebritydirt.com but after decoding, it is very clear that the link will send you to a file on celebritynewsmedia.com.  Google cannot find any information whatsoever on this domain and a WHOIS look up reveals that the domain was registered on November 29 using a privacy protection service in Panama.  We cannot prove that this link is malicious but we would never click it!  It is extremely suspicious.  And, by the way, Sylvester Stalone is alive and well, thank you very much.  This type of click-bait has appeared in recent months saying that all of the following had died and all reports were lies:  Adam Sandler, Morgan Freeman, Martin Lawrence, Jack Black, Cher, and others.

Happy holidays!



Sample Scam Subject Lines:

Amount Payable

Christmas Gift of the Year

Christmas Gifts Oakley Outlet Up To 89% OFF

Congratulations! You can get a $50 Sears gift card!

Courier was not able to deliver your parcel (ID00000947653, FedEx)

Direct Auto Warranty Renewal. Reply Today

DO NOT IGNORE THIS

Gift Ideas For Dog Lovers. New Every Month. (20885921)

Join a network for success, for women, by women.

Order receipt

Tons of Photos & Videos Stored on Your Computer?

We have received your new LatinDate account

Your FREE survival blanket

Sample Scam Email Addresses

bloodsugarblueprint-[YOUR EMAIL]@temporise.com

christian.marriage.coalition-[YOUR EMAIL]@scottsdalern.com

Cure.for.Herpes.Virus@create.solutionherpescure.us

eyecare@powrvision.club

findyourstuff@trackrapp.stream

Golf-Pro-Device@infants.lklovely.top

Mark-Cuban-on-Forbes@pepper.rattyod.top

nbc-health-report@sudden.ficterb.top

NeuropathyTreatmentGroup@visit.stswamp.top

Personal-Water-Filter@provided.gymoneo.top

SantaMailroom@scenery.thomena.top

Santas.Workshop@bulletin.passiws.top

skin.beauty.news@feather.upprelo.us

 

Phish NETS: You Are Invited to Join Our Exclusive Communities

We’ve had one of those unusual weeks in which we didn’t find a single phishing scam!  But we did find a group of malicious emails disguised as invitations to join “exclusive clubs.”  The email doesn’t identify you but they tell you that “your social networking reputation has pre-qualified you to register with us…”

“Are YOU Top Exclusive 100 Material?”  Though a WHOIS shows that the domain ligneeco.com was registered on January 22, 2016, no website title or website can be found.  Google can’t find anything at all about this site either. But if that isn’t enough to convince you to stay away, the Zulu URL Risk Analyzer scored the link in the email as 95% malicious.

“Join a growing executive community” “Your Confirmation is Almost Complete… CLICK HERE TO QUALIFY.  Your social networking reputation among your peers and colleagues of your profession entitles you for pre-qualification!”  Sound familiar?  It turns out that the Zulu URL Risk Analyzer found the exact same malicious scripts waiting at darkskyreserve.net that were found at ligneeco.com, described in the first scam. 95% malicious!

YOUR MONEY: Holiday Gift VR Glasses, ADT Home Monitoring System, and Find Out What Your Timeshare is Worth

We thought this could be one of the coolest gifts!  “The only virtual reality glasses that will work with iPhones” (not true)  says this email from astoriaheadset.top. The link is malicious and points to a domain that was registered the same day the email was sent using a privacy protection service in Panama.

This isn’t the first time we’ve seen criminals target folks by pretending to be a special deal from ADT.  “Get Your Free ADT Monitored system and receive a Free Visa Gift Card from Protect Your Home.  ACT NOW”  Criminals try to fool email recipients by using legitimate-sounding names in front of the “@” symbol in an email address.  Don’t believe these user names.  Anyone can open an email account and put anything in front of the “@” symbol!  This email came from ADT.Authorized.Dealer @enter.clapsmo.top.   The domain was registered by someone named “Jerry Aldape” from Rennweg, Switzerland the day before the email was sent.  And don’t believe those bogus endorsements at the bottom of the email either.  Anyone can write anything in an email but that doesn’t make it true!

7-atd-home-monitoring-system

Here’s another malicious email from a “dot-top” that looks like a good deal… “The Real Estate Market is Back.  Best Time to Sell Your Timeshare”  “Do You Own A Timeshare You Don’t Use Or Just Need Financial Help?”

Whenever an email contains a large single-colored box we always find hidden text in it that is intended to fool anti-spam servers and help get the malicious email delivered.  Take a look at the orange text we revealed below in the orange box when we dragged through it… “Fantastic local fare! Doesn’t get better. Truly a talented chef…”  The criminals lifted that text from a Yelp review of a Lafayette, Indiana restaurant called Heirloom.  The domain fadlate.top was registered by someone named Dolly Miu from Stovolos, Cyprus the day before the email was sent.

TOP STORY: A Pinch of Satisfaction

Readers may think we earn big bucks from our website and the work we do but we can assure you it is quite the opposite.  The rewards we get come from the work itself and what we hear from our readers.  For example, very recently we helped a young man who was targeted by criminals using the underage girl sext scam. He was really upset and scared his life was destroyed until his father found our article and contacted us.

However, every so often we take a pinch of satisfaction by playing with the scammers, wasting their time,  money, and raising, then dashing their hopes by leading them into thinking they have an easy mark.  We wrote an article not long ago about a few of these fun times called We’re Giving Away Money.” Now imagine the smile that exploded across my face (Doug) when the following email landed in my inbox last Wedesday…

Kate’s bag was stolen, including her phone and she needed immediate help from me before her return flight!  The real Kate is a very distant acquaintance and still had my email address.  Her email account was hacked and it wasn’t the real Kate sending this email.  **BIG surprise** A scammer sent it and the game was afoot!  By the way, I showed this email to a group of teens and asked them if they had any suspicions about the authenticity of Kate’s claim.  They easily nailed two critical points….

  1. If Kate knew me well enough to ask for money like this, why didn’t she address me by name?
  2. “Kate’s” sentence structure, spacing and use of a lower-case “i” was awkward and didn’t feel right for a native English speaker.

No matter.  Wanting to help “Kate,” I sprung into action immediately…   😉


December 14, 2016   10:06 AM Doug writes:

Kate,
Oh my God!  That’s awful!  What can I do to help?
By the way…. how are Robert and the girls?  Are they with you?

Doug

(I have no idea if Kate is married or has children so I picked a name and decided she ought to have two daughters.)


December 14, 2016   10:37 AM “Kate” writes:

Glad to hear back from you.We are together here,I don’t have access to phone right now,It has really been embarrassing for me. ($1,750)  will cover all my expenses but i will appreciate whatsoever you can afford to send right now, I promise to refund it to you as soon as I arrive home. You can send it to my name from a money gram outlet around or Publix store. Here are the details you need to get it to me

Name: Kate [NAME REMOVED]
Location: 1588 Pedro Gil cor M.H. Del Pilar, Malate,
City: Manila
Country: Philippines
Zip Code: 1004

Let me know how soon you can get this done,E-mail me the receipt and confirmation details once you’re done.


December 14, 2016   10:37 AM Doug writes:

I can probably send you about $1000 this afternoon.  I hope that will help!  Did Sarah or Alex….. or anyone else, tell you they can help out?  Want me to call them for you?

Doug

(Kate should have caring friends or siblings, it didn’t matter which, so I gave Kate two loving sisters – Sarah and Alex.)


December 14, 2016   10:37 AM “Kate” writes:

Thanks so much for your concern,I don’t want them to know am out of town,I will check my mail in the afternoon for the money gram receipt once you have it send.

Kate


December 14, 2016   2:22 PM “Kate” writes:

lam still waiting to hear from you,Let me know once the transfer is done and e-mail me the money gram receipt.

Kate

(“Kate” was clearly hopeful and now a bit anxious waiting for her easy mark to send her money.)


December 14, 2016   2:24 PM Doug writes:

Kate,

I hope I did this correctly!  I think I did…. I sent the $1000 with your info via money gram.  The reference number is 05337798334542

Please let me know that you got it ok.  Can’t wait to hear your stories when you get back!

Doug

(I found the reference number on the Internet.)


December 14, 2016   2:25 PM “Kate” writes:

They we need the receipt at money gram agent here,kindly  attached it to me and the reference number is 8 digit number on the receipt.

Kate

(Oops.  My bad. I found a number for a different service than what the scammer had asked for.)


December 14, 2016   2:28 PM Doug writes:

I am sorry Kate…. It should be just the first 8:  05337798

Doug


December 14, 2016   2:47  PM “Kate” writes:

They need the receipt.

Kate


December 14, 2016   2:53 PM Doug writes:

Noooooo!  Kate, you know I am not good with this techno stuff.  I have a paper receipt.  How do I get it to you???  Tell me what to do and make it simple so even I can understand it.

Sometimes I hate being over 75 and not comfortable with this techno stuff!

Doug


December 14, 2016   2:56 PM “Kate” writes:

Ok just snap the money gram receipt and attached it via email.

Kate

(Kate is referring to using the app called Snapchat to take a picture of the receipt)


December 14, 2016   3:06 PM Doug writes:

What???  what does it mean to snap the money gram??  Snap??

I feel so stupid.  Please make this easy Kate.  You know I want to help.

Doug


December 14, 2016   3:37 PM “Kate” writes:

screen munch the receipt.

Kate

(“Screen munch” is both an app on a Blackberry that is used to capture images and an expression in some parts of the world that means the same as taking a screenshot.)


December 14, 2016   3:45 PM Doug writes:

Katie honey, we’re not speaking the same language.

What does screen munch mean?!

Just tell me how to make a picture of my receipt??  Can you get to a hotel nearby?? I can fax it to the hotel from my fax here at work.

Tell me what hotel you are at!

Doug


And then my joy ended.  “Kate” realized “she” was being played and left the sandbox.  We’ve written about the value of wasting a scammer’s time, money and resources in our article Our Civic Responsibility to Hit Back.  If even 1 in every 10 contacts were “players,” it would cost the scammers valuable time, effort and money.  We encourage our readers to do this as long as they feel safe to do so.  For me, at least for a few minutes in a routine day, I got a pinch of satisfaction manipulating the criminal.  Score one for Team USA.

FOR YOUR SAFETY: Your Credit Card Has Been Charged, Marriott Reservation, and Invitation to View Document

“Your Credit Card Has Been Charged” says an email from the domain ccpayalert.net. “We have just processed your payment and your Credit card has been successfully charged.”  That sentence is likely to produce a click to find out what you were charged for!  As the Zulu URL Risk Analyzer shows below, clicking the link is the last thing you want to do!

 


The following dangerous email landed into the email inboxes of the two senior technical staff at an organization.  Fortunately, both individuals saw through the charade.  Would you?  “marriott reservation 708777”  “We booked the Presidential Suite in Marriott for you and your spouse.”  One of the emails contained an attached Word document that had been infected with a virus known as “WM/Agent.SEQ!tr” while the other email (below) contained a link to malicious files on a server in Japan.

12-marriot

Below is another example of the value of hacking into someone’s email account and then using that account to target others with malware.  You are likely to believe and trust someone you know or someone in your field of business.  An administrative assistant at a Massachusetts school had her email account hacked.  The hacker sent people a pdf file containing a malicious script.

Ouch!  Deeeeleeeete!

 

ON THE LIGHTER SIDE: We Got our Debt Settlement Payment, Did You?

We LOVE the Internet!  No, really!  Because we get really entertaining emails like this one from “Daniel O.” with instructions to contact Max Archi about our DEBT SETTLEMENT PAYMENT.  Who else would bother to inform us that the release of these funds is monitored by “Supra-Natural Bodies.”  You gotta give these guys an “A” for trying.


From:  dan4barr@gmail.com
Time:  2016-12-15 16:44:15
Subject: DEBT SETTLEMENT PAYMENT

Greetings,

Re: DEBT SETTLEMENT PAYMENT.

This is to acknowledge with thanks some recent letter received from Central Bank of Nigeria and other Banks here in Africa over your long awaiting unpaid deposit beneficiary’s funds. It is certainly to be appreciated the efforts of the government and Financial Institutions, to establish robust process of debt settlement – devoid of publicity.

Your debt payment has passed the IRS Qualifying International Requirements for international deposits…exchange of data between EU Financial Jurisdictions has equally earned your deposit an approval order for credit release.

That Said. Only two (2) African countries – Republic of Ghana and Nigeria are authorized and qualified to pay out these deposits via Banks in their Jurisdiction.

All activities regarding this programme is now being co-ordinated by our consultants – led by John Max Archi; who will facilitate these payments.

The quality of regulation of this deposit release programme is monitored by Supra-National Bodies, including the IMF; Banks involved in this programme have been substantially funded and laden with sufficient capital adequacy in accordance with International Standards.

Do Contact John Max Archi the CBN consultants for the release of your funds.

E-mail: maxarchi1@yahoo.com

Thanks,

Daniel O.

 

Until next week, surf safely.