Tis the season to be scammed! TDS began to see scam emails related to Christmas just before Thanksgiving. But what started as a trickle is now a steady stream. Most of these scams seem to target parents by pitching special holiday gifts and ideas for children. But don’t be fooled by the warm holiday colors and images. Each one of the emails below is malicious and was sent with the specfic intent to install malware on your computer. Given the popularity of ransonware lately, it is quite possible that these emails will cause your computer to completely lock up so you can’t open the files. They only way to unlock it, if you do get a ransonware infection, is to pay the criminals as much as $500 - $600 for the decryption key. How’s that for warm, holiday fun?
You better watch out
You better not cry
You better not pout
I'm telling you why
Scamta Claus is coming to town…
Make Christmas Magical for a Special Child says this email from fitness-feed.com. “Enhance Christmas with a personalized letter from Santa!” The email leads you to believe it is from Holiday Printables, Inc in Florida but that is a lie. The domain fitness-feed.com was registered in 2015 to a privacy protection service in Nassau, Bahamas. Google shows the website is listed as a Spanish site called “LaPatilla.com,” “The Pin: News, Information and Research” while the website title describes itself as “tripwire magazine | handpicked goodies for Web Developers and De signers.” Does any of this sound like Holiday Printables?
Make Christmas Magical Agaian! You didn’t misread this. They spelled it Agaian. Once again “Enhance Christmas with a personalized letter from Santa” says the email from orangetop-offers.site. This domain was registered on October 10 through a privacy proxy service in Panama. The email also wants you to believe it came from the real company called Holiday Printables, Inc. But this is also a lie. Did you spot the random text at the bottom of the email meant to help it fool antispam servers? The text begins with “During his annual address to Congress, President James Monroe proclaims a new U.S. foreign policy initiative…”
(Is it just us or does this Jolly old St. Nicholas look a bit scary?)
Custom Santa Letters 30% Off + Free Shipping Today Wow! Are that many parents looking for Santa letters for their children? This is a Santa Express we never want to see. This email came from the address Santas-Workshop@ borrow.finchwp.top. The domain finchwp.top was registered to someone named Heiki Fink from Angolo Vicolo Dell Arco, Italy on the date this email was sent. Oh, and the Zulu URL Risk Analyzer says that there is a 92% chance that the link in this email is malicious. Ho, ho, ho! Oh deer!
Amaze your Child this Christmas Season With a Personalized Package from Santa. 20% Off. Hurry and get 3 valuable bonuses. These are not the holiday memories you want! Sancrut.top was registered on the day the email was sent by a jolly old soul named Mohit from Guna, India. The Zulu URL Risk Analyzer informs us that sancrut.top has been black-listed by serveral services around the world for being naughty, not nice.
Fresh Cut Christmas Trees Delivered Right to YOUR Door! Order today and get a free wreath! A $59.99 Value! Says an email from best.real.christmas.trees-[YOUR EMAIL]@ yespills.com. Liar, liar, pants on fire! Yespills.com? Seriously? A WHOIS lookup of this domain informs us that it has been blocked due to spam. Duh. A search for the domain yespills.com turns up references and links associated with online pill sites selling bogus viagra and cialis drugs. It’s beginning to look a lot like Christmas!
We’re dreaming of a scam-free Christmas! Let them slow, let them slow, let them slow. We hope the criminals who target us get nothing but coal in their stockings. And we hope that the awareness this article raises brings good tidings to all our readers.
Merry Christmas! Happy holidays! And a safe, online experience for all!