Please support our effort by making a small donation. Thank you!

x

April 1, 2015

April 15th is fast approaching. Check out our newest feature article “The Tax Scam Cometh! Tax Scams in Tax Season.”  And while you are there, please support our cause by visiting our advertiser’s offers.

 

THE WEEK IN REVIEW

TDS has seen a noticeable increase in the number of emails carrying malicious zip files. A zip file is a compressed file. Most people won’t know what’s inside the compressed file until they open them. On a Windows computer, that is too late. We’ll show you some below. We also saw a reemergence of the Apple phishing emails at the end of last week, such as this one. We have no idea what the KYC statute is but it sure sounds official. Could it be “Kiss Your Computer” goodbye?

1-Apple phish

 

 

Take a look at just a few of the domain names and subject lines the scammers used in this scampaign…

2-Apple phish email list

 

 

 

 

Phish NETS: American Express

American Express is often targeted by criminal gangs for phishing scams meant to capture account information. At first glance these scams look genuine but let’s focus on the details in this one that leads you to believe that you have already updated your email address…

 

 

  1. The email was sent from the domain “americaexpress” NOT americaNexpress.com
  2. The recipient is addressed as “Dear Cardholder” and not by name
  3. The upper right corner is where American Express posts the last 4 digits of your account number, next to “For your security.” No number is provided here.
  4. MOST IMPORTANTLY, a mouse-over of the primary link doesn’t point to americanexpress.com, but instead to a domain called “energytechsupply.com.”

We’ve notified EnergyTechSupply.com about the misuse of their web server. Below is another sample of a recent American Express phishing scam. The website is a gold jeweler in Portugal who’s web server has also been hacked. Judging by the URL (link) to the phishing web page, the phishing scam appears to have been constructed by the same criminal gang that constructed the above sample. We at TDS believe this is one more “bread crumb” that points to a large, well-organized criminal gang who is responsible for carrying out these threats, rather than a rogue individual criminal.   We have so much circumstancial evidence we could stuff a 20-lb turkey with these bread crumbs! Apparently, the hacked site in Portugal has been misused for quite some time. Check out this information from URLquery.net.

4-American Express acct - security concern

 

 

 

 

 

 

 

 

 

YOUR MONEY: Earned credit expires today

We’re not certain that this is a scam but the spammy tactics from FlowerDeliveryExpress.com practically border on harassment and feel like a scam. You decide…

TDS knows a woman who was receiving emails like this one twice a day for weeks and nothing she did could stop them. They are still relentless:

Dear D…,

Your Merchandise Credit of [$51.27] will expire this week if it is not redeemed.

YOUR CODE: W3RRC46

Click on this link for a full selection of flowers:

flowerdeliveryexpress.com/opencart/index.phroute=product/category&path=82_62&coupon=W3RRC46 [LINK MODIFIED] or enter code W3RRC46 to redeem your $51.27 credit.

Use Your Thank You Merchandise Credit and receive free delivery!

Sincerely,

FlowerDeliveryExpress.com

Doesn’t this feel like harassing spam? Notice the continued minor variations in the subject lines. These variations are a spam tactic to try to get around antispam filters.

 

We used Google to do a bit of research on this seemingly-legitimate flower delivery company. Read the many harsh complaints on Yelp about flowerdeliveryexpress.com. (And don’t be misled by the glowing review posted in 2012.) Or check out these posts on TrustPilot.com and ComplaintsList.com

Let the buyer beware!

 

 

 

 

 

TOP STORY: Real or Not. The Art of Deception.

Sadly, it is so remarkably easy to deceive people online and it is often difficult to tell truth from fiction. There are no “Internet Sheriffs” protecting us netizens from fraud and deceipt. (Read our feature article about this point titled My Hacked Website Costs You Money and No One Cares.”) For those of us doing business on the Internet, the risks can be even higher and the deception harder to detect. Here is a simple example…

Once someone has leased a domain (web site name) and registered it with the governing organization called ICANN (Internet Corporation for Assigned Names and Numbers) through their hosting/registering services, he or she will periodically be asked to verify the information provided by the registrant (person registering the domain). Below is an email asking for verification of information about a domain owned by one of us here at The Daily Scam:

The problem here is that a mouse-over of the link “View Contact Data” leads to a domain called “name-services.com.” The link doesn’t lead to ICANN.org or WestHost.com (the hosting service). Using Google to investigate Name-Services.com, we find completely conflicting information about “wdrp.name-services.com.” Some people claim it is a scam trying to trick folks into moving their registered domain from your original registering service to this service “name-services.com,” while others say it is the legitimate service used by ICANNs. And then there is this… Look what Google shows about this domain when we search for it:

 7-Notice regarding your domain name 2

 

“Find Cash Advance, Debt Consolidation and more…” “Free Credit Report” Would you trust this to be the official website in charge of verifying that YOUR information is up-to-date and accurate about your domain? If this truly IS the legitimate website that ICANNs uses to verify domain registration, they do a pretty poor job of making this appear legitimate. Our decision? We’re going to delete this one and hope for the best.

This next example is so creepy and weird. We’ll be honest to say that we weren’t sure whether it was a scam or legitimate when we first saw it. The email came to us from an employee at an independent school in Massachusetts who visited the Kennedy Space Center about two weeks ago, making this email all the more strange and coincidental:\

8-Please join us for this event

 

The email appears to have been sent from the United Sates agency NASA.gov. However, the email server that received it reports that it was sent from somewhere in Zambia. (Red flag number 1) Obviously the email contains an attached zip file which are widely known to be used for malicious purposes (See “For Your Safety”). The email references the Marshall Space Flight Center (MSFC), Mass. State Building Authority (MSBA), and “Fed Biz Ops” which is a database of U.S. federal government contracting opportunities. Also, NAIS is the National Associate of Independent Schools. However, the email doesn’t address the recipient by name. (Red flag number 2) “Fed Biz Ops” is usually abbreviated as “Fed Biz Opps” according to Google, and the whole thing smells like rotten fish. What’s our next step? Google, of course!

We entered the following line from the email into a Google search field: MSFC has posted the upcoming MSBA 27th event.

Guess what we found? Many people across the Internet reporting that emails just like this contain malicious software.

Just delete, delete, delete!


FOR YOUR SAFETY: Shortened URLs and Attached Files

For those unfamiliar with Dropbox, it is a great free service for storing and sharing files in the “cloud.” (For the record, we hate this term. The files are on some company’s server. It isn’t a cloud and it can be hacked like most computers.) But Dropbox is a good service as long as you don’t keep anything sensitive or very personal there. This email, however, is not from Dropbox:

9-DropBox phish to Bit-ly

 

 

 

 

 

It looks like someone named Eberts sent a link to a file they wanted to share. However, a mouse-over of the link shows that it leads to a “shortened URL” from bit.ly. If you are not familiar with shortened URLs, check out our article about them because they can be very risky to click!

We asked the Zulu URL risk analyzer to follow that shortened URL and let us know what it found. It’s response couldn’t be more clear…. The website it leads to is packed with malicious scripts waiting to do damage. Just delete!

10-Dropbox phish zulu 1

 

 

 

11-Dropbox phish zulu 2

 

 

 

We mentioned at the start that TDS has noticed a sharp increase in emails carrying malicious zip files. Here’s another simple example:

 

12-indusmfg email with Attached file

 

 

 

 

 

 

The recipient didn’t know “Lou Ann Davis” or the Indus Precision Manufacturing company. But Lou Ann sure seems to know a lot of folks in the recipient’s organization…

 

13-indusmfg list of emails

 

 

 

 

 

 

 

The attached zip file was malicious of course. Just delete!

ON THE LIGHTER SIDE: Severe Threat Detected and Alzheimers Cured!

On the lighter side this week we had a hard time picking because there were so many great choices. We finally settled on this 60 Minutes piece that could “save your family” and Alzheimers cure for a 97 year old man. Oh, and did we say that we are selling the Brooklyn Bridge and have land for sale in Atlantis? Interested parties can contact us at TheDailyScam.com.

Surf safely!

14-Severe threat issued - government helpless

 

 

 

 

 

 

15-Alzheimers cured by 97 year old