Please support our effort by making a small donation. Thank you!

x

February 3, 2016

THE WEEK IN REVIEW

The past week has been a wee bit quieter on the scam front.  We saw no major scampaign, found only one phishing scam, and the weeks-long deluge of very malicious short emails containing dangerous malware slowed to a trickle. We wouldn’t exactly call it a “week off” but it was less than the usual deluge.  This gives us the perfect opportunity to get back to some basics in today’s top story.  And this should also be helpful to the many new subscribers who’ve joined us in the last few weeks.  Welcome!

Before this week’s news though we wanted to inform our readers that the International Women’s Leadership Association (IWLA) is still at it… The same junk email has been flooding inboxes of thousands of men and women alike.  More than half of the recipients  below who were targeted during 8 hours on one email server are men.  We reported on this association’s spammy tactics in our December 16, 2015 newsletter.

1-Womens invitation email2-Womens invitation email list

Also, we’ve posted a newly updated article on the recent spike in fake-check scams targeting users of Care.com.  Read 2016 Scams Against Care.com Members Are On The Rise!

 

Sample Scam Subject Lines:

3-Step Diabetes Destroyer

Alcohol–Addiction And Detox-Centers — Learn-about Leading Treatments..

Career Advancements in Project Management

Coverage plans for Your animals Compare Rates Side By Side!!!!

Doctors Baffled by this $7 Diabetes Treatment

Give your Bathroom A make over

Health Guide.. Learn the Signs of Osteoporosis

Incredible Military Grade Flashlight Made Available NOW

Low-cost GPS-Navigation systems

Oil Change – Coupons That Beat Other Prices

Re:INTERNATIONAL PHARMACY ORDER

Start email Marketing today

Vacation–Packages for Costa–Rica….

Sample Scam Email Addresses:

BeverlyHillsMD@wanzoo.download

business@fobo.com

EngagementRingJewelers@utient.download

FHAMortgage@eadint.top

HealthyFoodtoYourDoor@yamcal.download

hibu-businessteam@contact.hibu.com

Incoming@interfax.net

InsuranceQuotes@gredlume.download

InternationalWomensLeadershipAssociation@ymaave.download

LoveYourBodyAgain@thyrmm.download

PrescriptionAlert@sterenclim.top

PsoriasisHelp@loosevel.top

WellsFargo@secureserver.net

 

 

 

Phish NETS: Capital One Bank, International Lottery Winner!

We haven’t seen a phishing attack target Capital One Bank since December 9, 2015.  The one below accurately spoofs a legitimate Capital One “from” address.  For those unfamiliar with the term, “spoofing” refers to an email using a fake “From” address altered to appear as though it comes from somewhere it does not.  Spoofing requires a certain level of sophistication from the criminals.   To learn how to recognize friend from foe just by looking at email addresses, read our article Which of These Is Not Like The Other.

By mousing-over the link (without clicking!) in this bogus Captial One email you see revealed in the lower left corner that the link doesn’t point to capitalone360.com. It points to the domain swcol-ltda.comUsing a WHOIS tool (an online tool to reveal who owns a domain/website) we learned that the domain swcol-ltda.com was registered by someone named “Victor Hugo Ayala” from Columbia through a Registrar in Australia and is being hosted in Nebraska.  Very multi-national but does this sound like Capital One to you?  Delete.  To learn more about the extremely important skill called “mousing-over” read our Top Story!

International Lottery Winner!

One of our readers was recently told that she had won the “International Lottery” for $1.5 Million British Pounds.  Exciting, right?  Donkey-pucks.  We contacted the scammer today pretending to be a grandmother from Revere, Massachusetts to say that we were so excited to have won!  How do we collect?  Look at the second email below for the information we were asked to provide the scammer.  Of course we sent fake information to waste his time.  Every little bit helps.  Never, ever send banking information to anyone across the Internet!  And then check out the very official document he sent us! His fourth email to us revealed the scam.

A BIG FAT delete!

FIRST EMAIL:
From: office@rittal.com.ua
Time: 2016-01-29  

(NOTE: “.ua” is the 2-letter country code for the United Arab Emerites)

Subject:  INTERNATIONAL LOTTERY WINNING NOTIFICATION

The National Lottery
P.O.Box 1010
Liverpool L70 1NL. United Kingdom

(Customer service) NOTIFICATION DESK

Attention: Email Account Holder,

We are happy to announce that you have won an Email lottery jackpot prize in our international lottery promotion.

Your active e-mail address attached to computer generated ticket number: B55607545 4152 has won Ј1.5Million Great British Pounds in UK Lottery 2nd category award prize, for more details about your winning prize contact our claim agent with your information.

For security reasons, we advise all winners to keep this information confidential from the public until your claim is processed and your prize released to you. This is part of our security protocol to avoid dual claiming and unwarranted taking advantage of this program by non-participant or unofficial personnel,You may want to go through our online web result checker

https://www.national-lottery.co.uk/results/lotto/draw-history/prize-breakdown/2048

http://www.national-lottery.co.uk/player/p/results/lotto.ftl

To verify your prize online with your numbers: 06 22 28 30 39 44

Contact Payment Processing Oficcer by fill in the information below

Full Name :
Home Address :
Gender :
Occupation :
Nationality :
Age :
Telephone Number :

Mr.  Mike Johnson, Foreign Service Manager
Watford Regional Centre
Tolpits Lane, Watford WD18 9RN .ENGLAND
E-mail: mikejohnsonxvn@gmail.com
Phone Number: +447031967711

Congratulations once again!!!
Online Co-coordinator
Teresa Marie Roberts

=================================================

Disclaimer- The information in this email is confidential and may be legally privileged. It is intended solely for the address and others authorized to receive it. If you are not the intended recipient any disclosure copying, distribution or action taken in reliance on its content is prohibited and may be unlawful.

SECOND EMAIL:
Mike Johnson asked us to send him the following information…

Full Name, Home Address, Telephone Number, Bank Name, Bank Address, Bank Toll Free #, Account Name, Account Number, Bank Switch Code, Bank Routing Number, Country, Gender, and Age

THIRD EMAIL:
Mike Johnson next sent an “Outgoing Wire Transfer Request Agreement” that contained the fake information we provided.  Doesn’t it look official!

FOURTH EMAIL:
BAM!  And the scam is revealed!  Look how much it will cost us to get our $1.5 million British pound winnings.  And now, let us all say together…

DEEELEEETE!

I received the payment information require for the actualization of your National Lottery Winning fund into your Bank Account for TBS foreign transfer department director, and the email content of the payment information was forwarded to me via few hours ago by TBS Bank General Manager Howell David after gradual processing of your fund transfer by TBS foreign transfer department.

You  are here by instructed to make payment of the international WIRE TRANSFER FEE CHARGE TO NATIONAL LOTTERY secretary general in USA Mrs. Janet Melvin via Western Union, or Money Gram.

BELOW IS COST OF WIRE TRANSFER FOR ACTUALIZATION OF YOUR FUND INTO YOUR BANK ACCOUNT.

Senders Name:  Fill in
Receiver: Country: USA
Receivers Name: Janet Melvin
Text Question: In God
Text Answer: We Trust
Receivers Address: Virginia Staunton U.S.A

MTCN NUMBER: Fill in
International Wire Transfer Fee Charge: $1000

As soon as your payment of $1000 is confirm by Mrs. Janet Melvin your fund will be transferred into your Bank account and it will take 48hour only, note that the $1000 transfer fee charge will be paid to various TBS transfer department that will handle and process the transfer into your bank account.

ONE FINAL NOTE: We sent “Mrs. Janet Melvin” a fake Western Union wire transfer number so that “she” would waste her time going to her nearby WU office to claim her $1000.  We’re sure she knows the way quite well but this time she’ll return empty-handed.

Your Money: Kohl’s $100 Gift Card, Affordable Pet Insurance, Search RV Deals

If we didn’t know any better we might think the criminal gangs pushing out most of these scams are reading our newsletters. In our newsletter of December 30 we wrote an article about the fact that every single gift card scam we see is for $50 (Read What’s So Magical About $50) This past week, for the first time ever, we found this Kohl’s gift card scam for $100!  This “limited time offer” came from a domain called ourgift.date.  A WHOIS lookup shows that this domain was registered by someone from India on the day the scam email was sent and the website is being hosted in Istanbul, Turkey. Oh, and the Registrar that was used (Alphnames.com) shows the website title is ‘YouTube.’  By the way, never click those “unsubscribe” links with the hope that you’ll never get these scams again!  The opposite is true!  You’ll get more! Read our article Unsubscribe Me NOT.

Looking for “affordable pet insurance?”  Nope, this ain’t it.  The strange domain karstain.top was also registered the day before this email came out by a company called KX-Media Solutions.  We identified KX-Media Solutions as a bogus company in our June 2, 2015 newsletter. But we loved the adorable picture!!  Using TinEye.com to do a reverse image search, we learned that this adorable photo is a stock image and has been used at least 147 times since 2011. Check out the TinEye report. TinEye is a great resource. Now delete.

Need an RV?  It must be high on the list of many people since we see this scam at least once a month. The email came from parrowly.download and the link points back to the same strange domain, like so many of these graphic scams.  The criminals are so predictable… the domain was registered the day the email was sent by “fbrightsolutions” from Grandville Michigan.  Yup, we’ve reported on this sham mail drop company several times in the past.

Just delete.

7-Search RV Deals

 

TOP STORY: Ten Most Important Skills to Protect Yourself

Have you been wondering what exactly is the scam associated with so many of the emails we report on?  If it isn’t an obvious phishing scam for personal information like a bank login, or advance-fee or fake-check scam to trick you into sending your hard-earned money, it is simply a trick to infect your computer or smartphone with malware (bad software).  Some malware can spy on your activities (spyware), some captures your keystrokes as you log into websites (keylogger),  and some can take complete control over your computer or turn it into a spambot.  And that’s just the tip of the iceberg.  Also, don’t think that you are safe from malware because you have an Apple computer.  Not true.  Everyone needs anti-virus/anti-malware software on their computers.  (But it is true that Apple computers are less susceptible than Windows computers.  iPhone and iPad devices face the least number of threats.)

So what are the ten most critical skills you need in order to recognize and avoid these and other threats online?  We’ve got this covered from several different articles on our website.  However, these skills are all summed up in our article If I Could Teach the World of Internet Users Developing these skills would make it child’s play to see through these scams below…

  •     Your manufacturer’s auto warranty has expired. Renew today.
  •     Bloomberg Businessweek – 12 Issues for $5 for a Limited Time
  •     CNN Health – Betty White Explains How She Prevents Alzheimers
  •     Backup and Share Data with a Private Cloud Computing Platform
  •     Lending Tree –you could be saving hundreds every month!
  •     Add Some Spice to Your Love Life – Senior Dating

8-Your auto warranty expired 9-Bloomberg Businessweek only 5 10-CNN Health Betty White

11-Cloud Computing 12-Lending Tree - save hundreds monthly 13-Add some spice to your love life

The skills that most protect you and reduce your online risks are…

  1. Understand how to create sets of strong passwords that are not difficult to remember, and understand why it is as important to do this for email and social media accounts as financial accounts.
    Creating Strong Passwords: http://thedailyscam.com/creating-strong-passwords
  2. Understanding email addresses as a way to expose fraud and identify risk.
      Where its @! http://www.thedailyscam.com/where-its-at/
      Why is This Legitimate? http://www.thedailyscam.com/why-is-this-legitimate/
  3. Understanding fully qualified domains names, including sub-domains as an easy way to expose fraud.
    How to Surf Safely: http://www.thedailyscam.com/how-to-surf-safely/
  4. Recognizing 2-letter country codes and why this is so important.
    Country Code Scams: http://thedailyscam.com/country-code-scams/
  5. Using mouse-over skills to evaluate links before clicking on them; understanding how to use mouse-over skills on i-devices like iPads and smartphones.
    Mouse-Over Skills: http://thedailyscam.com/articles/mouse-over-skill/
    Mouse-Over Skills Video: http://thedailyscam.com/mouse-over-skills/
    Mouse-Over Skills on iDevices: http://www.thedailyscam.com/mouse-over-skills-on-i-devices/
  6. The importance of “s” in https.
    How to Surf Safely: http://www.thedailyscam.com/how-to-surf-safely/
  7. The value of recognizing poor English and grammar as a way to expose fraud. There are many examples where TheDailyScam brings attention to poor English and grammar as a way to detect fraud, including these newsletters:
    Phish Nets: http://www.thedailyscam.com/august-12-2015/
    Phish Nets: http://www.thedailyscam.com/august-26-2015/
    Your Money: http://www.thedailyscam.com/march-4-2015/
  8. The risks of shortened URLs and how to unshorten them.
    Risks of Shortened URLs: http://thedailyscam.com/articles/shortened-urls-what-are-they-and-why-should-i-care/
  9. Understanding the risks associated with file types.
    Filenames Will Set You Free! http://thedailyscam.com/file-names-will-set-you-free/
  10. Using the power of Google and several other online tools to expose fraud.
    Use Google to Detect Fraud: http://www.thedailyscam.com/use-google-to-detect-fraud/
    How to Use the Zulu Risk Analyzer: http://www.thedailyscam.com/zulu-risk-analyzer/
    Using a WHOIS Tool: http://www.thedailyscam.com/how-to-use-a-whois/

FOR YOUR SAFETY: Surprise! Refund for your Order

Have you ever received an odd email from someone you know, containing a short message and a link?  Surprise!  The great majority of the time it means that your friend’s account was hacked.  The hacker is sending you malicious links in your friend’s name, hoping that you’ll click them and infect your computer with his malware.  This “surprise” email makes this point…

 

15-Amy robbed in Philippines

The link in the email above points to a file on the website wengertsknecht.com. We asked the Zulu URL Risk Analyzer to check it out and it told us that the website was hosted in Germany and the link was OK. Barely:

But we noticed that there was a redirect waiting on this German website designed to send us to another website called skmaei.com located in France.  So once again, we asked Zulu to have a look and BINGO!  Infected computer!

Delete!

16-Surprise zulu 2

Refund for the Order

“We are sorry to inform you, however, the item you have purchased is not available at the moment.”  Don’t let your curiosity get the better of you.  That attached “zip” file contains malicious software.

Delete!

17-refund for the order

 

 

 

ON THE LIGHTER SIDE: Our Funds have been approved!

Our ship has finally come in!  We’re certain of it.  Well… so says Mr. Jonathan David from the “United Nation.”  So says his email…

From:  sales@itap.it
Time:  2016-01-24
Subject:  URGENT RESPOND NEEDED

Dear Beneficiary,

Sir/Madam, The Payment Advisory Board, wishes to inform you that your long overdue fund has been approved. We have not heard from you since? What is happening? If you are interested in receiving your fund, quickly get back to me with your information as listed bellow. Also indicate how you want us to make the payment to you, either Atm Card, Certified Bank Draft or Bank to Bank Transfer.

Yours faithfully, Mr. PATRIC AKINWUNTAN Payment Advisory Board

Full Name:__________
Delivery Address:____
Country:_______
Occupation:_____
Phone Number:____
Age:______
sex:______

Therefore you are warned to stop any further communication with anybody concerning your inheritance fund.  Contact the verification officer in charge of the delivery:

Name:  Mr. PATRIC AKINWUNTAN
E-mail:  united_nation_9090@hotmail.com
Telephone +447035954759

Regards,

Mr. Jonathan David

Until next week, surf safely!