Please support our effort by making a small donation. Thank you!

x

February 17, 2016

THE WEEK IN REVIEW

Last week we cautioned readers about seasonal scams such as Valentine’s Day and tax season scams. We continued to see more of these scams such as this one offering a tax filing service. Our advice is simple. Delete unsolicited offers that pour into your inbox.

1-Tax filing service online

Speaking of season… It is also time to reapply for college loans such as the U.S. Government FAFSA. The criminals have their collective thumbs close to the pulse of money flow in the United States and so we’re also beginning to see student loan scams such as the one in this week’s Top Story.

Check our newest feature article “Our Civic Responsibility to Hit Back!”

Sample Scam Subject Lines:

Alert: Check out beautiful wives looking for an affair

Are organges DESTROYING your health?

Romantic, Vacation–Spots. For Couples

Explore Advancements Through MBA Programs

F r e e this Weekend. february 10th – 15th Only. No obligation

Gift basket Deals- Cookies… Candy – fruit… and More

Home – Security – Systems Online

Independent Living For Seniors – Find Top Retirement Communities

Tell us where to send your 30 day trial

This one Breakfast Will change Your Life

Today on Fox: Trump’s Shocking Confession

Weird 7 Second Trick PREVENTS Strokes?

Your Macy’s 50 Valentine’s Day gift. (6873916)

Sample Scam Email Addresses:

Amazon-V-Day-Reward@kinkws.top

Amazon_Valentines_Gift@bgfdg.cravegz.top

BestofCostaRica@ludlowic.download

BloodPressureAlert@hloal.pro

CableTVProviders@myqg.pro

DiscountAirfares@hallpod.download

EmergencyPlumbing@locoing.online

FirstTimeHomeLoan@quandral.top

MacysNewYearsReward@fjeois.alienrq.top

NationalSecurityAffairs@spoloser.top

PreventOsteoporosis@downfallel.top

SeeAlaska@setosemy.download

TheOReillyFactor@appoo.acarise.top

 

 

 

Phish NETS: PayPal and Barclays Bank 419 scam

“Alert: Your account status was changed until we hear from you.” Any email that starts with “Dear user” and doesn’t identify you or your account number should make one suspicious. And then notice the subtle language missteps in the email. “We will ask you to confirm your information to access again your account.We will give you 3 days to update your informations or we will suspend your account forever.” Those subtle mistakes are important to pay attention to!

A mouse-over of the link “continue” points to a very odd domain identified as “q.gs” This is actually the domain used by the URL shortening service called Adf.ly. We notified Adf.ly about this phish and they removed the offending link pretty quickly. We don’t think these particular criminals are the brightest bulbs in the criminal kingdom though. Check out in the link revealed by the mouse-over how they spelled PayPal!

Finally, as if there were any doubt about this fraud, have a look below at what VirusTotal.com had to say about the linked website.

Then delete.

3-Phish Paypal 2

We couldn’t resist sharing this exciting email from Barclay’s Bank. Despite his promises, we’re certain there will be fees involved and you’ll still not get your $28 million.

From: q5@biggreeninc.sz.cx
Time: 2016-02-12 09:51:12
Subject: BARCLAYS BANK PLC.

BARCLAYS BANK PLC.
CLAP HAM JUNCTION BRANCH,
7 ST JOHNS HILL,
SW 11 1 TN, LONDON

TEL:+447011146446
E.MAIL: ( contractor.barclays@gmail.com )

Attention

REF:- INSTRUCTION TO CREDIT YOUR ACCOUNT WITH THE SUM OF (US$28,000.000.00USD) .

This is to notify you about the statue of your fund right now in my desk.After due vetting and evaluation of your Inheritance file which The Ministry of Finance of the Federal Republic of Nigeria Forwarded and contacted us to see to your immediate payment.

We write to inform you that, this office has arrange all the necessary document for our Telex Department for immediate programming them into our payment system .But we can transfer the fund into your account yet until you get the (NON RESIDENTIAL CERTIFICATE) submit to this bank for immediately transfer into your account.We shall update you with next correspondence as soon as we confirm the documents. Thanks for your co-operation.

From our findings you have been going through hard ways by paying a lot of charges to see to the release of your fund ($28, 000, 000, 00) which has been delayed.

We advice that you stop further communication with any correspondence from Nigeria . You don’t have to pay any charges to receive your Inheritance fund anymore as you have met up with the whole requirements, your representatives in Nigeria will tell you to still go ahead with them but on your own risk.

The only thing required from you is to obtain Non-Resident Clearance Form/Receipt which we are not asking you to pay the fee to us here in United Kingdom as the Government of Nigeria have paid us for handling/processing of your payment with other customers. We will help you to seet hat you obtain the form so that our bank will affect immediate transfer of your Inheritance sum ($28,000, 000, 00) in to your designated bank account.

If you follow up our directives your fund will reflect in your account within five working Bank days from the day you obtain this form. Do not go through anybody again but through this Bank if you really want your fund.

Yours sincerely,
Mr. Frank Douglas
Barclay’s Bank Plc,London.

E.MAIL: ( contractor.barclays@gmail.com )
TEL:+447011146446

Foreign Remittance Department Section

Your Money: Cheap eReaders, Discount Coffee Coupons, and Find a Golf Date

The first two scams below come from the same criminal gang. They have been using a simple but effective trick for months…. Recipients are led to believe that these emails are sent from a marketing company called “Audacity Media” and that it is possible to unsubscribe. We wrote about Audacity Media spam in the Top Story of our July 1, 2015 newsletter. Read the company reviews and complaints listed with the Better Business Bureau website about Audacity Media.

It is critically important for our readers to know that those “unsubscribe” links are just another form of social engineering to connect you with malware designed to infect your computer. (Read our article “Unsubscribe Me Not!”) The “orcinol.win” domain used in the “Compare E-Reader” scam email was registered on February 9, when the email was sent. Similarly, the discount coffee coupons domain zes7.pro was registered on February 12. Both were registered through Alpnames.com from someone using the same email address whatdoyoumeannow@mail.com.

Delete!


5-Discount coffee coupons

We loved all the endorsements in this next clever scam… “Meet your soulmate doing what you love most.” …from “Golf Digest, Golf Magazine, and GolfWorld.” But this email, which came out on February 12, was registered with Alpnames on the same date with the oddball domain hsexit.top. And that lovely photo of the golfing soulmates? It’s just a stock photo that TinEye reports as available from at least 23 different websites.  And notice the hidden white text at the bottom of the email. Our long-time readers know this is a gimmick to try to fool antispam servers from stopping the delivery of the email.

6-Find a gold date today

 

TOP STORY: Department of Education Help to Pay Off Student Loans

Recipients are told to call “8777886280 to take advantage of the newer Federal Repayment plan for students who are no longer in school but have $10,000 or more in student debt.” The email is signed by an organization identified as “Student Loan Forgiveness.” And, if you wish to opt-out of emails like these, you can contact “Free Bird Research” in Minden, Nevada.

Let’s start with the domain represented in the email… haveloan.date. According to a WHOIS look up, this domain was registered using Alpnames on February 12, the same day the email was sent, by someone named Raj Singh from Ahmedabad, India. He claims to represent an organization called Airtel Enterprise and the website title (according to the WHOIS record) is identified at “Youtube.”

What about that telephone number? 877-788-6280. A Google search for this number finds several websites such as these two with multiple complaints about the number as a spammer or scammer:

http://877.dnc.press/877-788-6280.report

http://do-not-call.site/1-877-788-6280/8777886280

Then there is the opt-out address for Free Bird Research. This organization has registered over 565 domains in the last few years and several have been identified as hosting malware such as this domain by VirusTotal.com:

https://www.virustotal.com/en-gb/domain/wwwi.guddsveiw.co/information/

And yet, we can’t find a website for Free Bird Research itself. The address of 2220 Meridian Blvd in Minden, NV is a shipping forwarding business. This web page from 2013 raises the question whether this address is being used for fraud and scams:

http://shopping-and-shipping.blogspot.com/2013/06/2220-meridian-blvd-suite-xxxxxx-minden.html

As if any of the above information isn’t enough to cause one to leap for the delete key, visit and read this complaint posted on the Rip Off Report on July 24, 2015 about a money-lending company located at the address listed in the student loan email:

http://www.ripoffreport.com/r/Get-Loan-Deal/Minden-Nevada-89423/Get-Loan-Deal-cashnetloans-firstcashloans-SCAM-ARTIST-AND-FRAUD-Minden-Nevada-1244329

The message should be loud and clear, before you put your trust or hard-earned money into any company’s hands, do your homework!



FOR YOUR SAFETY: Shipping Details, DHL Notification Card

One organization received more than 15 emails from the same sender to multiple recipients. The message was the same… “We managed to send the package today.” The attached Word document “scanned_ups.doc” contained a hidden trojan malware. (See the Sophos identification of the file below.)

DEEELEEEEETE!

 

9-Shipping details - sophos threat detecked

 

And then came this “DHL DeliverNow Notification Card on lost shipment.” The attached zip file also contained malware meant to infect a computer.

If you don’t recognize the sender and the email doesn’t identify the recipient, don’t let your curiosity get the better of you.   It is most likely just another social engineering trick.

 

 

[/one_third]

On the Lighter Side: Secret Shopper

We’re always looking for fun way to make a few bucks so we were so excited to get this invitation to become a secret shopper!
From:  galefenton2@aol.com
Time: 2016-02-10 08:15:18
Subject: 2016 : New Opportunity.

Hello,

I am Mark Bright, Recruitment Specialist with Sights On Service Inc. We have a mystery shopping assignment in your area and we would like you to participate”. Secret Shopper has been in business since 1990. We are a charter member of the Mystery Shopping Provider’s Association (MSPA), the professional tradeassociation for the Mystery Shopping industry. There is no charge to apply to be a Secret Shopper and information is protected. Secret Shopper is accepting applications for qualified individuals to become mystery shoppers. Its fun and rewarding, and you choose when and where you want to shop. You are never obligated to accept an assignment. There is no charge to become a shopper and you do not need previous experience. After you sign up, you will have access to training materials via e-mail, fax or postal mail.

ABOUT US

Secret Shopper is the premier mystery shopping company serving clients across America and Canada with over 500,000 shoppers available and ready to help businesses better serve their customers. Continual investment in the latest internet and communication technologies coupled with over 16 years of know-how means working with Secret Shopper is a satisfying and rewarding experience. Secret shopping as seen on ABC NEWS, NBC NEWS, L.A.TIMES.Since 1990, Secret Shopper has delivered actionable intelligence to our clients, helping to drive exceptional bottom-line performance. Nearly 1,000 shoppers have registered this week, performing millions of mystery shops throughout North America and the Caribbean. When coupled with our continual investment in the latest internet and communication technologies, you can rest assured that working with Secret Shopper is a satisfying and rewarding experience.Secret Shopper is also a charter member of the industry trade association, the Mystery Shopping Providers Association (MSPA). Benefit from partnering with America’s premier mystery shopping company. We have been building our tradition of excellence for two decades.Stores and organizations such as The Gap, Walmart, Pizza Hut and Banks. One amongst many others pay for Secret Shoppers to shop in their establishments and report their experiences. On top of being paid for shopping you are also allowed to keep purchases for free. Secret Shopper NEVER charge fees to the shopper. Training, tips for improvement, and shopping opportunities are provided free to registered shoppers.Mystery shoppers are either paid a pre-arranged fee for a particular shop, a reimbursement for a purchase or a combination of both. Secret Shopper has available for immediate assignment an inspection of the customer service of any walmart in your area. You are to shop secretly. This fee will be paid upfront. During this shopping, you will visit a location and make several observations as regards the customer service. You will be required to interact with the shopper clerk. You may conduct the shop alone or as a couple. The assignment will pay $300.00 per duty and you can be able to get up to 2- 3 duties in a week depending on how fast you are able to execute the first assignment. Kindly Fill Out the application form below and we will get back to you shortly with the assignment:

PERSONAL INFORMATION:

First Name:
Middle Name:
Last Name:

Street Address:
City, State, Zip Code:
Cell Phone Number:

Home Phone Number:
Age:
Current Occupation:
Email Address:

We await your urgent response. Thank you your willingness to work with us. We look forward to work with you.

Sincerely,
Mark Bright
Secret Shopper

Email: mbright099@gmail.com

=========================================

 

Until next week, surf safely!