Please support our effort by making a small donation. Thank you!

x

January 25, 2017

THE WEEK IN REVIEW

So much to tell you!  Let’s start with the fantastic news that came out last Thursday…  Western Union was fined $586 million dollars by the US Government for “willfully failing to maintain an effective anti-money laundering program.” (Read the story on NPR.org.) As a result of their model to put profits over protection, thousands of Americans were scammed out of millions of dollars.  Kudos to the Justice Department for taking action!  Let’s hope that Western Union, and other money transfer companies will now step up their protection of people who use their services.  If you have been a victim of fraud that involved wiring money through Western Union, report it to the DOJ website. You may be entitled to compensation.

Also last week, the FBI released a Public Service Announcement about advance check scams targeting college students titled Employment Scam Targeting College Students Remains Prevalent.” We’ve been writing articles about these scams for more than two years. Better late than never.

Previously we’ve mentioned that TheDailyScam.com is routinely under attack by the criminal gangs whose tricks we try to expose.  Here is a glimpse of the probes and attacks that targeted our website just last week alone.  It’s comforting to know they don’t like the things we say. (Readers should note that an attack, hack or probe blocked from one country might have originated in another country.)

 

 

Not only was the inauguration of our 45th President big news, huge, but the increased legalization of marijuana (or the decriminalization of it) was also bigly in 2016.  And so these next scams should not be a surprise.  A malicious email disguised as a “limited edition Donald Trump coin” as well as blasts of malicious emails all last week promoting cannibis products were common.  Evidence in Google suggests that the emails promoting the fake Trump coins were fired at netizens using the Internet gun “fakemailgenerator.com.” (This site should be shut down! Read our top story “Leaving a Gun on the Coffee Table from November 16.) The domain, bonolovoo.com, used in the Trump coin scam was registered by a “James Wilson” on the day the email was sent and is being hosted in Ortisei, Italy.  A screenshot of Bonolovoo.com on January 20, 2017 looks like it wants readers to think it is the satirical website cheezburger.com, but it is not!


Sample Scam Subject Lines:

$500,000 Term Life Coverage starting under $16 a month

A very special invitation for women only…

Address Needed: Your shipment is on hold

Cops use these – 1 Tool everyone should have!

Get a date with the hottest Asian women!

Get Instant Relief from THIS!

Get Your Free ADT Monitored system and receive a Free Visa Gift Card from Protect Your Home

Make money with your woodworking skills

New Message from Home Depot Windows

OMG! 143 Million Americans Didn’t Expect This…

Plan for the future with your will

Power Companies Caught Red Handed

Search Business Class Fares Options

Sample Scam Email Addresses

BarkBoxPartner@logjunkie.stream

BirthControlMethods@loggiant.stream

Business.Class.Airfare@sufficient.resortw.us

christian_group_society-[YOUR EMAIL]@formthink.men

CoffeeCoupons@loglisting.stream

Haven-Life-Team@only.icdebut.us

Home-Surveillance-Cameras@receive.bbyjive.us

iPadCaseandKeyboard@logprofits.stream

Live_Healthy_Digest@solution.ictowel.us

NaturalDogProducts@logtiger.stream

Reverse-Mortgage-Quiz@ratty.lademix.us

subway_eat_fresh_gifts-[YOUR EMAIL]@mixedbagedesigns.com

UsedCars@logreach.stream

 

Phish NETS:  Facebook

It’s so important to read carefully and mouse-over links before clicking them.  Take this smelly phish sent from the email address ingofpuf @mofogo.com.  It wants you to think it came from Facebook about “4 unread messages” waiting for you.  But the link “Go to Facebook” points to a WordPress website named rentalmobilmanadoblessing.com. This site was registered by a “ghana al mulki” from Indonesia and is being hosted in India.

Roll eyes, then delete.

YOUR MONEY: Ink & Toner Sale, Amazon Gift Card, and Drive with Lyft

Wouldn’t you love up to 85% off your toner ink supples?  We certainly would!  But, once again, this is not the special we hoped it would be. This has nothing to do with the legitimate site 1ink.com.  The email’s from address and links all point to the newly registered domain asetrs.us. This domain was registered by “shweta sharma” from Khandwa, India on January 13.

This next scam came from one of our readers.  Notice that the “name” before the email address is “Thank-you-Amazon” but the from address is a user named ogenamaliaui at Gmail. This is not an advertisement or promotion from New York or Homofresh Dehomes in Colorado!  The links point back to a webserver in Germany, pmortzedas.dyn-vpn.de.  A search in Google shows a link to the German domain, followed by the odd text “We’re young again and need some special attention. We’ll work out every quirks that you might encounter.”

A big, fat delete!

Interest in Lyft and Uber has exploded in the past year so it isn’t surprising to find this bogus email ad looking for Lyft drivers.  “See How Much You’ll Bring Home.”  “Earn up to $35/hr driving with Lyft.”  But the email came from, and links point back to, the odd domain qggromp.us. This domain was registered on the day the email was sent by a “Thomas Pregst” from Crillon, France.  Does this sound like the San Francisco corporate headquarters of Lyft? You know what to do.

TOP STORY: Robo-Calls and Random Messages

Do you get robo-calls?  If you are like us, you probably get them every week and sometimes multiple times each week.  And, if you are like us, you’ve probably registered your phone with the National U.S. government website called DoNotCall.gov. If only the scammers would pay attention to this call list but they don’t play be any rules, as we all know.

You have several choices available to you when unrecognized calls come in, especially from out-of-state numbers and in-state numbers you don’t recognize. Let’s look at the options…

  1. First there is offensive move. You can buy a can of the Robo-Call Cure-All!  Just “press 1 now” to talk to the operators waiting on the line, or call back the number given to you in the recording.  Quickly cover your ears with whatever is available. (Earbuds, tissues, your cat’s tails, etc.) Hold the wide funnel end of the Robo-Call Cure-All close to the phone’s microphone.  When a real human-being (we use the term loosely) answers the phone, press the white button.  It’s that simple! (We made up the product name but you get the idea.)
  2. Don’t answer the phone. If the message is truly important, the caller will leave a message and you can call him or her back, as you wish.  However, take a moment to visit Google.com and enter the phone number that just called you.  Look at what others may be reporting about this number! We wrote an article about using Google to investigate callers.  (Read How to Use Google to Detect Fraud and scroll down to #2 on the list) If the call is not something you want to get, block it!
  3. One of our readers, named Statler, told us that he will not directly return a phone call if he doesn’t recognize the number, especially to any caller claiming to represent his bank or other financial institution. Instead, he calls the number on his bank or credit card.  Good idea!  Statler told us that the Federal Trade Commision put up a prize some years ago for anyone who could solve the problem of robo-call scammers and marketers.  One of the winners was NoMoRobo.com  Statler uses this service and highly recommends it.  He tells us that this service won’t block calls by police, his children’s school, or other emergency services.  He says that NoMoRobo.com is effective in blocking about 80-90% of the calls that used to target him.  Services such as Comcast and AT&T also recommend NoMoRobo.com.

“You have 1 new message” “Call me when you’re online…”  This looks a lot like an email from Facebook, though it doesn’t contain any reference to Facebook.  Criminals send these bogus messages periodically as another type of social engineering gimmick to produce a click.  Mousing-over the link “View Post” shows that it points to a website in Argentina (2-letter country code = .ar

But in this odd-ball case, what you’ll find at this destination is a phony Canadian Pharmacy site.  We asked shrinktheweb.com to retrieve the web page waiting at the other end of this link.  Don’t get too excited about that “Erection pack” special though.  Look below at VirusTotal’s evaluation of this link and then ask yourself how eager you are to give them your credit card info or trust that the “drugs” you are buying are safe or even real.

FOR YOUR SAFETY:  Get Approved in Minutes, USPS Delivery Notice, and Settlement

“Get Approved in Minutes” for loans up to $1000.  But the only explanation offered is a shortened link through tinyurl.com.  Criminals often use shortened links to hide where they really send you.  We used Unshorten.it to discover that this loan link will send you to a country that has been in the news a lot lately.  Take a look below at the 2-letter country code.  Obama had no love for their leader but Trump has begun a lovefest with him.  We can guarantee this link is 100% malicious and wouldn’t trust it one bit, like the country’s leader.

“USPS issue #05176315: unable to delivery parcel” says this email from France.  Do you think scammer’s first language is English?  The attached zip file contains malware.

Ouch.

 

This next email looks like it came from a law firm about a settlement. “Josh just signed the contract but your signature is required as well.”  A mouse-over of the link “Contract #4848186” points to a website in a far away distant land that was once considerd a military quagmire.  Figured it out yet?  This link is still a landmine.

Avoid clicking.

ON THE LIGHTER SIDE: Money Laundering?

How exciting!  We’ve been invited to help launder more than six million dollars for Mr. William KOMO, a banker somewhere in the world.  We’re not sure where because the email came from an address in Brazil but he’s asked us to contact him through Yahoo in Canada.  No matter.  He’s assured us this exchange is risk free.  Wish us luck!

 


From: pos@emescam.br
Time: 2017-01-19 14:53:25
Subject: Greetings,

Hello Dear,

I am Mr.KOMO a banker, I have emailed you earlier on without any response from you. In my first email I mentioned about our deceased customer whose relatives my Bank cannot locate to claim his estate.

I got your address from online directory service and decided to write you. I am asking for your consent so that I can present you to my Bank Management as the next of kin to the late customer account proceeds value (Six Million Five Hundred Thousand United State Dollars) to be transferred into your account for our mutual benefit.

At the successful transfer of this fund, we shall share the fund on a pro rata based percentage am compelled to do this because I do not want my Bank to take over the ownership of this fund.

If you are interested and in agreement with me, get back to me quickly and I will send to you all the information you may need to proceed without coming to the Bank, and be rest assured that it is risk free project.

I look forward to your reply: wmwkomkk.kmom@yahoo.ca

Yours faithfully,
WILLIAM.

 

Until next week, surf safely!