Please support our effort by making a small donation. Thank you!

x

March 23, 2016

THE WEEK IN REVIEW

TDS is seeing a resurgence of the $50 gift card scams from Macy’s, Kohls, Sam’s Club, Amazon, and others. These scams are a staple of the criminal gangs and they don’t even try hard to change the graphic designs they’ve been using for months or, in some cases, years. Take this Costco $50 gift card as an example. We saw this exact scam design back in late 2014.

1-Costco reward balance

Sample Scam Subject Lines:

Compare top 14 options for Psychology degree

Compare top 19 options for remodel kitchens

Discount Furniture Pieces compare online

Explore Facts About Prostate Cancer

Finance a New Car

Get,Cheap…Dental-Coverage.Smile,Confidently.

Great Deals On Tire-Rotation, And Oil-Changes Inside

Protect Your Home and Office, Wirelessly

Scanned image

Search Top 10 Alaska Cruise Options

TIME Magazine Called This iPad product Ingenious – do you Agree?

View 13 Advanced Personal Injury Lawyer options

View pictures of sexy Russian Women wanting to Chat with U.S guys

Sample Scam Email Addresses:

AnxietyHelp@comproved.download

CostcoReward2016@qajkr.atrare.top

HybridCars@carchtail.top

J.Lopez.Wrinkle.Solution@awopl.eerieoj.xyz

OneYearMBAOptions@4p-tw.top

LungCancerResources@linwoodic.download

MedicareSupplementPlans@primaryl.download

NightVisionSecurity@sufhig.download

quibids@qubds.date

SolarPowerForTheHome@pagetting.download

SwitchInsurance@spiteren.download

TrumpAmericanPlan@erbgt.cluckx.top

Veterans_Benefits@keybod.download

 

 

 

Phish NETS: Three Apples!

Don’t shoot the messengers please. We are as sick of Apple phishing scams as our readers must be! We’ve seen so many of them. Lately it is all we are seeing, like this one with a a dangerous attached shtml web file. It’s easy to spot as a fraud. Since when will Apple contact you with “Dear ,”?

 

These next two phishing scams are more sophisticated and we’ve seen them before, including the hacked and misused domain “nfloridahook.com.” Look carefully in the first phish and see that the email was sent from “iapple.com” not apple.com. The website iapple.com is actually a personal website having nothing to do with Apple Computer.

The last phish actually comes from ssl.com. When you see appleid.ssl.com, the appleid portion is a subdomain and is meaningless. Anyone can create a subdomain saying anything. Again, the email is not from Apple.com and most importantly, a mouse-over of the link “Click here to validate your account information” points to the strange website myid-s10.net. And that sure isn’t Apple!

Delete.

4-phish apple 2

Your Money: Outdoor Furniture Sales, Food Delivery, and Compare Cable TV Companies

It’s almost spring! Soon it will be time to drag out the outdoor furniture. (Even though a winter storm just hit New England!) So this scam from PatioFurnitureOnline@
orphistat.download
is timely with the ad “Bring your home outside. Affordable, Beautiful, Lasting Patio Furniture.” But it’s a scam! The domain orphistat.download was registered on March 16, 2016 by a “Domain Manager” using Alpnames and the email address reliablegoatseed@mail.com. We see a lot of misuse of emails from the free email service called mail.com, a German-owned company. But we give the scammers credit for that email address! It put a smile on our faces.

 5-Outdoor furniture sales

Here is something we haven’t seen before…. “Delicious options… All the way to your couch.” “Your favorite food, at your doorstep.” And a scam. The email comes from FoodDelivery@swueltomm.top

The domain swueltomm.top appears to be registered to someone named Frank Rudd who registered it on November 25, 2015. Don’t be fooled by the fact that this domain has been around for a few months. Below the ad you’ll see random text taken off the web and meant to try to fool antispam servers. (It doesn’t work.) And below the ad are bogus addresses to “opt out” of the ad service.

Just Delete!

Are you unhappy with your cable TV provider? Hell, who isn’t? The email was sent from TopCableProviders@flatlingsby.download. Flatlingsby? Turns out that it was registered through Alpnames.com by none other than… reliablegoatseed@mail.com on the day the email was sent.

Delete!

 

TOP STORY: Increase in Tax Scams!

We’ve been warning our readers to expect an increase in tax scams and the trickle we saw in late February has now turned into a river as we enter the third week of March. Look at this list of emails targeting one of our honeypot email servers during a 24 hour period…

 

8-List of tax scams

Would you have been interested in emails with subject lines like “Online Tax Filing Services” or “Prepare and File Your Taxes With Ease.” Below you’ll see one of these helpful services looking for your business. It was sent from OnlineTaxHelp@buninio.download We bet you can guess who registered the domain buninio.download with Alpnames on the day the email was sent. The user with email address Reliablegoatseed@mail.com! All kidding aside, if you read the marketing language used in this email, you’ll see that it is flawless and meant to appeal to those of us dreading tax forms and wishing for help. (Isn’t that nearly everyone?) Of course, Google can’t find any such website. Anytime you want to look for services as sensitive as help with taxes, stay local and hire someone whose office you can walk into and shake his or her hand. As for this crap, delete!

9-Prepare and file your taxes with ease

 

 


FOR YOUR SAFETY: Document2, Insufficient Funds and Hotel Itinerary

The variety of small emails containing malware seems to be a staple of the scammers in their effort to infect your computer. Adding insult to injury during the past week were a large group of emails sent from legitimate but hacked email accounts to friends of the hacked accounts. The subject line was simply Document2 with no message in the body of the email. But the message was clear to us! Don’t click the attached file!

Delete!

 

We also saw more wolves in sheeps clothing such as this email that appears to come from a legitimate chiropractic firm located in Minden, Nevada. “Dear Valued Customer, Your transaction 26289291 dated on 13/03/2016 4:24 PM was declined due to insufficient funds on your account.” We can’t tell if her domain is being spoofed or the email came from her hacked account. But we do know that the attached zip file is malicious and the email is a dangerous piece of social engineering. If we were gamblers our bet would be that the email was sent by someone from outside the U.S. because the date they entered into the email body is in European style with day first, followed by month.

Deeeeleeeeete!

11-Insufficient funds

 

 

Finally, we found this gem which appears to come from the legitimate website called ClickTravel.com. ClickTravel would not send you malware so the email address is likely spoofed. However, what speaks volumes about the skills of these criminals is the fact that March and April are months when many U.S. citizens and families are travelling during spring breaks. If you wanted to try to target them with malicious software, why not disguise it as a hotel fax sent via a travel service. These bastards are very clever. Once again, it is important to keep a healthy dose of skepticism when using the Internet.

And now we all say…. Delete!

12-Itinerary -hotel fax

 

ON THE LIGHTER SIDE: Compensation from the United Nations

Finally, compensation for all the pain and loss we’ve suffered at the hands of the criminals who push out these scams by the thousands daily. We got this email from Tunisia (email@paycomlet.jp.tn ßThe 2-letter country code at the end of the domain is .tn = Tunisia) All we have to do to receive our compensation is to pay the “Notarization fee.” We wonder what that will cost us?

 

From: email@paycomlet.jp.tn                  Time: 2016-03-18 21:15:25 

Subject:         United Nations Under-Secretary.

From: Ms. Carman L. Lapointe
Head Of United Nations Under-Secretary-General For Internal Oversight Services.
Contact My Personal Assistance
On Mobile Number:  + 1 (971)-209-3933

Attention: Sir/Madam

I wish to inform you were among the scam victims listed to be released their overdue funds by the UNITED NATIONS in conjunction with the International Monetary Fund (IMF) after the last encounter from which a closed door meeting was held concerning your funds. As directed by UN secretary General Ban Ki-Moon in collaborations with the IRS, I wish to state categorically that a transfer of $10,500,000.00 drawn on Paying Bank will be made to your bank account as almost 99% cost associated with the transfer of your funds has been pre-paid by the U.S. Government. But the only fee you will pay to receive your fund is the cost of Notarization fee (CONF). Upon your reading from your response or request, I shall state to you the amount with no hidden charge and also send you the payment information you will require to use in sending the Notarization fee, for it is the only expense you will incurs before your funds can be transferred into your account.

After you must have paid for the above mentioned charges, Paying Bank will begin processing on how your Funds will be transfer to your account as approved and instructed by United Nations, International Monetary Fund, World Bank, and United States Government, therefore I would like you to urgently respond to this message and provide to me your details as follows given that I need proper verification on ensuring to be in contact with the rightful beneficiary.

Name:
Home Address:
Country:
Direct Phone Number:

From which after confirming these above listed details, I can further advise you on how best and provide vital info for the ongoing arrangements to transfer your fund into any designated bank account of your choice within the next 72 hours.

For more information about me kindly click on the below link or copy and paste the URL link on your web browser.

http://www.un.org/Depts/oios/pages/usg.html

NOTE: I have received numerous forwarded emails claiming that i went to Nigeria concerning your funds. Please ignore such email because i did not travel to Nigeria for such objective. I am here in the United States of America but a Canadian citizen. Nigeria is No.1 fraudulent country and almost 50% Nigerians are impostors. They value impersonation immensely. Right from this moment, For safety and security reason I advised you to stop all further conversation/correspondence with whomsoever you might be in contact with, that involves related issues such as transacting money with any unknown individuals, either through Lottery Winnings, Next of Kin Proposals, investment plan, dating from any social networking sites or any other as they are all fake based on daily reports on fraudlet activities.

You can reach me via the listed information below.

Name: Ms. Carman L. Lapointe
Email Address: claimoverduepaydepartment@gmail.com

Sincerely yours,
Ms. Carman L. Lapointe
Head Of United Nations Under-Secretary
General For Internal Oversight Services.

Until next week, surf safely!