Please support our effort by making a small donation. Thank you!

x

February 1, 2017

THE WEEK IN REVIEW

Criminals use a wide variety of behavioral tricks to manipulate us.  An often-used trick is to make someone feel special or selected out of a group.  These are collectively known as “vanity scams.”  Here’s one example with the subject line “Your business profile has been selected.”  The email goes on to say “Why were you considered for this organization? Our member lead algorithms are proprietary, but if you are receiving this letter, the chances are high that we think you are a great fit for our networking program.”  The links point back to the domain idealhyper.com.  This domain was registered by a proxy service just three days earlier and Google cannot find any information for their web site or the marketing firm in Belize it pretends to represent.  To read more about vanity scams, visit our article Recognizing Vanity Scams.”

 

 

 


Sample Scam Subject Lines:

12 Biblical Ingredients That Can Reverse Diabetes

Address needed. Your shipment is on hold.

Auto Loans for Any Credit Type

BEWARE these warning signs girls use to disqualify guys

Celebrate And Remember The Inauguration of President Donald Trump. Limited Quantities Available.

Confirm your acceptance…

Find Exterior Security Cameras – Ads Inside

From the desk of Dr. Katz

Funny stuff

I still haven’t heard from you….

Your Free NASA Developed Survival Blanket

Your profile has been selected for inclusion!

Worry Less in 2017. Get An Instant Online Life Insurance Quote Today.

Sample Scam Email Addresses

AIG-Direct@flower.provedy.us

BathroomRenovation@damage.myswept.us

Exclusive_Trump_Coin@opponent.iffence.us

Instaflex@figure.fanacae.us

Lyft-Driver@fear.qpright.us

Naturan.Products@skin.trimptr.us

offgrid_generator-[YOUR EMAIL]@moonlightor.com

presidential.news-[YOUR EMAIL]@upthereal.com

Terminix-[YOUR EMAIL]@creativecresolutions.com

The-Perfect-Wine-Opener@light.atofair.us

weight_research_group_of_america-[YOUR EMAIL]@iyffnet.com

VineyardElite@touch.kjbwest.us

zippy.loan.personal.loan-[YOUR EMAIL]@3dgroupinc.com

 

Phish NETS:  Apple ID and LinkedIn

“Account Info Change” says an email from eschwab @horizondalton.nl (.nl = 2-letter country code for the Netherlands)  If informs you that someone changed the date of birth on your Apple ID account.  If it wasn’t you, it goes on, you should login to iforgot.apple.com to correct this problem.  However, a mouse-over of iforgot.apple.com reveals that the link points back to a website called liyongyin.com.

Even Google suspects that the website liyongyin.com, located in China, has been hacked.  So why is it that Google doesn’t make it more obvious for the public to see this warning?  The warning should be large, bold and in red!

How about this email that looks like it came from LinkedIn.  “Please confirm your email address”  Though they offer you a REAL text link for LinkedIn “if the above link does not work,” don’t be fooled.  Mousing over the active link “Click here” shows that it points to the website marketing-hightech-dot-com.  We thought it would be helpful to contact this marketing firm and let them know they’ve been hacked but we were completely surprised to learn that this marketing firm is a sham site for hosting malware and phishing scams.

Ouch!  Delete!

YOUR MONEY: Outback Steakhouse Gift Card, CVS Gift Card, and Affordable Internet Service

“See if you qualify for an Outback Steakhouse Gift Card!” says a promotion from RewardZoneUSA.  But it is a lie.  The criminals who created this scam forgot to “white out” the text they added at the bottom to try to make the email appear legitimate to anti-spam servers.  The links point back to the domain populard.com.  This domain was registered the day the email was sent by someone named “Colin Oconnor” from Tennessee.  But the phone number listed for Colin is a number for France and the website is being hosted in Hamburg, Germany.  Sound like Outback to you? These scammers can’t even spell “future.”  Have a look…

One of our readers sent us this scam disguised as an “EXCEPTIONAL OFFER” for a $50 CVS Gift Card.  Look carefully at the from address and notice that after the “Thank you! CVS” is a personal gmail address for someone named Sharon.  This offer was not sent from CVS or a marketing firm as they suggest.  The link for this offer points back to a shortened URL at bit.ly.  We used our favorite unshortening service (Unshorten.it) to see where the link hopes to send us….

Unshorten.it shows us that we will be forwarded to a file at the website called izoora.com.   According to VirustTotal.com, izoora has been identified as a phishing site. (See below.)

“Looking for Affordable Internet Service? Find Choices Today.”  NOT!  This is just another social engineering trick to get businesses to infect their computers!   Of course the domain used in the email, thinhhr.us was registered the day the email was sent.  It was registered to someone named Joe Abraham from Buenos Aires, Argentina.

Delete!

TOP STORY: Weaponizing Your Email Account

Criminals have ramped up their effort to turn your email accounts into weapons. We have noticed a significant jump in the number of hacked or spoofed emails that are being used to attack or scam others.   Check out this variation of the “I’ve been mugged in London” scam after a hacker broke into this user’s AOL account.  It seems like such a lame scam, easily confirmed or denied, but you would be surprised that people fall for it because the email comes from a trusted email address.

People often don’t realize that their personal or business email account is the most valuable digital asset they hold because of its connection to all other accounts as well as connections to dozens, if not hundreds of contacts. But criminals realize their value!  You are far more likely to click a link when it comes from someone you know and trust.   Take this email from a hacked Comcast user with the subject “this is so wonderful.”  Imagine this came to you through a close friend’s account.  How likely would you have been to click the link to the international organization?  The domain “doomzdai-international.org” is not legitimate and the link is malicious. Big surprise.

This next attack has taken advantage of two hacked/spoofed sources.  There is a legitimate publishing service called threesistahspress as well as a photography studio for Melissa Burgess Photography.  But this email is completely malicious.   I’m speechless! Isn’t it incredible?  Yes, sadly, it is

One final example of a weaponized email account is this email that appears to have come from a legitimate law firm about serving a subpoena.   But the link provided by “William Daniels” isn’t for a Word doc.  It points to a malicious file on a server in Vietnam.

It is remarkably easy to disguise intent in communications across the Internet.  If criminals can add a layer of trust or deception to the weapons they use against us, they will.  This just confirms how important it is for us all to keep a healthy dose of skepticism about Internet communication.  If you are looking to understand more about this nasty criminal technique, read one of our other articles…

   “From” Hell

   Beware Emails From Friends

   Instructions for Dealing with a Hacked Email Account

And if you are looking for a way to create a stronger password that is easy to remember for your email or other accounts, visit our newly updated article Creating Strong Passwords.”

FOR YOUR SAFETY:  May contain traces of peanuts, tree nuts or possibly malicious zipped files.

Though it may seem repetitive, we believe there is important value for our readers to recognize the disguises used by criminals to deliver their malware bombs directly to you.  These two emails are perfect examples.  “The Automated Clearing House transaction (ID: 248142174), recently initiated from your online banking account, was rejected by the other financial institution.”  Of course, the attached zip file is malicious.

We continue to see lots of emails disguised as delivery and parcel shipment notices such as this one that pretends to be from FedEx.   Notice the attached zip file.

ON THE LIGHTER SIDE: A Newbie Scammer?

This next advance fee scam can’t possibly be from an experienced scammer.  It can’t!  First of all he clearly doesn’t know that writing all in CAPS is like SHOUTING AT SOMEONE.  This is just too pathetic to comment, other than he needs to look at spelling errors before he hits send.  TRSUT US!

 


From: m12345@speedy.com.ar
Time: 2017-01-21 05:56:18
Subject: MTCN……266 9315 828 (Available for pick up by receiver)

DEAR CUSTOMER,

FOLLOW UP THE INSTRUCTION GIVEN BELOW BECAUSE AFTER OUR MEETING HELD WITH THE FBI,UNITED NATION, BOARD DIRECTORS OF WESTERN UNION AND FEDERAL MINISTRY OF FINANCE, THEY FINALIZE THAT YOU HAVE ONLY 48HOURS GIVEN TO RECEIVE YOUR FIRST PAYMENT OF $5,000 USD FROM THE TOTAL FUNDS WHICH IS (4.8M) SINCE YOU ARE FINDING IT DIFFICULT TO MAKE THIS

PAYMENT, WE HAVE DECIDED THAT YOU ARE TO GO AHEAD AND PAY WHATEVER YOU HAVE FOR THE FEES SINCE YOU ARE NOT ABLE TO COME UP WITH THE REQUIRED SUM of 150 usd.

OUR GOVERNMENT HAVE WARN YOU TO STOP FURTHER COMMUNICATION/DEALING WITH ANY BANKS THAT HAVE NO WEBSITE DUE TO FRAUD GOING ON WORLDWIDE. ANY BANKS THAT IS CONTACTING YOU WITHOUT WEBSITE IS FAKE. PLEASE VIEW

OUR WEBSITE NOW :   https://www.westernunion.com/gb/en/home.html

THEREFORE GO STRAIGHT NOW AND PAY ANY AMOUNT AS FROM $30 UP FOR THE FEES TO ENABLE US RELEASE YOUR PAYMENT THAT IS PLACE ON HOLD BY THE MANAGEMENT AND BE INFORMED THAT YOU WILL HAVE TO PAY THE BALANCE SUM OF YOUR FEES UPON CASHING UP OF YOUR FIRST 5,000:00 USD, ALSO I AM USING THIS MEDIUM TO INFORM YOU THAT FAILURE TO PAY THE BALANCE SUM WILL LEAVE US WITH NO OPTION BUT TO CANCEL YOUR TRANSFER AND CAN NEVER

CASH UP THE BALANCE SUM.

HERE IS THE INFORMATION OF YOUR FIRST PAYMENT BUT IT IS PLACE ON HOLD BY THE MANAGEMENT AND YOU CAN NOT BE ABLE TO PICK UP UNTIL YOU SEND THE DEMAND WHICH IS ANY AMOUNT OF MONEY YOU HAVE, JUST TO PROVE HOW SERIOUS YOU ARE.

SENDER FIRST NAME::::::::::::::::::: Jacob
SENDER LAST NAME:::::::::::::::::::: Albretsen
MTCN::::::::::::::::::::::::::::::: 266 9315 828
TEXT QUESTION::::::::::::::::::::::HONEST?
TEXT ANSWER::::::::::::::::::: TRSUT
AMOUNT;;;;;;;;;;;5,000.00 USD

FOR YOUR INFORMATION DO NOT EXPECT THE RELEASING OF YOUR PAYMENT WITHOUt SENDING THE MONEY REQUIRED AND REMEMBER THAT YOU ARE GIVEN ONLY 24HOURS TO COMPLY OR YOUR TRANSFER WILL BE CANCEL IMMEDIATELY SINCE YOU ARE TOLD TO SEND ANY AMOUNT OF MONEY YOU HAVE IN ORDER TO HELP YOU.BELOW IS OUR ACCOUNT OFFICER NAME WHICH YOU WILL USE TO SEND WHATEVER YOU HAVE TO ENABLE US RELEASE YOUR FIRST PAYMENT IMMEDIATELY.

1.RECEIVER NAME:……. Sunday Ogugua
2.COUNTRY:…………. BENIN REPUBLIC
3.CITY :…………… COTONOU .
4..TEST QUESTION:…..A?
5.TEST ANSWER:……B.
6.AMOUNT ………..FROM $30 TO UP

SEND US THE MTCN NUMBER IMMEDIATELY YOU SEND THE MONEY AND IMMEDIATELY WE CONFIRM THE TRANSFER FEE WE WILL RELEASE YOUR FIRST PAYMENT $5000 TODAY AND NOT TOMORROW

REGARDS PHILIP YATER. FROM THE HEAD OFFICE OF WESTERN UNION BENIN REPUBLIC FOR YOUR PAYMENT

MR PHILIP YATER
GENERAL OPERATION MANAGER.
VITAL FINANCE
WESTERN UNION DEPARTMENT

 

Until next week, surf safely!