If you find our resources valuable, please support us by making a small donation. Thank you!

x

March 8, 2017

THE WEEK IN REVIEW

You’ll be happy to learn that you can purchase a “rare, limited edition inauguration $2 bill” in honor of President Trump, or so this email from HistoricTrump$2Bill @Trumpsit.pro would like you to believe. Of course this is nothing short of ridiculous and just a means to manipulate his supporters into clicking a malicious link.  We’ll never know who’s behind this fraud because the domain Trumpsit.pro was registered using a private proxy service in Panama on the day the email was sent.  (We seriously doubt it was the Democrats who were responsible. Russia perhaps?) Fortunately the domain took less than 24 hours to be blacklisted by several online security services because it was identified as malicious.  Big surprise there.

 

 

We have written many times about vanity scams and published several articles such as “Recognizing Vanity Scams.” We had another  show up recently.  “Congratulations A business plaque was made for you to honor your recent achievements in business.  Please kindly accept your award before it is bestowed on someone else.”  What makes this even funnier is that it was sent to someone who doesn’t work in business at all.  Of course Google can’t find anything about the domain professionalsunion.com and a WHOIS lookup shows that it was registered by a James Wilson from Arizona on the day the email was sent.

 


Sample Scam Subject Lines:

1 trick that lets you eat sweets without spiking blood-sugar

Cant Sleep? You Have To See This!

Do It Yourself Solar Kits For Home

Energy Shocker … (It’s bad…  Really bad)

File Your Tax Return For Free

Has Trump gone too far? The shocking statement you won’t see on the news...

I still haven’t heard from you…

It appears we have finally uncovered what exactly triggers Alzheimer's through this brain scan...

Lower assisted living costs

Strange Warnings posted at ATMs

This will change your life

Your Free Coupons Are Enclosed

What a nice surprise

Sample Scam Email Addresses

branding@emailcurl.stream

detected@monthlyique.stream

DynamicSeniorLiving@savvinggs.bid

EFactorDiet@seccurtyy.us

High_Blood_Pressure@nummberrs.bid

January-Optin@rp.educationgrantsearched.com

January-Shop@rp.educationgrantsolutions.com

January-Updates@rp.militaryscholarshipmia.com

median@vtrejects.date

natural.products-[YOUR EMAIL]@timsellsfl.com

pain_relief-[YOUR EMAIL]@oliorestaurante.com

trump_breaking_news-[YOUR EMAIL]@idecorgood.com

Virtual-Pilot3D@scentt.us

 

Phish NETS:  Apple iCloud, Chase Bank, PayPal and Facebook

Lots of phish in the sea this week! It’s pretty easy to see through this lame phish trying to be an Apple iCloud notice.  “To continue to use our services please verify your information.”  A mouse-over reveals that the link “Verify Immediately” points back to the website for a senior housing center in Italy.

Delete!

We’ve seen similar Chase Bank phishing emails like this one past weeks.  The email appears to come from the domain cleartrip.com and has the subject “Important message about your Chase account.”  “You have (1) new Security message. Click Here to Resolve.”  The link points to a hacked webserver in the UK called EnergyPreservationTrust-dot-com.  We’ve informed the website owner and hosting service of the hack.

This next phish is so obscure that we had no idea what they were phishing for until we followed the breadcrumbs.  “Update security” says this email from powerandconditioning.com.  “Dear customer, Your account has been limited. Please update your information.” What account?  For what?  A mouse-over of he link “Check now” points back to a shortened URL created on bit.ly.  To our many new subscribers, mousing-over to identify where a link will send you is one of the most important skills to reduce your online risks.  You can learn more about this skill on our website at:

http://thedailyscam.com/articles/mouse-over-skill/

http://thedailyscam.com/mouse-over-skills/  (video)

http://www.thedailyscam.com/mouse-over-skills-on-i-devices/

We used the online tool Unshorten.it to learn where this bit.ly link will send you.  It turns out that this is a PayPal phishing scam hiding on another hacked server at mopscovington-dot-org!

Now delete!


[hr_invisbile]

And finally, we continued to see many more Facebook phish disguised as “friend notifications.”  In case you missed seeing these in previous newsletters, here’s another one.  All of these phony-baloney Facebook emails have contained links pointing back to websites in Russia! (Country code .ru = Russia)

YOUR MONEY: Dr. Seuss Books, Legal Zoom, CVS Pharmacy, and Amazon Prime Points

This malicious email was sent to several teachers at an elementary school.  The email was clearly designed for the target audience, once again demonstrating how nasty the criminal gangs are who shoot at us.  They simply don’t care who they hurt.  “5 Dr. Seuss Books for $5.95 + a FREE Activity Book. Wow!”  Wow indeed.  Though the text below the graphic about Theodor Geisel can be found on many websites, it looks like it was lifted from his biography at Biography.com.  The links in the email point back to the odd domain saleique.stream.  A WHOIS lookup shows that this domain was registered to a name and organization called “King James” from 792 Country Road in Orlando, Florida on February 20.  There is no such road in Orlando, Florida though Google does find a Country Lane.  Also, Google cannot find any website at saleique.stream.  The fine print at the bottom of the email wants you to believe that this is a promotional email from EarlyMoments.com, a legitimate seller of children’s books.  But this is just another wolf in sheep’s clothing.

Delete and move on…

Legal Zoom is a real online service for wills and other legal matters.  However, as usual, this email did not come from Legal Zoom or any legitimate marketer representing them.  It came from the domain wlynx.date and the links point back to wlynx.date.  You all know the drill about the majority of these scam domains… A WHOIS lookup shows that wlynx.date was registered just hours before the email was sent.  It was registered to someone named “munna” with no last name, from “indore, India.” And a reverse image search in Google shows that the cute photo of father and child came from a site called Zergnet and was also used on a website called Imperfect Parent.

“DON’T IGNORE THIS” says an email from clint @saleicus.stream. “Your CVS Points are ready.  As a valued member and customer of CVS we would like to offer you a $50 gift card in exchange for taking our survey…”  Don’t click that link! A WHOIS of the domain saleicus.stream informs us that it was registered in late February to….. drum roll….   “King James of Orlando, Florida!”

Now delete.

We often expose malicious emails that look like they came from Amazon.com.  Here’s an email design we’ve not seen before that came from the oddball address brontosaurus @clickicus.stream.  Can you guess who registered the domain clickicus.stream in late February?  Here are a few hints….  Bible, England, crown.

Now delete.

TOP STORY: Online Privacy –Oxymoron, Weapon, or Both?

Clearly confused, military intelligence, jumbo shrimp, and the living dead are well known oxymorons.  We would like to add a new one… “online privacy.” It doesn’t exist, unless you have the skills of a Mosad agent.    Want a couple of small but creepy examples? Visit FamilyTreeNow.com and enter your name, then click “view details.”  (A word of warning… Avoid clicking any of the sketchy links on the results page.  Also, you can “opt out” to have your personal information removed but it won’t help you much since your information can be found on dozens of other free and fee-based sites. To opt-out, visit: http://www.familytreenow.com/optout) For our second example, visit Whereisthepicture.com and click the link in the upper left that says “Upload and Locate Your Picture.”  Choose a photo you’ve taken with your phone, iPad or tablet and upload it.  The website will pinpoint the exact location of your photo and show you some details about that location.  (The website Geoimgr.com offers this ability too.)

Now that we have your attention, we thought you might find the following email of interest.  “Find out who the person really is. Spy on anyone with our advanced search” says an email that appears to represent the pay-for-service at eVerify.com.  But look again with a critical eye and you’re sure to notice that this email was sent from Everify- @memmories.us.  All links in the email point back to a file buried deep in the webserver at memmories.us.  The Zulu URL Risk Analyzer informs us that there is a 90% chance that this link is malicious.  This pitch to use Internet tools to spy on others is just another wolf in sheep’s clothing.

OK, we dodged a bullet but our concerns still remain.  There is so much personal information about all of us on the Internet, for free or a small fee.  How can we learn what’s out there on us so that we can better protect our privacy or try to have it removed?  Fortunately, we got this email to help us out!  Jessica Taylor sent an email from the domain SearchResultsNewInfo.com with the subject “Somebody may have just-run a background-search on” (you).  She goes on to say that people can find out information in public records such as mortgages, liens, marriage-licenses, criminal histories, arrest records, bankruptcies and a lot more!  But don’t jump for that link.  We smell a rat.  A WHOIS tells us that the domain SearchResultsNewInfo.com was registered about 3 hours before this email was sent by someone named “Chris Fuller” from Los Angeles, California.  The domain is being hosted in Valencia, Spain.  We asked the Zulu URL Risk Analyzer to check out the reports link in this email and Zulu tells us that there is a 96% chance the link is malicious. We don’t like those odds.

So who can we trust to tell us what the Internet has on us?  It’s hard to tell the difference between the Good, the Bad, and the Ugly.  Sometimes it feels next to impossible to tell friend from foe and what they do or do not know about us.  Take this last email from investornewstoday.com.  “These Stocks Are Booming From A Trump Presidency!”  “Buy These Trump Penny Stocks Now…”  The link “click here to find out how” points back to the same domain investornewstoday.com and the email claims to represent the publisher of Agora Financial.  Sounds really sketchy, right?  But, so far as we can tell, the email represents the real Agora Financial service.  So why did we mention it in this column about internet privacy?  Simple.  Barely noticeable, at the very bottom of this email is a tiny “web beacon.”  Also called a “tracking gif.” (Read a detailed description of web beacon’s on Wikipedia.) We offer you this innocuous email as one more example how little privacy we truly have while using the Internet.  Agora Financial knows if you opened this email, when you opened it, and how often you opened it.  Some web beacons can even determine your general location by collecting an IP address of your internet connection. (Internet address)

We would love to hear from readers what they think could be truly private on the Internet.  Let us know, because we see that you’ve opened this email and when you opened it…  😉

FOR YOUR SAFETY:  Hey Friend, Your UPS Delivery

We’ve been seeing a small spike in malicious emails being sent from hacked user’s accounts such as this email from a Comcast account.  “I’ve been looking for some nice stuff and I have found these really nice things, please take a look…”  VirusTotal.com informs us that at least 5 anti-virus services have identified the link as malicious.  These things are not so nice after all….

 

 

Fake emails disguised as delivery notices are one of the staples of the criminal gangs who try to infect our computers.  Check out this one with the subject line “New status of your UPS delivery.”  The attached zip file is an itty-bitty bomb.  Don’t let it go off in your computer!

 

 

 

 


ON THE LIGHTER SIDE: I Am Now Rich

This next email came from one of our readers!  Eddie in the UK thought we would enjoy it….

We love how straight forward Alice Moore is…  “I am now rich.”  Wow, what Barrister Hoek did for Alice is amazing!  Maybe he’ll do the same for us!  We want to go interview Alice in Florida but Google only shows us an empty lot filled with trees at her Silver Springs address.  🙂


I am Mrs. Alice Moore, I am a US citizen, 48 years Old. I reside here in Florida USA.My residential address is as follows, 7008 E Hwy 326 Silver Springs FLorida 34488 United States,am thinking of relocating since I am now rich. I am one of those that took part in the compensation in Nigeria many years ago and they refused to pay me, I had paid over $85,000 while in the US, trying to get my payment all to no avail.

So I decided to travel to Washington with all my compensation documents, And I was directed by the Federal Bureau of Investigation Director to contact Barrister Bruce Hoek, who is a representative of the Federal Bureau of Investigation and a member of the Compensation Award Committee, currently in Nigeria and I contacted him and he explained everything to me. He said whoever is contacting us through emails are fake.

He took me to the paying bank for the claim of my compensation payment. Right now I am the most happiest woman on earth because I have received my compensation funds of $5.9 Million US Dollars, Moreover, Barrister Bruce Hoek showed me the full information of those that are yet to receive their payments and I saw your email as one of the beneficiaries on the list he showed me, that is why I decided to email you to stop dealing with those people, they are not with your fund, they are only making money out of you. I will advise you to contact Barrister Bruce Hoek. Kindly send your personal details to him to prove your identification.

Full Name:
Home Address:
Occupation:
Phone Number:
Age:
|Gender:
country:

You have to contact him directly on this information below.
Compensation Award House
Name: Barrister Bruce Hoek
Email: barristerbrucechambers01@gmai.com

Thank you and be Blessed.
Mrs. Alice Moore
7008 E Hwy 326 Silver
Springs FLorida
34488 United States

Until next week, surf safely!

 

 

s2Member®