Please support our effort by making a small donation. Thank you!

x

October 5, 2016

THE WEEK IN REVIEW

We would like to remind our female readers to be very careful about invitations to join professional women’s networks or organizations they hear about online.  We have reported on several of these in the past, include worthless real organizations with questionable practices, as well as malicious emails pretending to represent such organizations.  We are seeing a resurgence of these scams including these two bogus malicious emails designed to infect your computer…

2-professional-womens-network 

 

 

 

Previous articles include:

For Your Safety: Sept. 30, 2015

The Week in Review: April 20, 2016

Top Story: Aug. 3, 2016

 

Baiting… to lure a person into a trap by offering something he or she will be attracted to.  Sadly, we see it every day and we hear from readers who have lived it.  Most every day we get an email from someone who has been the victim of a scam or targeted by malicious emails.  Like this one…  “Congratulations, you are confirmed!”  “Now you can attract MONEY, power and respect into your life…”  The link points to a shortening link service in Brazil.  You’ll see that the Zulu URL Risk Analyzer identified it as malicious with several damaging scripts lying in wait.

  4-congratulations-you-are-confirmed-zulu-score

 

 


Sample Scam Subject Lines:

Car loans for bad credit

COPD Diagnosis? | Treatment Options

Discover Choices for Drug or Alcohol Addiction Issues

Do you fly often? Upgrade your airfare

Duke-University: Breakthrough Cure for Herpes HSV-1 in 20 days

Eliminate Your Debt in 12 to 36 Months. Free Consultation 11066828

Fox: Stop Paying for Expensive Auto Repairs

Help keep your blood pressure low with this mineral

Is Credit Card Debt stressing you out?

Need your passport quickly? View ads here

Problem with parcel shipping, ID:000948534

Re: Salary [$900 /week]

Transaction Details

Sample Scam Email Addresses

AfricanSafaris@eiveia6.causedheartburn.top

cnnnews@memorygetbck.stream

Cure_for_Snoring@azyu4op.nomoresnoreboss.top

diabetesnews@diabtecdesthffg.download

Fidelity.Partner@bu6gact.heatihb.top

firstchoiceautoloan@filtarstra.bid

foreclosureauctions@foreclosrlist.download

Harvard_Nutrition@nsuyd1oi.nutritionresearchhow.top

KitchenRemodelingDesigns@tui5geu.southrh.top

Roof-Installation@oie8sia.crampvs.top

Tinnitus.Reversing.Discovery@1eadoik.doingmytinnitus.top

wirelesssafetycameras@wirelesssam.stream

Yacht_Charter_Specials@arie8wo.wannank.top

 

Phish NETS: PNC Bank

PNC Bank offers many financial services in many states.    The email below appears to have been sent from the legitimate domain pnc.com…  ebankingsec-alerts@pnc.com but that isn’t the truth.  The from address was spoofed which indicates how sophisticated the criminals are who sent it.  “Your Access to Online Banking And Telephone Banking Has BeenSuspended” (Note the scammer’s error in the subject line.)  A mouse-over of the line pnc.com points to a website in Australia called pubinthepaddocktas.com.au (“Pub in the paddock”  .au=Australia)  A search for this domain in Australia actually turned up several reports of phishing sites at the website PhishTank.com

Delete!

Your Money: Enjoy a Ruby Tuesday’s Meal, Home Warranty Plan and Hydro Mousse

“Enjoy a Ruby Tuesday’s Meal” “Get a $25 Gift Card, on us. View details here.” Says an email from nationalconsumercenter@ bbywer.xyz. The email contains the name of a phone marketing service called EmailElements from Grandville, Michigan.  Google cannot find any business named EmailElements, nor a website of domain bbywer.xyz and we’ve reported on this address in Grandville, MI before. (See our Dec. 30, 2015 Newsletter). The address is nothing more than a mailbox drop and often used by criminals.

“Protect your home with a home warranty” says this email from homerepairguard@ homrpar.download.   A simple WHOIS lookup for the domain homrpar.download shows that it was registered through a proxy service in Panama just a few hours before the email was sent and is being hosted in Hessen, Germany.  Sound like the home warranty you were looking for?

Delete!

One could argue that for some of us, America’s national pastime is not baseball but cultivating our lush green lawns.  Sadly though, our lawns are looking pretty bad… dead spots, fungus, weeds, and too little rain making it a poster child for this next email.  “Your beautiful lawn is just a spray away” And it’s eco-friendly!  This ad certainly had our attention but hold on….  This Hydro Mousse liquid lawn email came from hydromousseoffer@ hydromos.date.  Did they misspell their own domain name? hydromos? According to WHOIS, the domain hydromos.date was registered on the day the email was sent by someone from Rajasthan, India named “satyarth chouhan.”  There is a real product called Hydromousse but it’s domain (and website) are found at hydromousse.com.

Delete!

TOP STORY: It’s Been Reported in the News…. NOT!

Journalistic ethics is a big deal.  “HUGE,” as Donald Trump might say, though it seems he has no ethics according to many news reports about him during the last few weeks.  In fact, the Society of Professional Journalists (spj.org) lists four principles in their code of ethics on their web site.

  1. Seek truth and report it
  2. Minimize harm
  3. Act independently
  4. Be accountable and transparent

And so we wish to point out that an often-used trick by criminals is to envelope their lies, scams and malicious intent in a journalistic wrapper.  By pretending that they are connected to Fox News, CNN, the Wall Street Journal, the New York Times, or other high-profile news agency they hope to bring legitimacy to their pitch.  Take this “breaking news” story that appears to have been released on CNN… “Groundbreaking New Research Shows How to Reverse Type2 Diabetes in 3 Weeks…” published on September 26.

However, if you look at the email with a more critical eye you’ll notice several oddities that should make you suspect this is not what it appears to be.

  1. The email came from hayes@ bloddsugrscert.eu. (As in “blood sugar secret?”)  The “.eu” is the country code available to members of the European Union.  The email did not come from cnn.com.
  2. The link in the email points back to the strange domain bloddsugrscert.eu not cnn.com
  3. The bottom of the email contains white text against a white background, an often-used trick of spammers and scammers to try to deceive anti-spam servers that the email is somehow legitimate.
  4. The email contains the odd-ball request “if you do not want more particular Message going forward click here…” followed by an address in Oregon. These odd “unsubscribe” messages often occur below the graphic/primary content and contain odd language meant to get through antispam servers and include an address to offer some legitimacy to the source of the email.

How about this email with the subject line “FoxNews: Trump Shocks Bill O’Reilly” but then begins with the header “BDN News: On The O’Reilly Factor” (BND News?  As in Bangor Daily News?)  Looking at this with a skeptics eye quickly reveals the same suspicious points as described above.  Of course, a quick trip to your local WHOIS would also reveal problems to anyone wishing to make the trip to look up either domain bloddsugrscert.eu or brownuu.top. To learn how to use a WHOIS tool, watch our short video! (For a good lesson in understanding domain names, read our article Learn to Surf Safely by Understanding Website Domain Names)

And finally, we have this email about a “breakthrough” from Johns Hopkins on new ways to treat pain.  The sender claims that this breakthrough report appeared in Time magazine, BBC News and National Geographic.  National Geographic? Seriously? Where will we see it next? Horse and Hound Magazine in the UK?

Caveat emptor.  Anyone can make up anything on the Internet.  Just because it looks professionally crafted and cites sources of legitimate news services doesn’t make it real.  If all this phony baloney is making you anxious, we recommend you visit Havidol.com  take a chill pill (or “have it all” including a good laugh).

11-johns-hopkins-breakthrough

FOR YOUR SAFETY: Doc You Requested, Sending the Contract We Agreed Upon

We have been seeing a lot of malicious emails disguised to look like they were sent from someone at the same company or organization as the recipient.  Most refer to an attached pdf but the file is a zip’d file containing malware.  Here’s a list of recent emails hitting one company, followed by a sample email.

13-doc-you-requested

And then there have been emails containing fake contracts that are actually malware.  Would you have clicked on the file wondering what this is a contract for and how much it offered?

 14-sending-the-contract-we-agreed-on

 

 

 

Finally, we could not confirm whether or not there is malware waiting for you at the domain ok-onlines.com  listed in this recent text to buy Ray Ban and Oakley sunglasses but we could confirm that the domain was registered earlier in September by someone in China.  Google finds the website but cannot find any information whatsoever about the site.  Best to avoid it.  Looks like a crappy knock-off site at best.  We wouldn’t want to give them our credit card information.

ON THE LIGHTER SIDE: You Have 1 Free Psychic Reading

A psychic medium named “Exceptional Ron” sent us an invite to hear his “important and shocking revelations.”  Since he’s a psychic, he already knows how much we laughed at the offer followed by some explitives we strung together for our response.   No need to hit “send.”  He is a psychic afterall.

16-you-have-1-free-psychic-reading

Until next week, surf safely.