How Google Is Used As a Weapon Against You
During our two years exposing Internet scams and threats we have developed a real appreciation for the creativity, skill, and resourcefulness of the criminals who target citizens of the world. We’ve watched their tactics evolve as they develop new malicious tricks making it harder for the average Joe to recognize a threat when it is staring him in the face. Their latest tactic is meant to appear to use Google as a means to deliver a malicious payloads.
This email appears to have been sent by a graphic designer from the legitimate domain adamwebster.me without a subject line. It also appears to be forwarded from another email. The only contents worthy of attention is a link that points to Google.com.
If you look carefully at the red hyperlink to Google notice a second http in the code, followed by %3A%2F%2F and more. These characters are a form of coding that translates the same as ://. So what you are really seeing is another link buried in the link to Google…
h t t p://chefmemes.com /kxnuuina.php and a lot more characters….
The Zulu URL Risk Analyzer confirms the hidden redirect but doesn’t identify it as malicious.
Red Flag #1: Someone has send a link made to look like a link to Google but is actually a redirect to a website called Chefmemes.com. Google tells us that this website may have been hacked. When Google tells you this, you had better believe it…
If we ask the Zulu URL Risk Analyzer to investigate the link to Chefmemes.com we find several interesting things to consider….
Red Flag #2: Chefmemes.com contains many redirections to other websites, including savethechildren.org. Everyone should recognize the remarkable charity foundation, Save the Children. But what is it doing here with at least three redirects pointed to it? The popups to SavetheChildren.org are meant to distract you just like a pickpocket distracts you with one hand while picking your pocket with the other. If you look at the analysis from Zulu you’ll also see that there is a redirect to a strange website called biglovelygold.com.
Red Flag #3: We look up BigLovelyGold.com in Google and find absolutely nothing. Zulu doesn’t find it threatening but it does score it 43 out of 100 points. However, it does find that BigLovelyGold.com is being hosted in Lithuania.
Remember, this started as an innocent email containing a link that seemed to point to Google. Now we see that we’re being sent to a website in Lithuania and Google can’t find any information whatsoever about this website. Does this still seem safe to you?
Since it seems that our final destination is biglovelygold.com we used WHOIS.sc to look up ownership of the domain…
Red Flag #4: We learned that BigLovelyGold.com was registered on June 27, the day the email was sent and that the site appeared to be hosted in England.
Looking more carefully at the WHOIS record for BigLovelyGold.com shows that it was registered through a sleazy registrar in China called BizCN.com. If you look up BizCN.com in Google as we did, you’ll find lots of complaints against this Registrar, including the fact that ICANN (the Internet’s Governing organization) hit BizCN.com with a breach of contract in 2014. Visit: https://www.google.com/?gws_rd=ssl#q=bizcn.com We wonder why BizCN.com is still in business! And check out this article in InternetNews.me about how sleazy BizCN.com is reported to be!
Red Flag #5: Finally, we decided to look up the administrator listed on the WHOIS record for BigLovelyGold.com…. Mckenzie Considine of Considine Corporation Ltd. According to this document we found on a U.S. Government website, Considine Corporation was served with a lawsuit in 2014 for fraudulent practices by the U.S. Commodities Future Trading Division. Visit: http://www.cftc.gov/idc/groups/public/@lrenforcementactions/documents/legalpleading/enfconsidinecomplaint092914.pdf
How does that link to Google feel to you now? Innocent? Nothing to worry about or did it have malicious intent? Yeah, that’s what we thought too. Delete and be glad you dodged a bullet.
The next time a friend sends you an email with a link, look carefully at it before you click. Any doubts, be sure to contact your friend personally to ask about the email.