Please support our effort by making a small donation. Thank you!

x

February 15, 2017

THE WEEK IN REVIEW

Too much to report and too little space!  Let’s start with this heartfelt message about our newly elected President and his effort to “help everyday Americans get rich.”  This scam email was so terribly crafted they cut off the bottom text, but we loved the opening line… “Donal Trump… The Best President EVER?” (Uh, no.)  “What you’re about to see could cement Trump’s legacy as the greatest president EVER.” Hmmm…..  The link points to the oddball domain 1wear5.gdn registered to Streaming Partners of no-address-can-be-found, Florida.  We wrote about this fake business in our newsletter last week.

Just delete.

 

 

And how about this ridiculous claim for “Smart gum?”  “Boost focus and energy levels” with this “neurogum.”  Didn’t Scarlett Johansson overdose on this gum in a movie called Lucy in 2014.  She got wicked smaht and then turned into a computer, …or something like that.  You’ll notice that the unsubsribe link in this email is for the mail drop box in Grandville, Michigan that we’ve written about many times, most notably in our Top Story “Our Apologies to Grandville, MI.”

 

 

 

Finally, we wanted to share a few good resources with you, including our newest feature article titled “Fake Bills and Invoices.”

Ever wonder about the legitimacy of reviews you find online?  We do!  We like the idiom “take it with a grain of salt” when we look at online reviews.  And it’s a good thing, too!  There are tens of thousands of fake reviews. This highly recommended website claims to spot them if they are on Amazon or Yelp.  That’s a good first start….  Visit:  http://fakespot.com/

Here are a couple of articles about fake online reviews and how to use  Fakespot.com:

http://www.howtogeek.com/282802/how-to-spot-fake-reviews-on-amazon-yelp-and-other-sites/

http://www.cracked.com/personal-experiences-2376-i-get-paid-to-write-fake-reviews-amazon.html


Sample Scam Subject Lines:

Amazon Prime has sent you a gift card

Attn: You have-earned $50-in Dillards-Points: Please-Claim Today.

Clinton revenge

Compare Bahama Getaway Options Now

Hillary’s war on Trump supporters

It was written in the good book

Make up to $35/hr Driving Your Car. Drive with Lyft

Points expiring, get a gift card before its too late

Real Estate Prices Rising.  It’s Time to Sell Your Timeshare.

Revealed: Hitler’s Deathbed Confession

Your amazon February points update

Your CVS-points are-ready

Your gift card is about the expire

Sample Scam Email Addresses

americanised@dennyscode.com

Bahama-Travel@false.fadingv.us

balances@cbill4.gdn

Bathroom.Remodeling@duplicate.hognide.us

berkshire@countryoutmeasure.gdn

concupiscent@dchristopher8.gdn

delocalisation@countryforobtain.gdn

depressily@dcoffeecapt7.gdn

governmentalist@fdenise3.gdn

Handicap_Tubs@guns.utwhoop.us

exports@cstop1.stream

jcpenny_gifts-[YOUR EMAIL]@giftsfromjcp.com

Trump.Coin.Collection@fear.sadleso.us

 

Phish NETS:  PayPal, Bank of America, and Parking Tickets!

Once again, PayPal users were targeted with a fairly sophisticated phish that bears careful review.  The email came from mamairi @eaypals.com, an attempt to look similar to the domain paypals.com.  “Your recent transaction has been declined”  The email contains several subtle English and capitalization errors, once again suggesting that English is not the first language of the architects of this scam.  The link “Login to Your Account” points to a shortened URL created using ow.ly.

We used Unshorten.it to see where the ow.ly link will send victims.  Not only did Unshorten.it reveal the bogus destination as paypal-com-myaccount-security-limite-update…. But it also gave us a screenshot that looks like PayPal.

A big, fat deeeeleeete!

We then found another Paypal smelly phish just hours later.  This one feels like it was created by a different criminal gang than the one created above.  The email came from the domain alertsp.com, not paypal.com.  “Verify your Credit Card information”  It, too, contains some errors, such as the word “upd4te” instead of “update.”  A mouse-over of the link reveals that it points to a hacked website for a hair salon in New Zealand.

Delete!

This next phish was actually received as a text by a Reddit user “Billthesmallkitten.” Thanks Bill!  Neither the email address of the text sender, nor the link in the text point to BankofAmerica.com, but that’s what they sender wants you to believe.

This last phish was sent to us by a TDS Reader in the UK named Paddy. (Thank you Paddy!)  He received a notification from “CPS Enforcement Northern Ltd.”  The real CPS is a company contracted to assist in parking enforcement and violations in the the UK.  Subject line is “Parking Allegation Warning.”  However, if you look carefully, this “official” email doesn’t contain a stitch of personal information identifying the recipient other than his email address.  A mouse-over of the links “Resolution Details” and “Solve the Problem” point to a strange WordPress website identified as Trendingkhabar.com.

The Zulu URL Risk Analyzer visited the link to trendingkhabar.com and said it wasn’t malicious.  BUT IT DID FIND a redirect waiting at the site that would have sent Paddy to a website that sounds like CPS Enforcement Northern.  The site is cpsnortherngroup.com and is being hosted in the U.S. (Keep in mind that this is a ticketing enforcement company for the UK.  Smell a phish?)

Using ScreenshotMachine.com we were able to show that the redirect leads to a website that looks and feels extremely official.  However, a Google search for this domain-wanna-be cpsnortherngroup.com clearly shows that it is completely fraudulent!  Ouch!  Don’t pay that fine Paddy!

YOUR MONEY: Walgreens Reward Points and Auto Warranty Expiration Notice

This next email may have the Walgreens logo but that doesn’t make it real.  “Please claim your Walgreens points before they expire” says an email from the domain 2dance1.gdn.  No need to explore this further.  The domain was registered by the fake company Streaming Partners of no-real-address, Florida.

“Warranty Expiration Notice, ALERT #99201702” says another email from the domain 2manage1.gdn.  Sound familiar? Do you see the pattern of domain names? Someone is clearly lacking in the I-can-create-new-domain-names department.  As you might have guessed, it was registered, once again, by Streaming Partners!

Delete!

TOP STORY: It’s Tax Scam Season!

In case you hadn’t noticed, it is tax scam season –the time of year when scammers around the world like to file our taxes for a refund or work hard to convince us to turn over our personal, private tax information to them.  Either way, we lose, they win.  Like this spoofed email that appears to come from esuppors@irs.gov with the subject line “IRS Validation.”

“This Account is Subject to mandatory upgrade, Failure to comply would lead to Permanent closure of your account.”  Not stellar English but you get their point.

This link for “IRS Update” points to a hacked personal web site in Germany for a Soprano singer called margret-giglinger.de.  And when we used Screenshot Machine to visit the link and take a picture for us, look at what Diva Margret is hosting….

Last year at this time we posted an article called The Tax Scam Cometh. The scams identified last year are just as important this year!  Much of what we saw last year was an effort to use tax services, and messages from tax services, to trick people into clicking malicious links designed to infect your computer.

But clever criminals are eagerly trying to get at your hard-earned tax return.  According to the IRS.gov site, phone and email phishing scams similar to the one above are rearing their ugly heads.  Check out this January, 2017 article Scams Targeting Taxpayers on the IRS.gov website.  Two important bits of advice…

  1. NEVER believe any caller identifying himself as representing the IRS or other tax agency. They simply don’t operate this way.  You’ll get a letter first of any issue that needs to be addressed.  And they will never, ever demand payment over the phone!  You may know this already but please make sure your elderly relatives know this too.
  2. NEVER believe any email that arrives in your inbox about taxes unless it contains personally identifiable information about you such as your full name and last 4 digits of your SS#. Even then, mouse over all links to make sure they point back to IRS.gov before clicking!

Here are a few more related and important articles about tax scams.  Enjoy!

https://www.irs.gov/uac/newsroom/irs-wraps-up-the-dirty-dozen-list-of-tax-scams-for-2016

http://www.cnbc.com/2016/12/30/as-tax-season-begins-avoid-these-5-common-scams.html

https://www.fool.com/retirement/2017/01/28/dont-get-sucked-in-by-these-2017-tax-scams.aspx

FOR YOUR SAFETY:  F#@% Off, Notice to Appear in Court, Click to View Message and Viber Text

This next email is made to look like part 2 of a conversation you had with someone asking for proof that he sent money.  The person replies offering their Bank of America card statement.  The sender also tells you “now f*** off and try not to contact me again or else.”  Well, that’s different! However, the link is completely malicious and points to a server in Brazil.  Notice the 2-letter country code “.br

If you were to get a real notice to appear in court, do you really think it would come as an email, as opposed to a hand-delivered or registered letter?  And if it were delivered via email don’t you think the email would know whether you were a man or a woman?  The sender would even know your name!  Which is why you can delete this next email from the UK.  The attached zip file contains malware.

Though we have reported on this next email before, we’ve been seeing lots of them lately.  “Not able to show full message. Please click here to view this message.”  The link is malicious.  Ouch.

Delete.

 

Viber is a messaging app, similar to WhatsApp, and used by millions around the world.  One of our readers sent us this screenshot she received from a random number/name on Viber…

We used our favorite unshortening service, Unshorten.it, to unshorten the link in the text field and discovered that it points to a file in an odd website called advminus.com.  According to VirusTotal.com, there are 3 services that have identified that link as malicious.  Ouch!


ON THE LIGHTER SIDE: BMW Lottery Winner!

A TDS Reader named Tom sent us the wonderful set of emails below.  The first email (as a screenshot) informed Tom that he had won the BMW lottery for both a new car and ten million US dollars. (Way to go, Tom!) After Tom responded to “Barrister smith leo” that he knew it was a scam, the good Barrister sent a warm and personal reply that is worth reading.  How sweet. The reply from Barrister leo begins with “i want you to know that this transaction is true and you have nothing to be worried about.” Well, thank goodness for that! Now our concerns can be set aside.  Where do we send a check?

From: Barrister smith leo [barristersmithleo@gmail.com]
Sent: Thursday, February 09, 2017 5:56 PM
To: Tom
Subject: Re: Info you requested for Lotto BMW: 2551256003/88

i want you to know that this transaction is true and you have nothing to be worried about.

This is not the same thing as you may be thinking; I am a devoted Christian and will never do anything evil to harm my fellow Person. I am living well with my income. That I am working in the Finance House does not mean that I should soil my hands in  Corruption.  I have a good family background; my late father was a God fearing man and he raised his children in a Christian  Way. When I mean Christian, I mean those with the fear of God. Therefore, my relationship with God matters.

Why must I cheat on people, does that solve my problems? Look this world does not end on the planet earth, after death come Judgment. Please don’t be in any doubt, again for the fact that I am a stranger to you does not make me a strange person to You.

So this is real as it is not a hoax or any other thing on the contrary. God is my witness about what I am telling you. I  Can’t deceive you if I should do that, it then mean that I am not serving the living Lord. You shouldn’t be demoralized as  There is nothing wrong about your delivery .

To be candid with you, I want you to understand clearly that as far as I am concerned you have nothing to risk about  Regarding this transaction, I can not be here wasting my time and yours if this is not true, I am too religious for that, you  Have absolutely nothing to worry about. I will equally take some step further to allay your fears that you have nothing to Fear.  I really have to say this to you, I am a born again Christian which I believe you are, but I have to still assure you  here that you are dealing with a responsible man and of high integrity . God is my witness about what I am telling you. I Can’t deceive you. My parent does not thought us to lie, even in the worst condition, we should continue to say the truth Because it is only the truth that can set us free as it is written in Jn chapt 8. VS 32. It is bitter to hear but truth is Life and light.

I just want you to know that there are bad people in this life and good people, the people that scam you are the bad ones God  Almighty will surely punish them all, I want you to know that a lot of scam has been going on in the internet people are very  Careful if they are doing any business on the internet, because they don’t want to fall a victim to internet fraudsters, my  dear in Christ it will interest you to know that this particular fund that will be issue to you is authentic and  Genuine and all the documents to back up the delivery is inside the sealed package.

Your Fund has been approved by the United Nation Population Fund Program (UNPFP) and the Federal Ministry of Finance so you are covered, the  CLEARANCE CERTIFICATE that show’s that you have clear all the necessary bill of your fund is also inside the package, So have nothing to worry about my dear.once you able to pay all the fee you ask to pay.

Believe me and trust me that you will organize a big party to celebrate the success in getting this fund. I am not a wicked  person as I cannot benefit anything in sitting on your fund and preventing you from receiving it. That will coincide with the thanks giving celebration you will host when I come over there to meet you with my Son Michael in your state .  I am the one that encouraged you up to this final stage and prosperity will be against me if we couldn’t conclude this transaction and for you not to receive your fund. and if you still see that you are not comfortable with me, there is know problem at all, all you need to do right away is to send me a letter of refusal immediately so we place your fund in a Tag a seizure seal immediately, to the federal ministry of finance.

Actually scam exists but this is not one. You have to trust me on this one and take my word for what it is which is the truth  as my word is my bond.

Until next week, surf safely!