Please support our effort by making a small donation. Thank you!

x

January 4, 2017

THE WEEK IN REVIEW

This week’s “Trump dump” wants us to believe that President Trump has an online income plan for “millions of Americans in danger of losing their jobs!”  Though the domain, Genesisguesthouse.com, used in this email was first registered in 2014, it was modified and registrant information updated on the date this email was sent.  Perhaps it was hijacked but we can’t be certain.  Genesisguesthouse.com was recently re-registered to “DOMAIN ADMINISTRATOR” located at 2885 Sanford Ave #35851, Grandville, MI.  Our longtime readers will recognize this address as the most abused address by scammers that we have seen in the last 2 years.

One of our readers sent us this interesting email from dailywinnersonline.com informing him of a $15,230.88 payment.  Congratulations! The only thing we found out about these emails from dailywinnersonline.com is that many of them seem to be connected with the website FakeMailGenerator.com. (We wrote a Top Story in November called “Leaving a Gun on the Coffee Table” about this dangerous website. It is often used to send malicious emails and the website owner doesn’t care.) The Zulu URL Risk Analyzer did not identify the link to dailywinnersonline as malicious but it identified a redirect there waiting to send you to a dot-Club site.  It is very suspicious.  Also, the dailywinnersonline.com is being hosted in France.  We don’t exactly know what their game is but we don’t believe it is in your best interest.


 

 



Sample Scam Subject Lines:

3 Things Jesus Said About How to Cure Disease

A discovery in health science

Address Needed: Your Shipment is on Hold

Can you send me your address please?

Diabetics: Do this 1 thing before you eat sugar

Financial LOCK-DOWN Coming to your Bank…

Get a New or Used Car

Military Pen for 75% Off

NBC: What Do Jessica Simpson and Khloe Kardashian Have In Common?

Paper companies are furious about this “magical” towel

RE: Microsoft Free 20779

Shocking image exposed

The $50 Marijuana Investment Jackpot

Sample Scam Email Addresses

cindycohen@flaturblly.top

CompareDogFood@orchids.ennoise.top

easyshedplans@shedplnsz.club

Forbes.com@belong.ronfide.top

global_emergency-[YOUR EMAIL]@dirtroadstonowhere.com

Golf-Training-Technique@slowly.baslice.top

HARP_Eligible@sold.pensuch.top

Healthy.Living@believer.turiope.top

lendingtree.partners-[YOUR EMAIL]@ballacorkish.net

reconditionbattery@batterybacup.pro

The-American-Parasite@different.orolled.top

tinnitusremedy@tinntermmtor.club

winning.lotto.numbers-[YOUR EMAIL]@mozaicoo.com

 

Phish NETS:  iCloud and Apple ID

Phishers are once again targeting Apple account holders.  Check out these two recent finds starting with “Your Apple ID was used to sign in to iCloud.”  The email was sent from a hotmail account and a mouse over of the link points to a hacked webserver in the UK.  (We’ve informed the owner of the webserver.)

Similarly, this next email with the subject “We need to verify your account information” did not come from Apple.com.  It was sent from nobody @marcom.marcomarabia.com.  And if you read the email carefully after “Dear Client” you can see subtle punctuation errors.  The link for “Update Your information >” points to a website in Brazil.  Notice the 2-letter country code “.br”

 

YOUR MONEY: Amazing New Golf Technique, Attention All Woodworkers, and Lottery Winner

“Amazing New Golf Technique Taking the Gold [Golf?] World by Storm” says this email from baslice.top.  This domain was registered on the day the email was sent by someone named Fremont Hick from Vivo City, Singapore.  This email wants you to believe it is connected to the real golf company called PowerChute in Carlsbad, CA but it is not.  The real PowerChute can be found here and was registered in 2010

In early Fall of 2016 we began to see malicious emails targeting people who enjoy do-in-yourself woodworking projects.  Below is a sample sent from the address messages @elimbarrial.com using the subject “Your husband has it all BUT NOT This.”  “ATTENTION ALL WOODWORKERS! 16,000 projects – step by step instructions – materials and cutting lists”  The criminals who send out these malicious tricks forgot to do one thing…  Nearly all of these emails contain hidden text at the very bottom of the email that is meant to fool antispam servers.  It is hidden simply by making the text color the same as the background color.  But in this bogus email the scammers forgot to change the text color.  The domain elimbarrial.com was registered on the day the email was sent.  Big surprise.

Let’s forget for a moment that this next email from lotto_winning_tricks-[YOUR EMAIL]@mozaicoo.com could be a malicious scam.  Let’s focus for just a moment on the content: I Won 5 Lotteries in 3 Months! Here’s how…  and “LOTTERY SECRETS REVEALED: Learn How to Work the System and Win Big!”  If someone REALLY figured this out, why would they tell you?  Wouldn’t it be in their best financial interest to just keep playing their strategy and win?  This email is kind of like having someone approach you on the street saying “I know a secret how to get people to pay me $100 dollars.  I’m willing to sell you this secret if you pay me $100 first.”  Really?  Oh, and by the way, check out the mailing address to contact at the very bottom of the email.  **eye roll**

TOP STORY: Riight Vision Media And Fake Companies

There are so many ways to identify scam emails, texts and social media posts once you know how.  For example, learning to use a WHOIS Tool can be invaluable for identifying fraudulent domains.  Making a habit to use Google to search for questionable phone numbers that ring on your smartphone before answering is an easy way to identify most scam callers and telemarketers.  Check out our article titled Use Google to Detect Fraud and scroll down to #2 “Search Phone Numbers.”  And let’s not forget the importance of looking at the sender’s  from address on an email or how important it is to mouse-over links or simply pay attention to spelling, punctuation and grammar!

Which is why a group of emails caught our attention recently.  The subject of all the emails were quite different… Erase anxiety from your life; Neurosurgeons discovery; Stop paying for electricity; Your glasses are KILLING YOUBut all of these emails informed the recipient that they can stop these emails by contacting a company called Riight Vision Media located on Hazelhurst Drive, Houston, TX.  We didn’t mistype the company name. It is Riight, not Right.  Check out very bottom of this first email from the domain removetnsion.top with the subject “15 days Plan That Erases Anxiety From Your Life.”  The recipient is told to “write us at: Riight Vision Media10685-B Hazelhurst Dr. #19482 Houston, TX 77043 USA”

If we presume there is some legitimacy to this email then we should have no problem locating Riight Vision Media, right?  One would think that a Media company would advertise and want business.  However, Google cannot find any such company website.  Google does find lots of odd-ball emails posted to blogsites that contains the same text we report above.  Google does find a company website posted on Facebook by the name of “Right Vision Media,” not Riight Vision.  According to Facebook, the company page has no information whatsoever about the company besides the fact that it is located in Lahore, Pakistan.  LinkedIn seems to have much more information about a “Right Vision” company located in Pakistan but not “Riight Vision Media” located in Houston, TX.

Let’s look at another couple of these related emails to make sure we got it correct…  “Stop overpaying for electricity!” says this email from nationalsolarnetworkoffer @solrenrgy.top.  Or “Neurosurgeons Discover a Breakthrough Brain Enhancing Phenomenon” from brainpowertactics @improviq.top.  At the very bottom of both emails we see again that we can write them at: “Riight Vision Media10685-B Hazelhurst Dr. #19482 Houston, TX 77043 USA”

We checked with the Houston, Texas Better Business Bureau website for Riight Vision Media, Right Vision Media and RiightVision Media.  The BBB says that no such business exists.  If we can’t seem to find this media company, perhaps we can find out something about the address listed for it.  A Google search for 10685-B Hazelhurst Dr. Houston, TX 77043 reveals that this address is just another mail forwarding business called USA2ME, just like our favorite scam mail-drop address located at 2885 Sanford Ave. Grandville, Michigan.

Like we said, there are so many warning signs that indicate an email, text or social media post is a scam, fake, fraudulent or seriously questionable.  But the best protection we have is to keep a healthy dose of skepticism from anything that arrives via the Internet!  Last year we wrote an article about a fake business that criminals created to try to fool the public.  It’s called Taft Technologies and the Truth About Internet Lies.  Being skeptical was critical to seeing through their scam.  Enjoy these other emails related to Riight Vision Media

FOR YOUR SAFETY: Parcel Shipment Problem, Parcel Delivery Notification

In the days leading up to Christmas, and soon after, we saw LOTS of malware-laden emails pretending to be about shipments and deliveries.  Each was designed to engineer a click of an attached zip file that causes a computer infection.  Check out these samples…

 

 

ON THE LIGHTER SIDE: Hello My Dearest

Words cannot express the deep sadness we feel for Vera Hollin Kvan, as you will read below.  We’re honored that she has asked for our help and we are committed to helping this generous and brave lady. Next week we hope to report back to our readers how much good we’ve done in the world by helping Vera distribute her money to the poor.  In the meantime, can you figure out what country Vera’s email came from?

 


From:  maramirez @inti.gob.ve
Subject: [BLANK]

Hello My Dearest,

I am writing this mail to you with heavy tears In my eyes and great sorrow in my heart, My Name is Vera Hollin Kvan, and I am contacting you from my country India I want to tell you this because I don’t have any other option than to tell you as I was touched to open up to you, I married to Mr. Hollin Kvan who worked with Tunisia embassy in Madrid Spain for nine years before he died in the year 2005.We were

married for eleven years without a child. He died after a brief illness that lasted for only five days. Since

his death I decided not to remarry, When my late husband was alive he deposited the sum of $4,850,000.00 ( four million eight hundred and fifty thousand dollars) in a bank here in India New Delhi the capital city of New Delhi India Presently this money is still in bank, he made this money available for exportation of Gold from Madrid Spain mining.Recently, My Doctor told me that I would not last for the

period of seven months due to cancer problem. The one that disturbs me most is my stroke sickness.Having known my condition I decided to hand you over this money to take care of the less-privileged people, you will utilize this money the way I am going to instruct herein. I want you to take 30 Percent of the total money for your personal use While 70% of the money will go to charity, people in the street and helping the orphanage. I grew up as an Orphan and I don’t have any body as my family member, just to end eavour that the house of God is maintained. Am doing this so that God will forgive my sins and accept my soul because these sicknesses have suffered me so much. As soon as I receive your reply I shall give you the contact of the bank here in Delhi India and I will also instruct the Bank Manager to issue you an authority letter that will prove you the present beneficiary of the money in the bank that is if you assure me that you will act accordingly as I Stated herein.

Hoping to receive your reply

From Vera Hollink Kvan

 

Until next week, surf safely!