Please support our effort by making a small donation. Thank you!

x

December 30, 2015

THE WEEK IN REVIEW

We want to wish all of our readers a very happy and safe new year! Through our lens, 2015 could easily have been called the “Year of the Scam” as online fraud and malicious intent exploded unabated across the Internet. We thought it might be fun to create the newspaper headlines we would love to see in 2016. Call this wishful thinking. Happy new year everyone!

“ICANN Corruption Exposed: Internet Governing Body Tied to Organized Crime!”

“Many Global Top Level Domains Shut Down Due to Overwhelming Internet Fraud.”

“Eastern Eurpean Criminal Internet Gang Gutted by Interpol.”

“Major Internet Registrars Shut Down by FBI – Linked to Criminal Activity.”

“American Graphic Designers Arrested for Assisting Russian Online Criminal Gang.”

“Worldwide Criminal Oligarchy Botnet Taken Down! Arrests Made in Multiple Countries”

Sample Scam Subject Lines:

Business and corporate loans | Find Low Interest Rates online

Energy Efficient HVAC units This december

Government hARP program: Lower Your house Payment Today

Home Treatments for Gout

Must watch video (disappearing soon)

New Deals on Energy Efficient Windows

Oprah: The easiest way to shed-fat this New Years

Re: CIA expert: “Be protected wherever you go”

Re: Sexy Russian women are desperate to find a boyfriend

Re: World Class-Wine, 45% off for x-mas

Treat Pain and Inflammation Naturally

Treat your acid reflux

You’ve been selected for outstanding leadership

Sample Scam Email Addresses:

BankTellerJobs@sglv.top

BestAutoDeals@0xu1.top

CatCareCoupons@whitetain.download

CreditCardProcessing@entralise.download

DiabetesSystemProgram@diabetes60.top

FlyCheap@alphalic.top

insulin@bigdiabetes.top

J-Lo-Miracle-Wrinkle@mkgyth.walkinbathhaving.date

PremiumSteaks@thesive.download

RoofingDiscounts@supecom.top

TripstoHawaii@lveeg.download

UrgentNews@rusturides.com

VARateLock@gediene.top

 

 

 

 

Phish NETS: Advance Fee 419 Scams and USAA Bank (again!)

We’ll be the first to admit that we’re bored finding only another USAA Bank phishing scam again. This is the third week in a row seeing these same exact scams. The link points to another hacked website in India. (Yawn.) In case you don’t remember what they look like, here it is… again:

In light of this paucity, we thought we could cheer you up with some Advance Fee Nigerian 419 scams we’ve been seeing. We have to hand it to the 419ers, they are a creative and determined bunch, no matter how outrageous the scam. God love them. Take, for example this lovely email from “Ms. Liza Wong, Head of Account Audit Department of HSBC Bank in Malaysia.” You’ll notice that there is no “From” email address for Ms. Wong. We had to dig into the code of the email to find that her “reply to” address is listed as liza.wong.2013@gmail.com. Wouldn’t you like to be her foreign business partner and share in the $85.5 Million dollars?

2-Advance fee 419 scam 1

Or how about this email from your friend Ahmed Hassan El Mahdi about your past sincere effort so that he wants to reward you to the tune of $250,000.00? If we’re that close a friend (worth $250,000) why doesn’t he know you by name and have your contact information to give to his bank officer?

3-Advance fee 419-Compensation to transfer money

Finally, we wish to honor the origin of these Nigerian 419 scams by leaving you with this email in which the scammer identifies himself as the Chairman of the Nigerian Financial Crimes Commission. He’s trying to offer you compensation for your previous losses to the 419ers! (These guys have gall!) If you believe him, then we want to talk to you about a sales opportunity for Lunar plots. But hurry! They’re only available until the next full moon.

From:  pikpik6@hytgweb.com                   Time:  2015-12-24 11:11:46

Subject:  FRAUD PREVENTION / FINAL PAYMENT NOTICE

FROM THE DESK OF MR IBRAHIM MAGU, EXECUTIVE CHAIRMAN ECONOMIC AND FINANCIAL CRIMES COMMISSION(E.F.C.C) IN CONJUCTION WITH THE FEDERAL BUREAU OF INVESTIGATION(F.B.I) N0. 15A AWOLOWO ROAD, IKOYI LAGOS-NIGERIA.WEST-AFRICA.

DIRECT EMAIL: efccoffic.org@consultant.com

Dear Sir / Madam,

FRAUD PREVENTION / FINAL PAYMENT NOTICE

Firstly we introduce this commission, Economic & Financial Crimes Commission (EFCC), we fight cyber crime, Internet fraud, scams and money laundering in Africa, America and London (United Kingdom) Our commission has been in existence since 2004 and our duty is to stop Internet Fraud.

We have over 7,500 of them in our jails around Africa, China, Malaysia and UK and we are still looking for these internet fraudsters and we are aware that a lot of foreigners have been deceived and huge amount of money has also been lost to this fraudsters after promising you percentages in their letters for you to help them move funds and they will end up demanding money from you and in return you will get nothing.

The Leaders of the African and International Crime fighters has come together to inform the world what is going on now and we have recovered over $422 Million Dollars (Four Hundred and Twenty two Million Dollars) from the people we have apprehended. The reason we are writing you this letter is because your name was given to us by one of the fraudsters in our detention room after serious investigation and our aim is to refund all lost fund to its legitimate owner.

The Government has approved a total sum of Two Million Five Hundred Thousand United states Dollars (US$2,500,000.00) only as the compensation of the lost that you incurred as this was a smaller rate as some suffered more while others suffered less and the idea is to restore you back to the position that you would have been if not that you were defrauded.

In addition to this, your payment of Two Million Five Hundred Thousand United states Dollars (US$2,500,000.00) only will be paid to you in the next few days through the International ATM CARD which will be issued in your favor?.

All that you have to do right now is to contact the undersigned- UBA BANK PLC.

OFFICE ADDRESS: Marina Way, Victoria Island,Lagos-Nigeria.

CONTACT PERSON: Mr Rasheed Olaoluwa (PAYMENT DIRECTOR).

EMAIL:atmofficgroup@gmail.com

furnish him with the following data of yours immediately as we intend finalizing this payment in few days time.

Your Name, Your Mailing address (Not P.o Box Please)

Your Direct Mobile Number

Occupation:   Age:

Regards

Mr. Ibrahim Magu

EFCC Executive Chairman

If you enjoyed reading these Advance Fee scams, read our feature article on this topic!

Amazon Scam, Compare Airline Tickets, Money Saving Restaurant Offers and Suspect Withdrawal

We recently learned about a scam targeting Amazon.com buyers from a Reddit.com user named entropys_child.

Entropys Child describes getting an email disguised to look like it comes from Amazon Payments Customer Service but a mouse-over reveals the link doesn’t point back to Amazon. Entropys Child further reports that the sender’s address was “Amazon < payment@intl.com >” not from Amazon.com.

Dear Amazon Customer:

This email was sent by the Amazon server. your order has been suspended , because we are unable to verify your payment details please Verify that you entered your payment information correctly on your order You have successfully used the payment method on a previous order Part of your order has already charged and shipped successfully You have funds available in your bank or credit account to cover the order cost Please Update Your Payment Details in order for us to Proceed with your shipment Today To verify your Payment details, click on the link below. and follow the state procedure.

These next two scams look extemely convincing because they are so well crafted graphically and mimic legitimate offers that compare the cost of airline tickets and make restaurant offers. But these are scams! Both domains, aphalic.top and exambe.top, were registered just a few hours before the emails were sent, and by the same person… “Kris Mark Kopina” of Future Bright Solutions, in Grandville, Michigan. We have seen hundreds of scam emails like these claim to be from this marketing/advertising group called Future Bright Solutions. They list their address as 2885 Sanford Ave SW #25405, Grandville, Michigan and always offer email recipients a link to “opt-out” of their advertisements. (NEVER click “opt-out”!) However, Google cannot find any website for a “Future Bright Solutions” in Michigan.

If we Google the address for Future Bright Solutions in Michigan we find a fascinating article on Mlive.com, a local Michigan news company, about the misuse of this address.  Read through the initial scam topic of their news story and then see the comment from the Better Business Bureau. According to another article at MailboxForwarding.com, #25405 appears to be little more than a mailbox drop. Apparently, many others have complained for years about spam scams being associated with this Michigan address, including this August, 2011 post from an Anti-spam blog called blog.onlymyemail.com, this personal blog post from February, 2012  and this Apple Discussion about spam in July, 2013. So why is it that law enforcement in the United States doesn’t seem to care or try to shut these fraudsters down? We’re no Sherlock Holmes but it took us little time to find all of this information. Furthermore, the mailbox misuse over years suggests that someone living in the vicinity of that address might be helping to set up these mailbox drops. Clearly, the fraudulent use of these mailboxes violates federal law and the business enabling this to happen should be shut down and fined. Anyway, delete this junk and never click those links to opt-out. It won’t help and only make matters worse.

 

Finally in this week’s Your Money column we wanted to raise reader’s awareness about fraudulent texts many people have been reporting including one of our readers. He sent us the screenshot below which appears to have come from an email address in Italy about an F.C.U. Debit Card (Federal Credit Union). When we research the phone number (which appears to be missing the last digit) we learn that many people have reported this scam on FindWhoCallsYou.com and 800Notes.com.

6-suspect withdrawal text

 

TOP STORY: What’s So Magical About $50?

We would love to interview the people who run the criminal enterprises that push out most of the online fraud we see day-in and day-out. We have a hundred questions we want to ask them! One of the top ten questions for our interview is… What’s so magical about $50 that you want to use it as an incentive in so many scams? Why not $99, $35, $65 or any other value? Think our question is a bit strange? THOUSANDS of scams use this dollar amount to entice their victims to click. Look at the Subject line column of scam emails hitting an email server over a 15 hour period just before Christmas in the next two graphics…

7-50 gifts 1

8-50 gifts 2

Trust us when we say that this is just a drop in an ocean of scams targeting Americans daily.   Our long-time readers have seen these scams many times before. (Check out recent samples below.) Judging by the templates, graphic design, repetition, and under-the-hood coding, we strongly believe that one, or possibly two, criminal gangs are responsible for all of them. Did you know that “5-0” is slang for the Police? (Us old timers will remember Hawaii 50) So perhaps the common use of $50 in these scams reflect some criminal gang member’s sense-of-humor. If only we could get that interview…

9-50 BJs club reward

10-50 Kohls customer appreciation

11-50 Sams Club customer appreciation

FOR YOUR SAFETY: Look at My Naked Photos, American Air Tix, Invoices and Fax.

Sexuality is probably one the greatest gimmicks used in advertising and marketing to get viewers’ attention. Next to a “bargain” and “sensational news,” that is also true online. So this next email to “please look at my naked photos” should come as no surprise regarding it’s ability to engineer a click. But readers will want to resist that urge should they see junk like this. Look at the next graphic from VirusTotal.com about the website claiming to host those naked photos.

Just delete!

12-Look at my naked photos 1

13-Look at my naked photos 2

The email below came to us at TDS but we never booked tickets to Oklahoma City! Look carefully at the “from” address. Can you see what country it was sent from? It wasn’t the U.S. By the way, the attached zip file contains malware, not an American Airlines ticket.

14-American Air ticket order approved

As we’ve reported in past weeks, here are three more examples of short emails carrying dangerous attached files designed to infect your computer.

Delete, delete!

15-Invoice copies - advise payment date

16-Pay Invoice-avoid severe action

17-You have received a fax

ON THE LIGHTER SIDE: Urgent News Out of Washington, DC

Dear TDS Readers, we have urgent news to report! We’ve been informed by a reliable authority (UrgentNews@berforwas.com) that a shocking coverup involving Obama, Congress, and the FDA is threatening the lives of over 45 million Americans… including you! There’s not a moment to lose!

(Wait…. If this is true, doesn’t it mean that President Obama and our Congress actually had to work together successfully to make this possible? What are the chances of that happening!)

18-Urgent news out of Washington DC

Until next week, surf safely!