Please support our effort by making a small donation. Thank you!

x

January 20, 2016

THE WEEK IN REVIEW

We guess the scammers had hundreds of unused Christmas and New Years scam graphics left over and wanted to get rid of them.  So they “rebranded” them for the new year with a different subject line and pushed them out.  We’re still seeing old holiday junk like this scam about “Gift Basket Coupon Codes.”

1-Gift Basket coupon codes

At least we’ve seen an end to the Thanksgiving and “Black Friday” scams! …until next fall.

Sample Scam Subject Lines:

Another Stock With Some Legs. (Details Inside)

Are Oranges DESTROYING Your Health???

Big gains from small stocks

Call: 8777886280 for New Federal Program to Help Pay off Student Loans.

Correct Your – Vision for Good!-Compare – Lasik Eye-Surgery options

Do You Have These Symptoms?? (fully Animated Video)

Fatigue?? Stress?? Overweight?? THIS Could Be Your Culprit. (Video)

Funding for Educators

Medicare Quotes are ready

Re: Payment Notification!!

Tell us where to send your 30 day trial?

Treatments For –copd

Your free gift is pending..

Sample Scam Email Addresses:

FoodDelivery@fooddelvry.date

GarageCoatings@airucturn.top

Intervention_Center@jobgaen.com

Kohls_Reward@wujvb.clanseveral.eu

Mayo.Stop.Hearing.Loss@hjhyg.jetslooking.accountant

MBADegrees@ellowass.top

Obama-Clinton-Scandal@yujesd.ablepicked.review

Sams.2016.Reward@edtfvh.varsityset.win

scanner@waldhaus-flims.ch

Small-Business-Funding@xgfdfh.luckycontract.eu

trivago_Hotel_Deals@asxited.com

Trump.America.Plan@uyqws.rumblemate.review

Trumps.Improve.Thinking@limnn.settower.review

 

 

 

Phish NETS: Apple Account, Abandoned Package and… USAA Bank!

“Hello, We’ve noticed that some of your account information appears to be missing or incorrect…” While this Apple phishing scam may seem sophisticated, several subtle errors deserve attention…

  1. Subject line is a question “Last Reminder You Must Update Your Account Information?” –You mean you’re not sure?
  2. Hello, –Hello who? My information needs to be updated but you don’t know who I am?
  3. The Apple address listed at the bottom of the email is for “Luxembourg.?” We guess they’re not really sure?
  4. A mouse-over of the link “Verify Now >” points to the IP address 203.90.111.10, not apple.com. Also, if you look at the link revealed by mousing-over you’ll notice they misspelled suppoert.  By the way, we used a reverse IP lookup tool and found that this IP address is located on a web server in India.  Delete!

2-phish for apples

Here is an interesting email that came our way about an abandoned package left for us at the New Orleans airport.  Never mind that the sender’s email address is from Taiwan… emma@jackcon.com.tw  The 2-letter country code “.tw” indicates the email was sent from an address in Taiwan.  Want to learn more about recognizing country codes in links or email addresses?  Check out our article Country Code Scams. In any case, we love this email!  This 419 scammer tries soooooo hard to sound convincing!  Read the second paragraph and you’ll find it contains the longest run-on sentence we’ve ever seen! 49 words!  It may be a new world’s record!  By the way, it’s awfully generous for our “Good Friend” Roland Perret to offer us 70% of the money he found, don’t you think?

3-URGENT re your abandoned package

We are so sick of seeing USAA Bank phish scams.  In case you missed seeing them for weeks in our Phish Nets column, here is one more…

4-USAA Bank phish

Your Money: Credit Card Deals, Direct TV and Lifelock ID Protection

Once again the criminal gangs pushing out these poisonous emails demonstrate a keen eye for what will likely generate a click.  Check out the three emails below and ask yourself if you any would have tricked you into clicking had you been interested in the content.  As is typical, each of the first two scam domains, picvjt.top and heapblastgift.download were registered just a few hours before the emails were sent.  The domain used in the last scam (skirtdiamond.com) to “protect Your Identity with Lifelock Ultimate Plus” was registered with a domain privacy service called PrivacyGuardian.org last December to hide the identity of the owner.

Delete, delete, delete!

5-Credit Card Deals

6-DirectTV best offer ever

7-Protect your identity with Lifelock

 

TOP STORY: National Educator Appreciation Initiative

We have reported on professional-sounding organizations in the past such as the National Teacher’s Appreciation Organization and the International Women’s Leadership Association (December 16, 2015 Newsletter), or the Federal Student Loan Forgiveness Program (June 24, 2015 Newsletter) and others.  A professional-sounding name and slick pitch doesn’t prove legitimacy and readers would always be wise to investigate organizations before sending money or doing business.  The same is true for our newest find, the National Educator Appreciation Initiative.

We’ll layout the facts and observations as we know them and let you draw your own conclusions about the legitimacy and value of this Initiative.  Let’s start with their pitch…  Housing Expense Reduction

 

1. We’re told that “eligible personnel can have their monthly housing expense reduced via the national educator appreciation initiative.” First of all, a search for the “national educator appreciation initiative” only turns up links to emails pitched to various people about the national educator appreciation initiative. (See the Google results.) We don’t actually find such an initiative or program itself on the web.

2. These email pitches targeting a school’s email server all came from a strange address… attempt@itwigum.com. And the emails were sent like spam and included names that don’t exist at the school.

3.  A WHOIS lookup of the domain used to send these emails and for the links within these emails show that itwigum.com was registered on April 22, 2015 by a company called Select Equity Inc, using an email address as joe@k12edu.us. Also, the website for itwigum.com is being hosted in Sofia, the capital of Bulgaria.

4.  A search for Select Equity Inc turns up some interesting information but nothing about any national educator appreciation initiative. According to Google, the business is listed as a Mortgage Lender in Raleigh, North Carolina.  The Better Business Bureau says that this business is not registered with them and the main phone is disconnected. And Loans.org lists Select Equity Inc as a lender.

5. We looked for Joe Anderson (name in the email) and his email joe@k12edu.us but found very little information and no breadcrumbs leading us to a “national educator appreciation initiative.”

Joe Anderson:  http://whois.domaintools.com/k12edu.us

In fact, the only thing of interest we did find were these phishing alerts from the University of Arizona telling their professors not to respond to these emails.  Even the Zulu URL Risk Analyzer thought that itwigum.com was suspicious and found several redirects on the website.  So how do you feel now about that “housing expense reduction?” Our assessment?  Delete.

http://security.arizona.edu/phishing-alerts/121615-benefit-update-housing-expense-reduction

http://security.arizona.edu/phishing-alerts/121115-benefit-update-housing-expense-reduction

 

FOR YOUR SAFETY: Google Doc: Are Common Household Items Turning You Into a Woman

The email below came to us from one of our readers.  She received it from a company she does business with.  All the information contained in the email was correct and she knew the sender but the email seemed odd to her so she contacted us.  “I’ve Shared a secure file Document attached with Google icon.”  Do you notice the odd choice of words and incorrect capitalization?  And the button “Click Document.”

A mouse-over of the link “Click Document” revealed that it points to a website domain named “ecommercelatam.com” not Google.com.  According to VirusTotal.com, six services have identified the link as malicious/phishing.

Delete!

 11-View Google Document

The subject line of this next email was hysterical and we simply had to report on it! “Attn: Are common household items turning you into a woman?” sent from Be.A.Man@aqedd.adventurenew.edu.  As curious as you may be to click the link to Watch Free Presentation, resist!  The Zulu URL Risk Analyzer scored the link in the email as “15 out of 100: benign,” meaning Zulu says the link appears to be safe. But Zulu also identified that the website has several redirects waiting to immediately send you to other websites including saveyourmanhood.com and the very well known plzentygra.com.  Our loyal readers will remember that we’ve written about plzentygra.com several times.  The website is a known malicious website that causes computer infections.

Laugh, and then delete!

12-Household items turning you into woman

ON THE LIGHTER SIDE: Find a Job

We can’t seem to make any money from our website The Daily Scam.  We’ve failed miserably as businessmen!  So we’ve decided to go look for a job.  Fortunately this email came in the nick of time… “Find a Job The Easy Way” Doesn’t the email address inspire you? JobLocator@jubabrim.top  We promise our readers to keep the newsletter going, even if this offer leads us to a great new high paying job!

 

Until next week, surf safely!