Please support our effort by making a small donation. Thank you!

x

March 1, 2017

THE WEEK IN REVIEW

The criminals who are our “raison de vivre” have sent us many more malicious political emails.  We like this one in particular… “Hillary is FURIOUS over this leaked tape (shocking)”  This scam email was sent from accelerometers @viewigee.win and has all the best words!  Shocking, embarrassed, never-before-seen, leaked, etc… You get the idea.

Delete.

 

 

It’s not often we see something completely new but this next email stopped us dead in our tracks.  It wasn’t just that we’ve never seen content like this used in a malicious email, but we also wondered how many people actually have this problem.  File this under “long shot.”  “Tired of cleaning up cat pee?” “VET reveals how to stop your cat from peeing outside the litterbox PERMANENTLY!” (Nice touch for them to add the exclamation mark because this is really exciting news.)  The email was sent from, and links point back to the domain qtsmedigap.us. Though the domain was registered on December 7, 2016, there is no website viewable at this domain (DO NOT TRY TO VISIT THIS DOMAIN!)  A Google search turns up absolutely nothing, except a rating service called bulc.club which has rated this domain as a source of spam.

Now flush.


Sample Scam Subject Lines:

$50/month Auto Insurance.  See if you qualify.

an urgent message… (open this now!)

Claim your $100 Amazon Card today

Does Yoga burn calories…..?

FREE REPORT Reveals Shocking MURDER Conspiracy By U.S. Doctors

Is THIS Bathroom Habit Really The Cause Of Your Hearing Loss!

Leave Your Debt Behind – Browse Balance Transfer Credit Cards

Trump’s Economic Plan to Make America Great

Try Dollar Shave Club

What Americans Can do To Protect Themselves

Which of these 4 oils cures Alzheimer’s?

You could lose your job

You’ll never need a manicure ever again after doing this.

Sample Scam Email Addresses

air_dragon_compressor-[YOUR EMAIL]@funtvseries.com

Caribbean-Cruise-Discounts@starnight.us

cure.for.hearing-[YOUR EMAIL]@kapatiran.net

FindCableTVDeals@mariodickens.us

fox-update-[YOUR EMAIL]@mwilcoxart.com

handicapping@hotjolly.site

hairlessness@click3quel.stream

health.tips-[YOUR EMAIL]@wat-community.com

hotdogs@daily4ical.stream

HurricaneSpinScrubber@offerrbest.us

lottery.dominator-[YOUR EMAIL]@rising-soulz.com

messages@coundence.com

natural_wellness_institute-[YOUR EMAIL]@ostreunion50.com

 

Phish NETS:  Thank You For Using Apple

Only one phish in this week’s sea and it was sent to us by a reader.  What makes this email so interesting is that the phishers used sophisticated software to correctly spoof the from address to look like it came from apple.com but then did such a horrible job creating the contents.  The subject is “unlock it now before you lose it !!”  Oh yeah, that sounds like Apple, doesn’t it?  “Note that you are not using your iTunes account for the length of time, so we are obliged to close your account…”  “…But not too late, you can save your account…”  Thank God!  And while you’re at it, save the whales, save the bees, and save us from a Trump bad hair day!   By the way, check out what link is revealed by the mouse-over.  Can you figure out what country you would be sent to if you clicked “Save it for me?”  Au Revoir!

YOUR MONEY: Kohls Rewards, Walmart Unclaimed Reward Card, and Bahama Travel

“Dear Customer, Your Kohls rewards are ready to use.  Thank you for shopping Kohls!” says an email from incorrigibility @ultracrepidaria.cricket.  We don’t make this stuff up people!  According to Wikipedia, incorrigibility is a term used in philosophy. The term implies that something is necessarily true simply by virtue of being believed.  Might these criminals actually have a sense of humor?  I believe I’m getting a Kohls Rewards card so I must be getting a Kohls Rewards card.  But wait, there’s more!  What is ultracrepidaria?  We thought it just another made-up scam domain but the criminal architect of this email is wicked smaht and must have a sense of humor (except the joke is on us.)  An ultracrepidarian is a person who expresses opinions on matters outside the scope of their knowledge or expertise.  Did the mastermind who sent this malicious email expect us to find it and report on it?  By so doing, is he implying that we are the ultracrepidarian?  A gauntlet may have been thrown!  And our opponent is a Jedi knight!  No joke!  A WHOIS lookup shows that the domain ultracrepidaria.cricket  was registered by “Jedi Divisions” from Compton, California on January 22.

Use the force, dear readers, and delete…

“(1) unclaimed reward card is pending” says an email from messages @showerench.com. “Your card has already been activated and can be registered after answering a few questions.”  This sounds inviting but don’t click the link to “Claim Your Card.”  A Google search for the domain showerench.com pulls up links to the dangerous Internet tool called FakeMailGenerator.  We wrote about this nasty tool last year in our Top Story “Leaving a Gun on the Coffee Table.” Showerench.com was registered on the day the email was sent by someone called “Ella Spears.”

February is typically that time of year when most of us are fed up with winter and thinking about a vacation.  We sometimes see an increase in malicious emails disguised as travel deals to warm destinations.  We’ve only seen a few…. So far.  Here’s one of them.  “Are You Looking For Information About Bahama Travel? Search Options Today.”  Clicking the link to “Bahama Vacations” sends you to a website that doesn’t exist, according to Google.  A WHOIS lookup of the domain in the link shows that nextxst.us was registered on the day the email was sent by a “Hadley Dlism” from Maracaibo, Venezuela.  ‘nuf said.

Delete.

TOP STORY: What is the Master Manipulator?

Reviewing hundreds of online scams each week gives one an interesting 30,000 foot perspective.  Criminals use lots of different motivators to engineer your behavior to do their bidding.  Can you guess what is the most common topic to manipulate people’s behavior? Is it something related to conspiracies, health risks, miracles, free merchandise, discounted products, greetings, or delivery notices?  No.  From our perspective, the master manipulator is money, plain and simple.  For example, have a look at these many emails sent to the same email address, enticing the recipient to take out a loan of up to $1000. Over the course of a week these ten emails came from nine different domains/email addresses but all for the same pitch.  Kinda sketchy.  Enjoy these recent scam pitches below!  Who knows, maybe you’ll be a litter bit richer for it.

Many people are really drawn to gambling, and for some it becomes an addiction.  Technically, online gambling is still illegal in the United States but that doesn’t stop people from gambling across the Internet.  Take this email from jbyiaknx @cakedom.com with the subject line “Play and win online.”  “Get up to $2000 Welcome Bonus”  How nice of them!  They’ll give us $2000 and we just have to download and install their software.  The link points to a website in Brazil…  allcakes.com.br  We asked Google to visit and translate this website and were not the least bit surprised to find that the website is for a Brazillian bakery specializing in cakes, not gambling.  A WHOIS lookup confirms this as well via the screenshot history.  Still feel lucky, punk?

Rather than take a chance on illegal (and highly suspicious) online gambling with an offer of free money to start, what about something that feels more familiar and a lot less risky?  Like the lottery!  “Ripleys Believe It Or Not investigate him after his 5th win… (unreal story inside)” implying that you can learn “their secret to winning.”  And “there’s absolutely nothing illegal about how they won the lottery.”  “This winning secret, if leaked, could cause lotto companies to go belly-up.”  Hmmmm…. If you discovered a secret method to make money do you really think you would tell the world?  The email came from, and links point back to the domain TimeToRule.com. The domain is registered to “Domain Administrator” at the same address that appears at the bottom of the email.   It’s a mailbox drop in Grandville, Michigan, the same address we’ve reported on as being used in hundreds of scam and malicious emails.

Delete!

OK, gambling and lottery secrets not withstanding, we know that people earn money the old fashioned way but no one is getting rich off of minimum wage.  Could there be some secret to earning big money the old fashioned way?  “$4,000.00 In Just 1 Day?” says an email from InternetJetSet @itstrutthh.us (as in “its truth”) “Are you struggling to create your own online business?  …John Crestani has just released his latest product, Internet Jetset, showing his latest formula which made him $4,000 in just 1 day!”  Seriously?  Links point back to that not-so-clever domain itstrutthh.us.  A WHOIS lookup shows us that the domain was registered last October 29 to someone named Ansul Kapoor from Ahmedabad, India and the website is being hosted in Holland.  Does any of this sound like trutthh to you?

Deeeeleeete!

OK. Last chance, people! Can we at least try to rely on the Internet to land us a basic-wage paying kind of job?  Goodness, let’s hope so…  Like this pitch for a job vacancy #627.  “We are looking for employees working remotely.” Now they’re speaking our language!  Tell us more!  “My name is Alva, I am the personnel manager of a large international company.  Most of the work you can do from home, that is, at a distance.  Salary is $2500-$5100.”  Nice of them to clarify that “from home” means working “at a distance” because we really weren’t too sure.

A mouse-over of “Our Site” points to a website that begins with cookingonadime-dot-com.  Cooking on a dime?  Could this be a cooking company we might be working for?  But don’t you rush in to snag this offer.  We’re sad to report it but the Zulu URL Risk Analyzer reviewed the link.  The link was 100% malcious!  Ouch.

Bummer…. There doesn’t seem to be any easy money, secret methods, or even random pitches for job offers or methods to make it big and pouring into people’s email inboxes.  What a surprise.

FOR YOUR SAFETY:  Great Place in Town, Re Musical Performance, and Ticket Information

Last week we reported on an increase in malicious activity related to Russia.  Here are a few more examples.  The first two appear to have come from hacked Yahoo email account holders.  Yahoo has been hacked so many times it’s hard to keep count and we’ve written about Yahoo in our article titled Why Yahoo Is The Worst Email Service.

“Hey, We have recently visited a great place in town, have you already been there?  Here are some pics of it.”  And “I’ve recently watched a musical performance you might really like, so I decided to share it with you.”

The links in both emails point to a link-shortening service in Russia called 6url.ru.

This third link back to Russia came to a reader as if it were ticket information to an online service called Flixster.  But the recipient never ordered tickets or used the service. Look at the comment field…  “I’ve found a really nice thing recently.  Just give it a try.”  This is followed by another URL to the Russian shortening service.

We followed this last Russian spy a little deeper down the rabbit hole by using Urlex.org to expand the shortened URL.  We learned that the link pointed to a file on a strange website called com-site497634-dot-com.  A WHOIS lookup of this domain shows that it was registered last October using a private proxy service out of Kuala Lumpur, Malaysia.  There is no good end to these links.

Step away from the mouse…

 


ON THE LIGHTER SIDE: From Donald Trump… Make America Great Again!
We all know that our President wants to make America great again.  Apparently he’s been sending emails to that end in addition to tweets…. Or so a Reddit user named Darcerin informs people.  Darcerin received the email below from Donald.  It sounds like Trump, doesn’t it?  “Greetings to you dear”

From: Mr Donald J Trump mrdonldtump@gmail.com

Greetings to you dear.

I Donald Trump is hereby to inform you that with my great pressurized terms to World bank organization together with United State Embassy Benin Republic, they have approved to all beneficiary outstanding fund just today and you are among 15 lucky beneficiary that is receiving their bank check draft worth $2.5 million dollar as a compensation /inherited fund of yours. Meanwhile the check draft will be release to you in next two working days as soon as you meetup/comply with the instruction/requirements for the check draft delivery (putting America first). Nevertheless I sincerely apologies for the delay of your fund for decade years now and all the inconveniences you might went through, cause the past government is horror to our system which in all case not meeting up with fund beneficiary schedules payments, for immediate effect of your check draft delivery Kindly reconfirm to me the below data

Full Name…………….. ………………………..
Mailing Address……………………………….
Cell phone number:…………………………..
City:……………………………………………

NOTED: MAKING AMERICA GREAT AGAIN WITH YOUR FULL SUPPORT

Yours Faithful Donald Trump 45th U.S. President AND WHITE HOUSE OFFICIAL RESIDENCE OF THE PRESIDENT OF THE US 1600 PENNSYLVANIA AVENUE NW WASHINGTON DC 20500 USA

Until next week, surf safely!