If you find our resources valuable, please support us by making a small donation. Thank you!

x

May 3, 2017

THE WEEK IN REVIEW

Last week we mentioned that criminals are targeting businesses and organizations with emails that look like job requests or requests for internships.  The sender attaches a resume containing a macro trojan that will infect your computer.  These malicious emails continue, such as this one sent from a domain in France…


 

 

 

Also, we continue to see malicious emails sent from real people’s hacked email accounts.  Doug at TDS got this email that appears to come from a friend. However, even though it contains the friend’s account name in front of the “@” symbol, the address domain is different. (This email came from South Africa; “.za” is the 2-letter country code for South Africa)  The link, of course, is malicious.

Sadly, once criminals have hacked your email account, they steal all the contacts in your address book and target your friends for months to years, while disguised as you.  We’ve seen malicious emails target people several years after the breach took place. **sigh**

Read our two latest feature articles...

Cyber Crime Investigation Against You
Free Airline Tickets!


Sample Scam Subject Lines:

(2) photos catch Megyn Kelly

Apple Cider Vinegar: The new diet craze

Checking your credit does not harm your score

Doctors are calling this pill Magic for the Brain!

Friday: Bill O Reilly busted on Fox

From the Economist Who Predicted Trump’s Rise

Never Pay Full Price for Printer Ink Again! Save with us Today.

Restore your youth naturally

The most viewed post ever on Facebook: 15768313

Weight loss myth – not anymore

Windows notification

Your chances for a heart attack goes WAY up by not doing this for 10-sec a day

Your Home Security Info #44384

Sample Scam Email Addresses

amazing.senior.living.options-[YOUR EMAIL] @ childimportantb.gdn

amazonmygifts-[YOUR EMAIL] @ superamzns.com

chinawomendatingteam @ chinawomu.party

ConstipationRelief @ ofrbest.bid

cnnbreaking @ reatbrain.party

doctors-tip-[YOUR EMAIL] @ mihearthealth.com

freeanimationsoftware @ ilusionhfgcf.party

lendingtree-partners-[YOUR EMAIL] @ i9prime.com

matchcompartner @ matchcoail.date

Perfect_Portion_Diet @ brawny.planrsb.us

service @ 10118.com

TimeshareConsultants @ uje6yhg.rackcss.us

violet-christiansen-[YOUR EMAIL] @ newshowbilsl.com

 

Phish NETS:  Drop Box and Apple

This email pretends to come from someone named Chrissy saying that he/she shared a document with you on DropBox called ApprovalDoc.pdf.  However, mousing over the blue box “View Document” reveals that the link points to a hacked website called savourfoodandwine.com.  We’ve let them know.

This Apple phishing scam is just another social engineering trick.  The recipient is told that his or her address was updated for the Apple ID account.  But the link points to a hacked photographer’s website.  A big delete!

 

YOUR MONEY:  Slash Your Energy Bill, Meet Black Singles, and Tickbox

“Slash your energy bill and escape the power monopoly!” “Slash your electric bill by up to 75% or more within the next 30 days”  This is just another bogus “watch the video” social engineering trick meant to infect your computer.  The email came from, and links point back to, the domain diyhomes-dot-party.  Even before we investigate the domain you’ll notice the opt-out address at the bottom of the email is one we have identified many times as being used by criminal gangs…. Kinzer Ave. Danville, VA.  However, the domain diyhomes-dot-party was registered on the day the email was sent by a proxy service in Panama and the domain is being hosted in Hessen, Germany.

Deeeeleeeete!

How about this attractive offer that came from blackpeoplemeetcomoffer @ kariyapeo.party.  It claims to represent the real website blackpeoplemeet.com but doesn’t!  Once again, look at the Opt-out address at the bottom of the email.  This malicious email was sent out by the same criminal gang that created the energy savings scam above.

Delete!

 

TickBox is real technology but this next email didn’t come from TickBox!  “Tired of Paying for HBO, Showtime and “Premium” Channels? No Contract or Fees.”  Links point back to the domain edkerry-dot-us. (and the subdomain “gohere”)  This domain was registered on April 29 (big surprise) by someone named Kiersten Mahmood from Caracas, Venezuela.  Sound like TickBox?  The WHOIS record also shows that “Kiersten” has registered at least another 101 domains.  We’ll bet real money that each and every one of them is malicious.

TOP STORY: Your Apple iPhone Has a Virus

Recently a friend of ours contacted us in a bit of a panic.  She received two startling notifications that her iPhone had a virus.  “System Warning. Apple iPhone is infected with virus and immediate action is required” said a popup. “Continue and follow the instructions to fix your Apple iPhone. Do not close this window. **Exit at your own risk**”  (We loved that last piece of melodrama!)

After clicking OK, our friend was presented with these instructions…. “(2) virus have been detected on your Apple iPhone.  We have detected that your Apple iPhone has been infected with viruses.It will soon corrupt your SIM card, data, photos and contacts if no action is taken.”  A timer was counting down the minutes and seconds starting at 5 minutes.  It was so ridiculous!  It might just as well have said that the earth will implode, your dog will disappear, and your wardrobe will spontaneously combust if you don’t do what we tell you.

Of course we were really excited by all this drama!  We determined that the link did, indeed, lead back to the Apple App store.  We clicked to see what software was being promoted by this end-of-the-world bogus virus warning and found that the link pointed to an app called “Hotspot Shield” by AnchorFree.

Let’s break this down because these bogus virus popups raise several important questions.  First of all, can iPhones get viruses?  The answer, though reassuring, is a bit layered…  No, there are no known viruses against the Apple iOS so long as you do not jailbreak your iPhone! (A virus is just one kind of malware.)  Jailbreaking your iphone means to remove the Apple restrictions placed on it so you can install software from websites other than the Apple App store or run software that Apple normally does not allow you to run.  We STRONGLY advise against jailbreaking an iPhone because it will void your iPhone warranty and increase your risks for getting malware infections.

However, even though Apple iPhones don’t get viruses, there are several known types of malware that have been discovered against security holes in the Apple software.  This is an important reason to keep your software updated to the latest version of your iOS.  Thankfully, far fewer malware threats have been found against iPhones than the malware attacking Android phones, according to a report published this past March from Palo Alto Networks and reported on Omaha’s KETV Network. Also, new research by Nokia reported that malware infections of Android phones is far surpassing infections of even Windows PCs. (This was reported in a recent article on NetworkWorld.com.) This is quite a statement, considering how many threats target Windows PCs every month!

Some malware has been found hidden inside apps that have themselves been infected.  This is extremely rare because of the very strict review process Apple requires before allowing an app to be listed in the Apple App store.  A search of HotSpot Shield and the word “virus” returns a link to this same iphone popup scam being discussed in early February on the Apple discussion boards.  So what happened to our friend and does HotSpot Shield contain malware or is it just a sleezy, self-promoting piece of scareware? We simply don’t know, though the odds are in favor of this being self-promoting crapware.  But in the end it doesn’t matter because there was no virus and no need to install HotSpot Shield.  The next time you see a virus warning, don’t panic.  Read carefully, contact a techie, or search the web for advice.

FOR YOUR SAFETY:  Participants Needed, Western Union and New eFax Message

“South Florida natural health company seeks participants for youth restoration program” says an email from the domain m5stars-dot-com, referring to the promotion of human growth hormone pills. (By the way, taking HGH pills with the hope of restoring youth-like vigor is a scam, says Dr. Stephen Barrett at QuackWatch.org.) Readers may think that this email belongs in another TDS column but this long email is dangerous and meant to infect your computer with malware.

 

 

The domain m5stars-dot-com was registered to the scam address 2885 Sanford Ave SW 35851 in Grandville, Michigan that we have written about many times.  And the Zulu URL Risk Analyzer reports an 80% chance of malicious intent from this website.  We’ll go out on that limb and call it 100%.  Now delete.

Here’s another email that appears at first glance to be a phishing scam for Western Union sent from info @ highmoon.ae.  But it isn’t a phishing scam and it certainly isn’t real.  It isn’t even one of those absurd Nigerian 419 scams with up-front fees in order to receive your 3.5 million dollars.  Clicking “VERIFY E-MAIL ADDRESS” directs the victim to a shortened URL at tinyurl.com.

 

We unshortened that link at tinyurl.com and learned that the victim will be redirected to a website called swedice-dot-club.  VirusTotal.com informs us that seven AV services have identified this website as a malicious site installing malare.

Ouch!

 

 

Finally, this email from message @ efaxo.com says that there is a word document digitally faxed to the recipient.  However, a mouse-over reveals that the link points to a malicious website.  Another big, fat delete.

 


ON THE LIGHTER SIDE: WHO Invited YOU

We wondered if Dr. Chan realized her mistake.   The World “Heath” Organization?  No matter.  Our email address has been nominated with a special invitation to a conference covering five major world problems!  Not only did we get an invitation, but Dr. Chan says we’re getting $850,000 and an automobile too!  This is too remarkable to be a scam, right?


From: info@fundtransferinitiative.com
Time:  2017-04-23 07:28:16
Subject: Respected Sir/Madam

 

Respected Sir/Madam,

The World Heath Organization is pleased to invite you to participate in the forth-coming International Conference on Child Abuse, Ebola Virus, HIV/AIDS, Racism and Human Trafficking. This event will commence from ( January 9th-26th 2017) in California, United States Of America and ( April 26th-14th may 2017) in Santa Maria, Sal, Cape Verde Island. I am honored to invite you to attend these events as my guest.

Your email address has been nominated as the only approved email from your country to qualify for the 2016 International Conference Therefore,You are Lucky because you will receive a Cash payment of $850,000.00USD and an official automobile to help you work with the WHO USA as a Fight Against AIDS representative in your country.

The original scope and idea of the FIGHT AGAINST AIDS / EBOLA VIRUS INITIATIVE is to create awareness against the widespread of the deadly Ebola Virus, HIV/AIDS  disease, while providing financial funding and support for people living at the risk of Ebola Virus, HIV/AIDS especially in Developing countries of the world.

If you are interested to receive your benefit and work with the WHO USA to Fight against the deadly Ebola Virus in your country kindly Send your:

NAME
COUNTRY OF RESIDENCE
NATIONALITY
PHONE NUMBER
SEX
AGE
OCCUPATION
EMAIL ADDRESS

Hurry while promotion is still on! You will receive more information after you have replied back my mail.

Best Regard's
Dr. Margaret Chan
World Health Organization, Chairman
drmaggiechan@yahoo.com

---

Until next week, surf safely!

 

 

s2Member®