Please support our effort by making a small donation. Thank you!

x

September 16, 2015

UNDERAGE GIRL SEXT SCAM

“Last night i received a text message from a girl who said she was someone who i was talking to a few weeks ago from a site and was just finally texting me. So i answered back saying hi…”

 

THE WEEK IN REVIEW

Surprise! The past week was a bit quieter than most. We would like to think that the scammers were busy getting their kids back to school. More likely, however, is the fact that last week was a big vacation week and many malware-infected computers around the United States were shut down and unable to spew out spam and malicious emails for long periods of time. (Botnets push out most spam/scams in the world. Check out our definitions page to understand what a spambot is.)  In either case, we’re grateful!

By the way, McAfee Labs recently came out with their 2nd quarterly Threats Report for 2015.  Check out these two graphs showing the volume of web threats in general and phishing scams they detected. Keep in mind that they measure their data in the half-million and five-million increments!

1-McAfee Labs phishing threats

 2-McAfee Labs web threat data

 

Sample Scam Email Addresses

3% INTEREST LOAN OFFER_APPLY NOW

Cut costs on car insurance

Eliminate having to Wear – glasses

Expert plumbers for any plumbing need
Find an app Developer near you…

I’m sick of hearing your BS!

Invoice Hermann Conn

New Fax – 800273336

Payment Invoice

Pills for Health

RE: Donated to you

Suspicious-texts.. in His phone? Find the phone # instantly

Take advantage of roofing specials in Your city

Women’s Leadership: Step up and lead – Develop your leadership style

Sample Scam Email Subject Lines

BecomeANurse@bathsonics.review

Break-fastReport@dietforlife.faith

CarCoverageQuote@instric.help

CloudComputing@gerater.help

freedomgenerator@gridesy.org

GasandFuelCards@adukohe.help

Movers@valuedidea.xyz

psoriasismiracle@rightsyriosis.org

restorelostmemory@coolguru.faith

Slimstomachtip@fizain.net

SolarPanelOffers@juggledwell.xyz

Supervisorfocus@managershareheroes.com

Touchfire@firaran.net

Wireless-HomeSecurityCameras@pections.review

 

Dropbox

 

 

 

Phish NETS: Dropbox

We’re honestly not 100% sure if this is a phishing scam or simply another malicious trick to infect your computer, or likely both! Fortunately, the scam is easily revealed by mousing-over the link to show that it doesn’t lead to Dropbox.com. It leads to cubbyusercontent.com, a website we have seen misused before. Would you have been curious enough by the subject line “Rolando Oneil shared MonthlyStatement_SEP_15.pdf with you” to open it? Would you have clicked on the link? To confirm the malicious intent, we checked out that link at VirusTotal.com and look below to see what it confirmed.

Just delete!

3-Rolando used Dropbox to share a file

4-Rolando used Dropbox virus score

 

 

meter_expired

YOUR MONEY: Amazon Prime, Costco and Timeshare Offer

It is typical scam behavior to send out a bogus offer that expires either the day it is sent or a few days later. Check out “Amazon Prime Customer Appreciation Voucher expires 9.10.15” below. The email went out on September 9 at 6:13 pm. It’s as bogus as a $3 bill. Or how about the Costo Gift Card notification below. It is also expiring in a few days. “Your $250 gift card is expiring soon.” Of course, neither email comes from Amazon.com or Costco.com.

Delete, delete!

5-Amazon prime customer appreciation voucher 

 

6-Your 250 Costco giftcard expiring

We admire the clever tricks used in this next scam about buying “your” timeshare. “Offer #714193919 made Thursday to purchase your timeshare.” The bait… offer more money than what something is worth. While timeshare owners are wondering how much the offer is for, you might miss the fact that the email doesn’t come from timeshares.com (a real Wyndham website) and it doesn’t contain any information that identifies the recipient or location of the timeshare. Look closely at the from address. Can you spot the scammer’s trick? By the way, as we started to read the black text hidden in the black box at the bottom of this scam email (and meant to fool antispam servers) we thought it sounded familiar so we Googled the first line. It comes from Chapter 2 of Jack London’s The Call of the Wild! At least our scammers have some good taste in literature!

7-Offer made Thurs to purchase your timeshare

 

wollf+sheep

 

TOP STORY: Wolf in sheep’s Clothing? Tips4Spyware.com

This week’s top story was a surprise to us and began when we discovered a single small email with malicious intent that attracted our curiosity…

8-top story 1-tips4spyware

 

Though the email came from an address in Spain (rita@coag.es, where “.es” is the 2-letter country code for España) it contained the real email address of a realtor from a local realty firm. Obviously the realtor’s email had been hacked and email addresses were stolen. Those stolen addresses are now being targeted by malicious emails. However, what really caught our attention was the irony of hacking into and hiding malicious files on a website called tips4spyware.com. We wanted to inform the website owner’s that their website was hacked and hosting malicious software so we used a WHOIS to look up their details  after finding no contact information by doing a Google search for their email or phone number.

It turns out that the domain tips4spyware.com is owned by HICHINA ZHICHENG TECHNOLOGY LTD. In Beijing, China and hosted by Alibaba. Some of the ownership info is hiddent by a proxy service. This is not what we expected for a website that seems very American and intent on helping netizens avoid or clean up spyware infections. This bit of information led us to run a Google search of the company HICHINA ZHICHENG TECHNOLOGY LTD and we saw many negative links from people to avoid this company including this thread from Scamwarners: https://www.scamwarners.com/forum/viewtopic.php?f=10&p=250729

We also found this Beijing company mentioned in a long thread of messages from a 2014 discussion about scams titled “If it sounds too good to be true” on Brian Kreb’s website.  For those who don’t know him, Brian is a highly respected reporter about online crime. We recommend his blog enthusiastically!

We used the Zulu URL Risk Analyzer and VirusTotal.com to check out tips4spyware.com but the results were negative or marginal so we decided to visit the website. A visit to tips4spyware.com immediately forwarded us to a very scammy website exclusiverewards.deeq.info and the message “Congratulations! You are Todays Lucky Visitor” with multiple windows opening in the background. A WHOIS lookup of Deeq.info shows that ownership is hidden by a Proxy Service and it was registered this past April. The whole thing smells! We cleared our web brower’s cache just to be sure and ran a virus check.

9-top story 3-you are lucky winner

According to PhishTank.com, tips4spyware.com has been used at least twice to host phishing scams.  Given what we have seen and learned about the tips4spyware.com domain and its owner in Beijing, China we consider this website HIGHLY suspicious and would never recommend taking any advice it provides. And NEVER download the tools it offers to clean out spyware from your PCs. Caveat emptor!

FOR YOUR SAFETY: Contract Edits, Fax, Payment Invoice, Fedex, “This Site May Be Hacked.”

The many small malicious emails continue to fill inboxes. Each contains either a link to malware or malware attached in the form of a zip file, jar file, infected Word or Excel document, etc. (A jar file is a group of aggregated javascript files and can be extremely dangerous!) Here are four recent examples…

11-Edits of contract

 

 

 

 12-New fax

 

 

13-Payment invoice attached for reservation

 

 

14-Fedex-we could not deliver your item

 

 

 

It is important to note that Google will sometimes inform a user that a website “may have been hacked.” It has been our experience that “may” means this website HAS BEEN hacked and is hosting malicious software! STAY AWAY! We wish Google made this warning more visible, or at least showed it in red. Here are a couple of recent examples…

15-Voteforgarcia-com hacked

 

 

 

 

 

 

16-Wordanst on Google shows hacked

 

ON THE LIGHTER SIDE: I have a video you must watch right now but please be warned, it contains graphic content.

Uh, well…. Yes. It is a graphic after all so it contains graphic content. Did they mean graphic violent content? We get that kind of content just looking at the evening news. But hell, we’re simply excited about learning some defensive moves so we can walk confidently down any big city back alley! Until next week, surf safely!

Until next week. Surf safely!

17-A video you must watch right now