Please support our effort by making a small donation. Thank you!

x

March 9, 2016

THE WEEK IN REVIEW

In recent weeks The Daily Scam has informed readers to expect an increase in scams related to tax season. Here are two more samples from the previous week: Tax Refunds for Car Donations and File Your Taxes Online.

    1-Tax refunds for car donations 2-Prepare and file your taxes online                

Also, last week’s top story was about the word shocking and how likely it is that you are reading a scam if the word is used in a post, tweet, email or text. We should add another word of caution whenever you see a post, tweet, email, or text containing unbelievable news, such as this recent email. Resist the urge, take a breath and don’t click. More often than not, it is a lie at best, or malicious at worst. “Paul McCartney no longer has Alzheimer’s.”

3-Paul McCartney no longer has Alzheimers

Sample Scam Subject Lines:

12 time lotto winner explains his biggest secret

ATTENTION PLEASE GET BACK TO ME

Delay with Your Order #321F49E0, Invoice #72376418

FWD: Sears will replace your roof within budget

GNC: Product of the Year 2016

How to Slow Down the Symptoms of Aging (video)

My fat sister looks better than you

Ocean freight from China

One more Reason to Binge Watch with DISH

Transaction and Payment Confirmation

Why Donald Trump Thinks Your Stupid

Wireless security cameras

Women’s..Pluz-Size..Clothing

Your Secret Code

Sample Scam Email Addresses:

abcshitnews@fitdiet.click

amazingpatiofurniture@homepatio.date

amazon-reward@iotry.generalbonuscards.top

besthybridcars@hybriidcar.pro

Blood.Sugar.News@philosophicalnessin.download

Costa-RicaResorts@servential.download

CruiseTheWorld@sawer.recary.top

discountairfare@airtikett.date

edu@degrees.co.vu

Fox-Weekly-Update@uhdfr.rbigger.xyz

PrintPetCoupons@conquestic.download

StandingDeskBenefits@rogiver.pro

ToursofIreland@irelandvist.pro

wirelesssafetycameras@watchcamera.pro

 

 

 

Phish NETS: My Apple

Scammers continue their scampaign against Apple users. We can only speculate why Apple account holders are the preferred whipping boy of the Phishers. But we are certain about one thing, the criminals doing this are motivated by money… plain and simple. For whatever reason, they must earn more money by targeting Apple account holders than other account holders. Most financial services these days offer increased security as either 2-step verification for users or a user-selected graphic to remind the account holder that the website they are about to log into is legitimate, or both. Apple doesn’t offer either feature. (To learn more about 2-step verification and how to turn it on, visit this article at Gizmodo.)

Fortunately, all of the phishing scams we have seen are easily revealed by mousing-over the link to reveal the fraud OR adhering to the policy never to click on an attached file such as html, shtml, or htm file to download. To better understand the risks of file types attached to emails, read our article Filenames Will Set You Free. The link in this phish points to the website mosabeh-stones.com. The website is for a stone cutter in Hebron, Israel whose website was hacked.

Just delete!

4-My Apple-you have new message

Your Money: Adoption Resources, Single Parent Dating Service, Shop Women’s Wear, and International Tour Packages

We are seeing many brand new graphics and scam ideas from the same criminal gang. It makes us wonder if they hired someone new or simply decided that it was time to revamp a lot of the “tried and true” scams because fewer people were clicking on them. And though we believe this criminal gang is located outside of the United States, we often think that they must have Americans working for them because there is a great deal of sophistication in both the topic selection for the scam and the timing to deliver the scam. But before you give them too much credit, keep in mind that they also push out a lot of ridiculous garbage that can only fool the most gullible and uneducated. These next four scams are more nuanced…

  1. Considering Adoption? From AdoptionMatchingServices@turtles.pro  Recipients are told they can “learn how to adopt a child or baby from the US or other countries.” The domain turtles.pro was registered on March 2 using Alpnames from a bogus company we have reported on in the past called “Digital Technical.” (See our February 24 Newsletter.)

2. Single Parent Dating Services sent from SingleParent
DatingOnline@tamasif.pro  The domain tamasif.pro was also registered on the day the email was sent, March 3 by someone using the email address sheisamonsterlalala@mail.com. We reported on this bogus registrant in last week’s newsletter. By the way… That lovely photograph of the family of four was taken from ShutterStock.com and has been used in dozens of marketing emails. Check it out on TinEye.com.

  1. Save on Swimwear sent from SwimwearSale@pizzatime.pro  This is another scam registered through Alpnames to the bogus company called “Digital Technical.” Need we say more? And just in time for all of you planning family vacations for March and April to warmer climates!

 

  1. International Tour Packages from Summer-Tour-Packages
    @instinctno.pro  Care to take a random guess who registered the domain instinctno.pro? You’ve got two good choices and we’ll give you a hint… BOO!

 

8-International tour packages

Yes, the scam above was registered using Alpnames by Sheisamonsterlalala@mail.com.   Bottom line? We are confident that all of these scams come from the same criminal group because they share too many things in common including the timing of their release, template design/layout, coding, use of the dot-pro top-level domain and registration information. And now let us all say…

Deeeeleeete!

 

TOP STORY: $50 Spring Rewards Scams

They’re baaack! Months ago during the Christmas holiday season we were all flooded with $50 promotion scams but they dried up not longer after New Year’s had passed. Now they are back with a vengeance and many of them claim to be rewards or vouchers celebrating Spring! Lucky us.

Let’s start with these three identical, and obvious, scams that appear to be from Amazon, Sam’s Club and Costco for $50…

9-Amazon prime 50 customer spring award 10-Claim your 50 Sams spring reward 11-Costco spring reward balance

And then we have this re-issued scam email used hundreds of times in 2015 that has a new year stamp on it and identified as a “Costco appreciation voucher.” “Congratulations! You are participating to win a $50 COSTCO Gift-Card or equivalent Visa Gift-Card.” The domain excusea.top was registered by someone named Richard Clark from Chatellerault, France on March 4. As if there were any question about the legitimacy of this website, Google cannot find any such domain in use.

12-Costco customer appreciation voucher

 

Finally, here is an email that wants you to believe you have received a Kohl’s $50 2016 gift reward. But like the other emails, it’s as bogus as a $3 bill. Just delete and be happy you’ve dodged a bullet.

13-Kohls 50 2016 award


FOR YOUR SAFETY: Update Windows, Walmart Voucher Code, Detailed Bank Invoice, CVS Extra Care Rewards Program

TDS has recently been seeing a wider variety of short emails carrying malicious files in many different formats. Malicious code, meant to do you harm, can be hidden inside Word and Excel documents, pdf files, and many more file types. Here are a few examples…

 

And in case you had any doubt about that attached Excel xls file called “Hillsong-71083” look at what Sophos told us about the file:

17-Bank detailed invoice sophos id

We also saw something new and very dangerous this past week because we believe there is a significant risk the email can successfully engineer a recipient to click. Would you have clicked the link? It appears to be about CVS ExtraCare Rewards but it was sent from Yael@patttobirkse.click. “Important message for CVS card holder #14275. Your CVS-Extra-Care Savings and Rewards Card Has Just Been Updated.” The link Go Here to Confirm… points to a shortened link from the service OW.ly. We unshortened the link using Unshorten.it and discovered that it points to a file located on the odd website called “prize-o-rama.0379.pics.” We can’t say for certain what the scam is here but we’re 100% certain that it is malicious!

DEEEELEEETE!

18-cvs extra care rewards program

ON THE LIGHTER SIDE: Your Profile on Facebook

How can we resist such a lovely offer from a woman named “FAVOR?” Her sincerity and interest in us clearly demonstrate good intentions and good taste! We are, after all, good people too! We’ll let you know next week how our new friendship goes. Until then…

Surf safely!