If you find our resources valuable, please support us by making a small donation. Thank you!

x

March 29, 2017

THE WEEK IN REVIEW

We had some fun this week with a scammer who listed a house for rent in Vermont on Craigslist that was completely fiction.  What surprised us is that he wanted to talk by phone to discuss the details!  We knew it was a scam because the real house address is listed with a realtor in Vermont for a lot more money.  The scammer wanted to rent the house to a “God fearing family” and he asked us to wire him $275 in California so he would send us the key via FedEx.  This was necessary, he explained, since he was away.  Seriously?  Read the update and listen to our phone call with him online at Craigslist Apartment Scam!

It amazes and saddens us that people actually believe the BS emails they get.  At least believe them enough to open them and click a malicious link.  We don’t post most of these emails because they are so ridiculous.  But here are just two to brighten your day…

“Breaking News” from USA Today or CNN…. We can’t tell which.  “Betty White Explains How She Prevents Alzhemiers” (They should at least learn how to spell Alzheimer’s correctly.)

And this “Health Alert” from the Mayo Clinic with subject line “simple fruit combo destroys Obesity.”  We might LOVE the headline in this email, if only we could understand it… “The Drink Shrinks that Your Belly!” You don’t say?!

 

 

 


Sample Scam Subject Lines:

I found work for you

Jump-start your weight loss on Nutrisystem Lean 13

Medicare Plans 2017

Online Based Companies Looking For Home Workers

Paper towels are toxic!

RE: Women United

SHOCKING: Hillary goes insane on all TRUMP voters

The WORST thing you can do if youre losing your hair

Time for a credit check up

Triple your income advice from Trump

What Americans Can do To Protect Themselves

Window replacement deals from Renewal by Anderson

Your free psychic reading is available

Sample Scam Email Addresses

costcoaccounts-[YOUR EMAIL]@coztcounited.com

curinginsomnia@jokanow.date

freedom_generator-[YOUR EMAIL]@worldlancing.com

laissez-faire-club-[YOUR EMAIL]@premiumsoutlet.com

ManifestationMiracle@lifechnge.us

Medigap.com@orgnlls.us

rewardsamazon-[YOUR EMAIL]@giftrewardz.com

presidential-news-[YOUR EMAIL]@tribrata-news.com

profit-insiders-[YOUR EMAIL]@jamesdaviesdesign.com

RareTrump$2Bill@aspiresfree.us

reverse.hearing.loss-[YOUR EMAIL]@kubotta.com

sams.club-[YOUR EMAIL]@fridayatsamsclub.com

wednesday-gifts-[YOUR EMAIL]@todayspecialgiveaway.com

 

Phish NETS:  Amazon, Apple and Paypal – the perfect trifecta!

Amazon, Apple and Paypal are the three most targeted companies for phishing attacks!  Last week’s Top Story was about expertly crafted phishing scams.  The scammers must get our newsletter because we were sent this fantastic phish the very next day!  The email address is spoofed so that it looks like it came from Amazon.com.  It didn’t.  “Action Required Pay your seller account balance.”  “Greetings from Amazon Services.  You have a balance due in your Amazon seller account.  We attempted to charge your credit card for the balance, but your bank declined the charge.”  All three links in the email point to a secure website (https) at sendgrid.net.  But Sendgrid.net is a Colorado-based email marketing service that sends email on behalf of others.  We traced that sendgrid.net link back to a hacked website in Sweden called dataform.se.  We’ve notified them, of course.  We also notified Sendgrid.net of the misuse of their service and something miraculous happened!  Sendgrid confirmed the misuse and removed the phisher’s link IN LESS THAN 5 HOURS!  That’s remarkable!  When we notify a service, hosting company or web owner of a breach or misuse of their services, it usually takes days to weeks before the criminal content is removed.  Way to go, Sendgrid!

This next phish came to us from a TDS reader and was pretty easy to spot.  The from address is <dekac2043454 @hotel.de>  In case you didn’t know, “.de” means that the email came from Germany (Deutschland).  “We noticed that you didn’t use your iTunes account for along time. Therefore we are obligate to close your account according to our policy including your i-cloud email as well.”  This is laughable.

Our last phish in this week’s sea targets Paypal account holders and begins with an email from Brazil. (.br)  “UPDATE SECURITY”  “Good news! The waiting period is over.  You can now replace all your info and change the password for the paypal account”  The link for “Replace security info” points to a shortened URL at bit.ly.  We unshortened the link using urlex.org and discovered that it will send you to a domain more than 4 years old but oddly empty of any information, called servconfig.com.  It certainly won’t send you to Paypal.com.

Just delete.

YOUR MONEY:  Activate Your Amazon Gift, Claim Your Costco Gift and Lending Tree Mortgage Rates

Once again, Amazon users are targeted. “Activate your Amazon.com gift” says an email from springifts.com. “Your last order entitles you to a new promotional gift of 50.00” Of course the domain was registered just a few hours before the email was sent.  It was registered by someone named “Michael Mandragon” from Chicago and is being hosted in Quebec, Canada.

A very bigly delete!

The scammers who registered this next scam domain thought they were so clever!  Kostcowholesale.com.  But like the Amazon-wannabe email above, this email was sent from a domain that was registered just a few hours before the email was sent.  Notice how they pressure the recipient to acting quickly by saying the promotion ends that very day.  Don’t be fooled by this time pressure junk.  We saw a large red box at the bottom of the email and dragged our mouse through it.  Look at the red text it contained.  That hidden text is meant to fool anti-spam servers.

Another bigly deletion.

We’ve seen this adorable use of a muppet before but don’t be fooled.  This email did not come from anything connected to the real Lending Tree Partners.  The email was sent from, and contains links that point back to the domain biggspontiac.com.  No investigation is needed to show that this is a malicious email.  All one needs to do is look at the address at the bottom of the email underneath “…to be removed from future emails.”  The address is for the maildrop in Grandville, Michigan often used by the same criminal gang.  We’ve reported on dozens of malicious emails using this maildrop.

Just delete.

TOP STORY: Called But No Message? Calling Back Can Cost You!

Do you remember those “premium rate” telephone numbers many years ago, such as 900 numbers?  For example, if you called the Psychic Hot Line at 1-900-XXX-XXXX it could cost you a lot of money.  The people you called tried hard to keep you on the phone, thereby increasing your bill and their profits.  Those scams never really went away but now they are back with a new twist. (You can read about “premium rate telephone numbers” on Wikipedia.)

This old scam has morphed into “One-Ring Call Back” scams that come through area codes outside the United States.   Do you ever get a call but the caller hangs up after one or two rings?  Recently many of these callers come from area codes that appear to be area codes in the U.S.  Area codes include 268, 284, 473, 664, 649, 767, 809, 829, 849 and 876.  However, these area codes are often for Carribbean islands.  For example, 809 is for the Dominican Republic and 268 is for Antigua.  Calls placed to these area codes result in large charges to the caller’s bill just for connecting and automatically generate revenue for the owner of the number you call.  The Federal Trade Commission has posted information about this scam:

https://www.fcc.gov/consumers/guides/one-ring-wireless-phone-scam

Even AT&T reported on scam calls to area code 809: http://www.att.net/smartcontrols-809AreaCode

What seems ironic to us is that the phone giants such as AT&T know about these scams but do nothing to better protect the consumer!  It should be easy for them to detect that an International call is being placed, especially one that will incur a surcharge, and thereby trigger a short recording to inform the consumer…  “You are calling an international area code.  Continuing with this call will result in additional charges to your bill.”  Lord knows we hear so many other recorded messages from the big phone giants when we’re looking for help.  So why do you think they don’t go out of their way to better protect consumers?  Our guess is that it is because they also make money from these calls consumers are tricked into making.

Several years ago the FTC fined several major phone companies for enabling another consumer scam commonly known as cramming.    AT&T was fined $105 million dollars which was given back to consumers in a settlement in 2014.   Cramming generated millions of dollars for phone companies at consumer expense.  From our perspective, the “One-Ring Call Back” scam is no different.  It is another example of consumer abuse that should never be allowed without informing the consumer that continuing the call will result in an additional charge.

There is also the scam in which a caller leaves a message asking you to call a 2-digit code, followed by an asterix and then a number.  What the consumer doesn’t realize is that entering the 2-digit code (such as 79* or 72#) will program many phones to forward all calls to the number you then entered.   The number results in charges to you.  These, and other phone scams are listed on this Xfinity page with Comcast.

Below are a few more related articles.  Bottom line: if you get a call from a number you don’t recognize, don’t answer it.  If it’s important, they’ll leave a message.  IF THEY LEAVE A MESSAGE and you don’t recognize the caller, try Googling the phone number to see what others are reporting about it.  It’s a technological brave new world out there!

http://patch.com/illinois/plainfield/dont-return-calls-these-numbers-one-ring-phone-scam-resurfaces

Video: http://abcnews.go.com/GMA/video/government-warns-ring-phone-scam-46271225

https://consumerist.com/2016/04/21/slamming-a-classic-90s-phone-scam-is-still-alive-and-well/

FOR YOUR SAFETY:  Emails From Friends Can Be Emails From Hell.

A few years ago we wrote an article called “From Hell” warning people about a spike in malicious emails that were being sent from the hacked email accounts of real people.  That scam then became the “gift” that kept on giving as the criminals used the stolen account holder’s name and his/her address book to continue to send malicious emails from a variety of sources for months or longer.  Then things quieted down.  Now these scams are back with a vengeance!  Here are 3 examples.  All emails correctly address the recipient by first name, include the name of a person they know, and contain a malicious link meant to infect a computer.  (Statistically, the most common type of malware right now is ransomware, a very dangerous attack that impacts Apple and Windows users alike.)  Sadly, email account holders may have had their address books stolen years earlier but the pain continues.

 

 

 


ON THE LIGHTER SIDE: I Bring Good News To Your Door Step

There are important words and phrases we look for to know we’re dealing with the someone we can trust. Phrases such as…

I really bring good news; honestly; 100% guarantee; I am man of honest and man of his word; and our personal favorite… you will not disappointed.

If the sender tells us we will not be disappointed, then we know we’re on good ground, right?


From:  info@sender.org
Time:  2017-03-23 02:12:40
Subject: Hello Beneficiary

 

Hello Beneficiary

Kindly Permit me to introduce myself to you and to explain to you reason why am contacting you at this time and honestly you did not know me but i really bring Good News to your door step which i will like you to give me cooperation i may need.

I am Mr Antonio Labata  Nigeria United States Born based at Maryland an Accountant by profession and i am been invited at Nigeria together with Germany based accountant and we are been invited by Federal Government under this present administration to help audit the activities of past administration of Former President Good Luck Jonathan mostly the way they are been handle International Payment Such as Inheritance, Contract and those that supply items to federal government during his regime.

Honestly Speaking we detected a lot of irregularities and fraud during our audit and the most painful part of it is that we detected a lot of beneficiaries form many parts of the world who spent a lot of money regardless to receive their payment which at the end their payment did not release to them and your name is on the list of those we detected that is why am contacting you now.

We have already sent our report to the Federal Government and point very hard to the Federal Government on cases of the beneficiaries who has lot many of their monies in respect of their payment and their payment did not release and it is on this regards federal government mandated me to handle the payment of beneficiaries and make sure their payment is release in as much as due process/ legal process is been follow by any of the beneficiaries.

I am not invited here because of your matter but our finding has made Federal Government to mandate me on this  job.

I am here without fear or favor to inform you that i Mr Labata will secure the release of your payment through  United Bank For Africa Paying Center at Gulfport, Mississippi USA and for your information i am not saying this to please you but it is something i can give you 100% guarantee that i can do.

I want to said it again and again that i will secure the release of your payment through United Bank For Africa Paying Center at Gulfport, Mississippi USA all i need is your cooperation and work with me.

I am man of honest and man of his  word i never say something i cannot do so releasing your payment is something i can achieve and celebration will be yours.

You might thinking what you have gone through in the past but i tell you give me  just this first chance to proof myself and you will not disappointed.

Kindly forward your direct telephone number, Your Address without delay so that i can submit an application to the ministries concern.

I will stop here while i wait for your immediate response.

Best Wishes
Mr Antonio Labata

Until next week, surf safely!

 

 

s2Member®