Please support our effort by making a small donation. Thank you!

x

March 27, 2019

THE WEEK IN REVIEW

The United States is heavily into tax season and so we remind US readers to be diligent about tax scams of many kinds, including the two landmines we’ve posted in this week’s Your Money column!

We admit that we have a geeky sense of humor when it comes to the crap we write about. (Occupational hazard.) and so we can’t help but smile when we notice malicious emails coming from the domain “Gmayl.com” instead of Gmail.com.  Most of these emails point to a link created through the link-shortening service called tinyurl.com.  Here are two examples of this lame subterfuge. The first encourages you to “take the family out to Burger King tonight with a $100 gift card.” (Burger King??  Seriously?? That’s the best they can suggest for dinner??) The second is totally bizarre! It claims that marijuana oil is now totally legal and offers you complimentary samples to everyday products like Cheerios, Cheez-its and Clorox booster packs!  Is it implying that these products can be sampled with CBD oil in them??? Good luck trying those Clorox booster packs!

Another look-alike domain name that is CRITICALLY IMPORTANT to avoid is G O G G L E -DOT- com!  Never visit Goggle! For years, the owner of this domain has preyed upon those who mistype or misspell Google.  It has been a landmine of scumware, malware and scams and it continues to this day….


Phish NETS: Facebook and Navy Federal Credit Union

Our first phish this week is an odd one sent to us by a TDS reader. It appears to be a poor attempt to steal your Facebook login credentials.  We’re not even sure we understand the subject line, which reads “Your account has been confirmed 911” Did Mr. Scammer believe he might add a sense of urgency to that subject line by adding the “911” to the end?  All links, “Get more information,” “View Messages” and “4 messages,” point to a hacked website called maggiecoulombe[.]com.  Even Google knows that website has been hacked! (And so we wonder why Google can’t automate the process of sending an email to the website owner, registrar and hosting service when it detects a hacked website?  Seems like the right thing to do for all citizens, except the scammers.)

This next phish, also sent to us by a TDS reader, is your usual banking phish. This one claims to represent Navy Federal Credit Union, whose REAL website is navyfederal.org.  But this email came from nfcu[.]us, a domain that was registered in the summer of 2018 by someone named JH Kang from Gangwon Province, South Korea and the website is being hosted in Germany…. Just what you would expect for the Navy Federal Credit Union, right?  (The links pointed to a hacked school website. We’ve notified owners of esj[.]org that their website has been hacked.)

YOUR MONEY:  TurboTax and Veterans Tax Relief

“Get your taxes done right with TurboTax” sounds like just the sort of promotion many would want to see at this time of year!  And it helps to get a $10 coupon offer if you click the link provided. But hold on just a moment…. That email did NOT come from Staples.com, though this appears to be a Staples offer!  The email came from info “@” digitalupdater[.]com and the links point back to a subdomain (content) of the website digitalupdater[.]com.  We asked Google what it knows about DigitalUpdater[.]com and it told us that it is a “parked domain” with no identifiable website (see below.)

What’s even more worrisome is that VirusTotal.com reported the link in this email is malicious!  This and the fact that the domain digitalupdater[.]com was registered in Great Britain is September, 2018…

Here’s another wolf-in-sheep’s clothing pretending to be “Veterans Tax Relief.”  This email was sent from the junk domain cadynn[.]pro offering to help Veterans with their taxes.  This is clickbait, plain and simple, sending our Vets to an online IED.

Deeeleeeete!

TOP STORY: Extortion on the Rise

We keep hearing from men (and some women) who have been targeted online by criminals using the threat of “sextortion.”  Sometimes the threat is real, meaning that the criminal has really captured an embarrassing video of the victim and threatens to post it online and send links to the victim’s family, friends, co-workers, etc. unless he is paid a sizeable amount of money.  Victims have taught us that if they pay the extortionist, they’ll be asked to pay again and again.

Many of these real threats begin with contacts from women via dating apps/sites or through random emails like this one from “goodGirl.”  She sent two emails in a minute to one of our readers. Though “reliable-mail.com” is an email service that has been around for years, it seems to be only associated with spam and fraud.  Emails from this domain appeared more than 50 times on StopForumSpam.com recently.   It is never, ever a good idea to respond to any of these kinds of emails.  Sadly, very lonely middle age and older men are most susceptible to these risks.

There are also thousands of fake threats that have targeted people’s email inboxes randomly.  One of our readers sent us this email from someone identifying himself as “Dustin Diemert” who claims to be a “Technical Collection Officer” working for the Central Intelligence Agency.  Apparently, you are being contacted because your “personal details,” including your email address, have become associated with a child pornography case being investigated in 27 countries.  Dustin is on the “inside” of this investigation and claims to be able to remove your information from the investigation if you pay him! He is only asking for $10,000 in Bitcoins for his services! (This request was made in an attached pdf document along with the email. See below.)

This email is nothing more than an extortion game and a complete lie.  “Dustin” is a Russian criminal hoping that some fool or two will be caught in this widely cast inter-net of thousands of emails sent out at random.  Why did we say Russian criminal? We noticed that “Dustin’s” email came from the domain ruskytop[.]net.  That domain was registered one year ago in Russia through a Russian registrar to someone identified as “Nodirjon Qobilov,” from Tashkent, Russia.  This domain is also being hosted in Moscow, Russia and Nodirjon registered it using another email service that is also hosted in Russia. (inbox.ru)

While these two tricks may seem lame and ridiculous, we’ve heard from men and women who have been successfully caught in very sophisticated traps and paid heavily.  The extortion can be devastating both financially and emotionally. Check out our articles on these related topics…

Sextortion by Email
Sextortion Scam Via Facebook
Sextortion by Text Bot?

FOR YOUR SAFETY: Hi its Felicia, Heyy its Norvellia

One of our readers informed us that she’s been getting random texts for weeks, like these two below.  The links point back to crap “xyz” top-level domains like jichd[.]xyz and duwtni[.]xyz.   This first one appears to have come from the phone number 951-476-3542…

 

 

Were you to click the link in this email, your phone would visit that xyz domain, where we believe malware awaits, and then be redirected to Pizza Hut’s website!  That crap xyz domain was registered just 1 day before the text was sent and that domain age is NEVER a good sign! (See below.)

 

 

Here is another sample of the texts bombarding our reader’s phone.  It came from 850-920-8170. NEVER reply to these texts, even to say STOP!  It only confirms to them that you open and read their malicious texts.

 


Until next week, surf safely!