Please support our effort by making a small donation. Thank you!

x

September 21, 2016

THE WEEK IN REVIEW

We continue to see many of the scams and malicious emails we have been reporting on all year.  For example, we still see gobs of malicious emails disguised as “reward points” from various businesses.  Check out this list of bogus emails claiming to be about Costco points.

1-email-list-of-rewards-points 

 

 

 

 

On March 2 of this year we published a Top Story about the use of extreme sensational words like “shocking” that are used to trick people into clicking malicious links.  We also published an article about this called “Sensationalist Traps.” Here is an example of another such email that is simply SCANDALOUS! Truly disgusting! (Notice the domain name created by misspelling LouisVuitton.)

2-scandalous-video

Another common trick to manipulate your clicking behavior that we’ve been watching for months concerns Donald Trump. (Big surprise, right?) Have a look at this ridiculous email.  Wishful thinking….

3-trump-withdraws-from-the-presidential-race

 

 

Finally, in the department of “seen that, been there” we reported last week on a malicious email disguised as an invite to join Jdate, the Jewish Dating service.  It’s nice to see that the scammers target people of many religions.  Check out this malicious email disguised as CatholicSoulMates.com, a Catholic dating service.

4-meet-catholic-singles

 


Sample Scam Subject Lines:

24-Hour Roadside Assistance! Protect your car today with an extended auto protection plan!

Check Local Rates, Calculate New Payments, Pay Off Your Home. No.14815319

Courier was unable to deliver the parcel, ID0000421917

Express Parcel Service

Improve your home with a new roof for less

One week cure ends diabetes

Stubborn Tummy Fat? It’s Not Your Fault…

Study Proves This Unusual Enzyme Reverses Hair Loss No.14809327

Take this quiz to see if a reverse mortgage is a fit for you

Top-Selling Water Filter Lets You Drink From a Toilet

Tracking Number

Welcome: Meet Your Latin Match Today

Your open-enrollment info is ready now

Sample Scam Email Addresses

Accommodation-Hotel@buei2oe.posaimo.top

Alaska.Cruise.Specials@dfeaa2o.loselbb.top

autoprotection@autowrranty.eu

BreastImplants@th8aeoc.qycomes.top

Christie_Brinkley_Skincare@vaui8az.bragjls.top

Complete_Online_Shed_Plans@2eerfuon.nistint.top

Emergency.Food.Supply@enua2io.swatowh.top

FranchiseOpportunities@feol4ik.playowh.top

Medicare_Supplemental@moiu8ax.introducemedicare.top

onlineroofingquotes@roofingqutes.click

PaperTowel@waterfebrics.bid

Tinnitus_Research@8jimoae.doreversetinnitus.top

US.Solar.Program@aieo8ie.surfsolarsaying.top

 

Phish NETS: American Express and Paypal

This phish disguised as a message from American Express is certainly better than last week’s Apple Support scam.  But carefully reading it should inform the recipient that it isn’t legitimate.  That and the facts that it came from root@localhost.localdomain and a mouse-over of the link points to a subdomain (media) and file (aaa.html) at the domain alernness.com.  Does any of that sound like AmericanExpress.com to you?

But the real pleasure comes from reading the message…. “Because of the unusual number of invalid login attempts on you account, we had to believe that, their might be some security problem on you account.”  Some of this phish makes no sense at all.  English is clearly not the scammer’s primary language.  Lucky for us.

We continued to see Paypal phishing scams such as this one sent from dssd@shelby.websitewelcome.com.  “Your Account has been limited !”  Don’t be fooled by seeing a secure link (https).  Websitewelcome.com has been hacked and is being misused.  This email didn’t come from Paypal.com and “Update Now” doesn’t lead back to Paypal.com.

Just delete.

Your Money: Affordable Printer Ink, Cheap PC and Mac Software, and Your Medicare Application

Doug went to Staples today to buy a set of small color cartridges for his printer.  And he means small!  The price… $61!  Three sets of these exceeds the cost of the printer!  Even Amazon offered only a $2 savings.  So imagine our excitement when we got the email below.  A summer sale at 1ink.com! (Technically summer doesn’t end until the September 21 so we’re good with that.)  Save up to 85% PLUS a coupon to take another 10% off!  OMG!  It almost sounds like they’ll pay us to take the ink!

But before you click that link for 1ink, look at the sender’s email and the domain revealed by a mouse-over of “Shop Now.”  The email comes from 1inkoffer@prntrgud.eu  and the links point to the domain prntrgud.eu (.eu = European Union)  A Google search for the domain prntrgud.eu only turns up two strange posts at the classified ad site called quikr.com in India.  Google can’t find the inky website itself.  Of course the domain prntrgud.eu was registered the day this scam was sent.  Sound like a sale you want to take advantage of?

Delete!

Besides spending too much on ink, we’re are also aghast at the cost of software.  That’s why this next email with subject line “Cheap PC and MAC software” put a smile on our faces.  “70-90% Discounts from retail price!!!”  But then we noticed that the link in the email is for a URL shortening service in Russia called 6url.ru.  Hmmmmmm….. This made us very suspicious.

We used the service Unshorten.it to show us that the shortened URL points to a Software store called SoftShopTop.com, hosted in the UK.  However, what really caught our eye was the small pink-ish box of information provided by Unshorten.it.  Apparently SoftShopTop.com has a bad reputation….

 

We have identified “Free Bird Research” many times as a bogus company name used to suggest some legitimacy to an email. Don’t believe it.  Anyone can say anything online.  This next email is as phony as a $3 bill.  The link connected to “Get a Quote Now” for a Medicare application points to the domain lifeenjy.bid (as in “life enjoy?” )  A search on Google for this domain turns up a variety of fake spammy emails of different types, several of which are found at fake-email.com.  The domain was registered on the day the email was sent through a proxy service in Panama.  And the website title, like many malicious emails sent from the same criminal gang, is YouTube.

Just delete.

TOP STORY: HELP! Call the Police! Dial 911! It’s a Bomb!

Everyone is talking about them and I hoped it wouldn’t happen to mine. I mean, it seemed so normal. Nothing was wrong with it.  I used it just the other day.  Everything was fine and then…. BAM!  It just blew up in my face and now…. Crap! I’m screwed.  What am I gonna do?  Why can’t anyone help?  The police need to do something about this.  Hell, the Government needs to do something about this.  It’s not just me!  This hurts EVERYONE!

If you think we’re talking about Samsung’s New Note7 smartphone exploding batteries, you’re wrong.  Unless you’ve lived under a rock all this month you know the Samsung batteries having been causing serious fires and explosions and are now the subject of a massive recall from the US Consumer Product Safety Commission. But that is not what we’re talking about.  We’re talking about the tens of thousands of hand grenades that get tossed into our email inboxes daily.  The text bombs that land in our smartphones. The hacked websites that suddenly spring malicious pop-ups on us or install malware into our computers.  Every day millions of Americans are targeted and every day tens of thousands of them feel the pain when these bombs successfully go off.  Let’s look at one small example in some detail…

11-hands-free-money-system-1

This small 2-sentence email seems to be just a pitch to make money. A “First ever hands-free (autopilot) money system.” “Visit the link listed below and we are going to supply you with full guidelines in order to earn a lot of money”  A search for the sender’s domain megabulkmessage833.com turns up many emails being created and sent from the online service called fakemailgenerator.com. And the link in the email is a shortened URL (link) created on bit.ly. We’ve written about the risks of shortened URLs. (Read our article.) As convenient as they can be, shortened URLs are often used by criminals who want to hide where a link sends you. Fortunately, there are unshortening services and Unshorten.it is one of the better ones…

Unshorten.it reveals the bit.ly link will send you to a website in India called binaryoptions3.in.  (.in = India) The French words shown by Unshorten.it come from the web page title and translate to “How I win 12,365.98 Euros in 26 days.”    The email felt kind of spammy to begin with but this now feels pretty scammy.  A search in Google for the domain binaryoptions3.in turns up a couple of links to PhishTank.com, a website devoted to exposing phishing scams.  There’s no way that we’re going to click that bit.ly link in the email but we have one layer left to pull back on this onion.  We asked the Zulu URL Risk Analyzer to have a look at the binaryoptions3.in link in India.  …KABOOM!

Call 911!

 

Our computer screen exploded in red.  100% Malicious.  The destination site binaryoptions3.in contained MANY malicious links.  It was like a bomb went off.  Shrapnel flew everywhere.  Have a look for yourself at what Zulu reported.

The exploding Samsung batteries are clearly a serious problem that could result in injury or even death.  We don’t mean to make light of this consumer nightmare that’s been headlines all over the world.  But that threat is nothing compared to the scale of threats, financial and emotional injury caused every day by the criminal gangs who target millions of Americans (and citizens worldwide).  So go ahead, call the Cyber-Police, the FBI.  Try to contact any law enforcement and you’ll discover a frightening fact that should not be tolerated.  THERE ARE NO POLICE OR LAW ENFORCEMENT YOU CAN TURN TO FOR HELP.  Believe us, we’ve tried reporting Internet crimes to police and FBI and told that there is either nothing they can do, or to submit a complaint online to a form on a web page.  We’ve heard from dozens of victims of scams and malware infections.  No one has been able to get help at catching those responsible.  No one even tries.  There are no police to help us with these cyber-crimes.

We believe the biggest reason why there is no international law enforcement is because ICANNs, which is the only governing body capable of setting rules, regulations, and enforcement for the operation of the Internet, doesn’t care.  Perhaps they are profiting from an Internet system that actually favors the criminals.  And the International community, including the United States, doesn’t have the will to confront ICANN and push for change so that people the world over can use the Internet more safely.  It’s a shame.  So the next time an explosion goes off in your digital life, resulting in financial loss and emotional harm pick up your phone and call your congressional and senate leaders.  COMPLAIN LOUDLY that there are no Cyber-Police to turn to for help.  An online form to voice your complaint is just not good enough.

FOR YOUR SAFETY: News From My Family, Renewed Business License and Booking Confirmation Attached

Speaking of grenades, each of the small emails we routinely cover in this column comes with an explosive device attached.  Malware, software intended to damage you and your computer for someone else’s financial gain.  Here are three.  The first one with the subject line “news from my family” contains a malicious link following “I just wanted to tell you that we are all ok, and we have some good news…”

The next two have the malware attached to the emails as a zip file.  Delete and be happy you dodged yet another bullet….

 

 

 

“Dear [Email name], we have attached the debt payment invoice.”

ON THE LIGHTER SIDE: Helping a Serviceman in Need

We support the men and women serving this country and if it means holding $25 million dollars for one of them, we’ll do it!  Sgt. Stanley assures us the money isn’t stolen.  It must grow on trees in Afghanistan.

 

From:  info@usa.net             Time:  2016-09-15 04:27:39

I am Sgt Charles Stanley of the US Army base in Afghanistan for peace keeping I found your contact detail in a address journal am seeking your assistance to evacuate the sum of $25,000,000.00 to you as long as you assured me that it will be safe in your care until I complete my service here in Afghanistan. This is not stolen money and there are no dangers involved. I count on your understanding. If you can help reply now.

 

Until next week, surf safely.