Please support our effort by making a small donation. Thank you!

x

May 25, 2016

THE WEEK IN REVIEW

 In the game of social engineering for criminal gain, Trump is clearly the weapon of choice in the political arena. We rarely see malicious emails about Hillary Clinton or Bernie Sanders. But Trump? There is a deluge. Is it because he is such a clown, master of his circus, and the public eagerly waits for the next moment he opens his mouth? While this may ironically be true, the scammers take advantage of our anticipation by pushing out malicious emails and hoping for a click. Check out some of the latest subject lines we’ve been seeing used in malicious email…

1-List of Trump emails

During the past few weeks we have informed our readers about scam emails from the domain mailminion.net claiming to have money for the recipient. These emails continued through the first half of last week with alluring subject lines.

2-Payments from mailminion

 Sample Scam Subject Lines:

1 in 3 Pets Get Lost In Their Lifetime. Don’t Let Yours Be Next!

575 is a poor credit score. What’s yours?

Cool stuff

Doctors give Morgan freeman cure that ended her body pain

Funding from Walmart

Harvard study shows brain boosting

Have a full head of hair by Monday

Invention of 2016 released for women

Join the Millions of Americans Digitizing Their Memories

Shocking image exposed

Survey Team

THIS reverses diabetes Naturally? (yes, but…)

Want to improve sleep and reduce anxiety?

Sample Scam Email Addresses:

2016bestbedroomdecoratingideas@h-xo.download

3dayblinds@trythese.top

Ellens.Skincare.Formula@buieoaey6.duckhht.top

findretirement-planning@8-76.download

info@betterrlooking.com

info@diabetescureforyou.com

info@simplewaistmelt.com

care@masterofbrain.com

GorgeousArabianWomen@leqpaeoa5.stuffpm.top

Retirement_planning@8-76.download

Senior-living@i-lr.download

track@myupdatedscore.com

Wireless_security-cameras@7-ar.download

 

 

 

Phish NETS: Confirm Apple Profile and Email Account Suspended

The criminals couldn’t leave Apple alone for long. They rarely seem to pick on Microsoft Outlook these days in the same way they pick on Apple. Take this email that came from the domain apple-rehab.com.  Apple-rehab.com is actually the domain for a Connecticut and Rhode Island-based rehabilitation service. “Hello, You are kindly requested to confirm your Profile Details! To confirm your details Continue and SignOn.”

A mouse-over of the link “Continue and SignOn” however points to the website dazzledreams.com which is a web development company in Chennai, India whose webserver has been hacked and now hosts malicious content. Delete!

We often find attempts to trick webmail users into revealing their login credentials through phishing tricks and this week was no different. How about this email with no subject line that appears to come from UH.EDU –representing the University of Houston. “Your email is no longer able to receive email messages, it has been suspended due to spam limit policy. Your attention is required to update your email ASAP. Update Now”

Can you guess what country the link points to? 2-Letter country code is “ro.” Think Eastern European.

And then delete.

4-Phish-email account suspended

Your Money: Find Rentors Insurance, Get Burial Insurance, and Go Solar to Get a Tax Credit

If you rent an apartment and don’t have rentor’s insurance you should. But don’t look for it here. The email may appear to be legitimate but it isn’t. amazingrentersinsurance@rentinsures.bid. If you use Google to search for the domain rentinsures.bid you’ll find nothing at all. The ad posts a website named great-renters-insurance-options.com which does exist. But that is not where the links in this email lead you to.  Rentinsures.bid was registered on May 22, the day the email was sent. Our longtime readers know that a newly minted domain is very suspicious, especially when the owner hides behind a proxy service like WhoIsGuard, located in Panama like this registrant does.

How about burial insurance? Can unsolicited email help you find insurance to protect your loved ones when death occurs? “Protect your family from beyond the grave” “Be sure to get burial insurance.” Sound advice to prevent a grieving family from being burdened with the cost of your burial. But once again, this is a wolf in sheep’s clothing. The link posted in the ad, findburialinsurance-options.com, may be a real website Google can locate but all the mouse-overs in this scam point to a different website called pratiquez.top. (Pratiquez is French for “practice”) And as our readers will expect, the domain was registered on May 21 to a company in India called “Skytech System.” Sound like United State burial insurance to you? By the way, TinEye.com found 8 instances of that lovely photo of the elderly couple around the web. Most photos were found on stock imaging sites. Anyone can create an ad and looking legitimate doesn’t make it so.


There has been increasing attention to the development and use of solar panels across the United States during the last few years, fueled in part by descreasing costs to produce them and increasing tax credits offered. That is exactly what this next scam is trying to take advantage of. The argument it makes in the body of the email is very enticing. It appears to come from a company named “U.S. Solar Department” which implies that it may be a department of the U.S. government. This is simply not true. The website ecoXplorer.com identified a similar scam back in 2014. According to the Nevada Better Business Bureau, US Solar Department is not an BBB accredited business. However, though we think that U.S. Solar Department is a likely scam, the email below probably didn’t come from them! The domain the email comes from, and links point to, is nosav.us. A WHOIS lookup shows that nosav.us was registered to someone named Aaron Mizrahi from Adrenaline Ads on the day the email was sent. The WHOIS says that the website is being hosted in Rotterdam, South Holland. In case you had any doubt whatsoever about our suspicions regarding the legitimacy of this email, take a look below at the Zulu URL Risk Analyzer rating of the link in the email.

And then delete.

8-Go Solar Zulu score

 

 

TOP STORY: Invoice Hell

For profit business and non-profits alike deal with invoices every day. Invoices are the oil that helps drive the economic engine. Which might explain why criminals have significantly increased bogus emails pretending to be invoices as a means to insert malicious software onto business computers. We can’t overstate the risk here, especially for any business or non-profit organization that doesn’t have top-quality antispam filters and antivirus software to protect themselves. Check out this list of emails captured by one of our honeypot servers. Each email arrived with an attached file containing malware.

 

Let’s take a closer look at a couple of these cloaked threats. “Following the phone conversation with the accounting department represantatives I’m sending you the invoices.” “The payment notice for the penalty ID:829901 is enclosed hereby.”

11-Invoice penalty

The first of these samples contained a zip file with malware ready to be installed. The second email contained a javascript file that engages a set of internet-based instructions to produce a computer infection. Different strategies of the criminals but same results. You lose.

Every company, organization and non-profit should be training their business office staff to be suspicious of these types of emails. Policies should be in place about what the employee can or cannot open, so as to reduce the risk to the company/organization. There should be a plan in place, and staff should be trained, for evaluating suspicious files. Criminals know all too well that it is a function of the business office to open and evaluate invoices for payment. This fact makes them a target. This also explains why it is important that business office personnel and their computers have multiple layers of protection and an IT staff to support them.


FOR YOUR SAFETY: Negative Balance to Credit Card and File Attached

“Please find your monthly credit card statement attached to this e-mail. We would also like to let you know that your negative balance has reached a maximum limit” They would like to let us know? Really? Let’s state the obvious…. The email doesn’t identify the recipient, or credit card or account. But they were thoughtful to provide an attached zip file, the preferred method of choice by criminals for sending malicious infecting software. And the same is true of the email below from “Harland Acosta.”

Just delete!

 

13-File attached - please verify

 

 

ON THE LIGHTER SIDE: Overweight Volunteers Needed [Urgent]

Do you want to participate in a new Weightloss Breakthrough Study to lose up to 10 lbs? We are! Please! Any incentive to help us drop a few pounds with the support offered in this study is welcome! Sign us up! However, the domain sfz-f1.download was registered on May 20 to someone in Great Britain named “ramdy.” Maybe ramdy is flying to the United States to promote his/her awesome new weight loss program!? Let’s hope!

14-Overweight volunteers needed

Until next week, and a few pounds lighter, safe surfing!