Please support our effort by making a small donation. Thank you!


April 15, 2015


We started to create our usual laundry list of subject lines such as these scams…

The best place to sell your timeshare

Never lose anything again

Homeland Security specialization

Walgreen’s Spring eCertificate #696125055 ends now

You can lower your house payment today

Protect and beautify your garage floor

Become a Teacher Online

Term life policy

Big pharmaceutical companies hate this message


…but then we decided to summarize the week with three simple examples. A large percentage of the scams we see can be described as either innocent-looking advertisements/solicitations, or sensational emails designed to pull at your emotions or curiosity, or celebrity scams. Enjoy…



1-Lavendar garden plants

Sensationalism: (and Celebrity)

2-Prevent death


3-Shark Tank













Phish NETS: I have a crush on you!

We’re quite shocked to report that we saw no phishing scams the entire week. None. This is the first time this has happened to us since we started our newsletter more than eight months ago! So, instead of exposing a phishing scam we’ll use this week’s column to share the love…. “I hope you feel the same about me!” This lovely email came from the domain “” (This domain was registered on the day the email was sent.) How sweet. Oh, and our secret admirer shared a “little naughty video” with our name written on her (his?) cute belly!

4-I hope you feel the same about me

By the way, we were curious about the final greeting “Muahz!” Both Urban Dictionary and confirmed that it is slang for “Kisses.” Awwwww. We resisted the urge to click the link anyway (It was really hard for us!) and instead asked the Zulu URL Risk Analyzer what it thought about the link. Can you guess? This “.us” website contains a redirect to a website identified as malicious…. “” Now that’s funny!

5-I hope you feel the same zulu score


YOUR MONEY: Scam look-alike emails

Many scams targeting our inboxes are disguised to look like solicitations, deals or ads for legitimate well-known businesses. This is just one of the reasons why we repeatedly say how important it is to mouse-over links before clicking to see where they lead to.


Visit our video and article about mouse-over skills:

Mouse-over skills (article)

Mouse-over skills explained (video)

However, mousing-over a link while using a smartphone or iPad is a greater challenge. Read our article on iDevice mouse-over skills!


Check out these recent well-disguised scams made to look like emails from a New York Times subscription service, and Touchfire, the manufacturer of an excellent iPad keyboard. In each case, look at what the mouse-over revealed in the lower left corner of window.

6-NY Times special offer








7-Direct TV Switch and Save








8-Attention iPad owners













TOP STORY: Student Loan and Scholarship Scams

One thing we can say with certainty is that the major criminal gangs preying upon people across the Internet are not stupid. One small example of this is the sudden appearance of student loan scams that appear faster in March and April than snowmelt or daffodils. April happens to be the month when the largest number of students receive their acceptance (and rejection) letters from colleges and independent schools across the United States. The next step for parents is to figure out how to pay for the cost. That’s why email servers see junk like this in the spring…

9-Scholarship Scams





Did you notice that one service sticks out amongst this small sampling? Let’s take a closer look at  According to, was registered about two and one-half months ago and the website ownership is being hidden behind a proxy service. Other than this, we can’t find much of anything about this website or service. Does this sound trustworthy to you?


How about this one from “” When we search Google for the telephone number listed, we find multiple instances of this email posted as comment spam around the Internet but nothing much else. What is also very peculiar about the emails/comment spam is that they are identical to our example eamil EXCEPT the last line which states “Unsubscribe immediately…” Each post we find lists a different website from which to unsubscribe. (Here’s one of many examples we found: ) Very strange. Sound trustworthy to you? I think we’ll pass…

10-Student loan program





FOR YOUR SAFETY: Computer Virus Warning Targets Apple Computer Owners

One of our readers was cruising the web and was suddenly hit with the Apple computer equivalent of the “Microsoft Tech Support” scam. We posted an article by Mr. Woody Leonhard from the fine newsletter “Windows Secrets” earlier this year about the Microsoft Tech Support scam. Check out this photo of Safari from our reader’s laptop. It’s a picture of a webpage and popup: Computer Virus Warning! Action required. Apple detected security error…

11-Fake Apple virus in Safari







It turns out that the reader hit an infected website that contained a forwarding script. The script sent his Safari web browser to “” (.in is the 2-letter country code for India.) If you search Google for “” you’ll see that Google shows that the website is set up so that every visitor receives a “computer virus” warning:

12-rremail virus site in Google




One of the things that helps this scare tactic seem convincing is that the website itself is clean. We asked both the Zulu URL Risk Analyzer and to check out the site and both services reported the site as clean and free of malicious software. But the website is not where the actual risk can be found. Notice that the visitor is told to call “Apple Certified Live Technicians” at 844-291-9491 because of the suspicious files found on his computer. This is definitely NOT Apple Computer! Look what others say about this on the Apple discussion boards.


We did some digging into that phone number 844-291-9491 and found it listed on a Russian telecom website. As best as we can tell using Google translator, we think this telephone number leads to a phone in Rod city of the Volgogrod region of Russia. Sound like Apple computer to you? Scams like this were discussed on the website, along with a post from a “shill” trying to say that the phone number and Apple service was legitimate. It was quite a discussion to read!


There are two other emails we wanted to share with you this week in “For Your Safety.” Both seem so innocently simple but both carry a deadly payload of malware. Notice that neither contains any personal information to identify the recipient or business or account number. In fact, they contain no personal information whatsoever but some people do fall for this stuff and click out of curiosity. “I don’t remember buying anything from Vista Print?” (Want to become a pro at recognizing and understanding risky files? Check out our article titled “Filenames will set you free!” in our Supersleuth Series.

13-VistaPrint invoice



14-You received a new fax






Recently we received this variation of an advance-fee scam but unlike any of the hundreds we’ve seen in the past, this one was different! Instead of the usual email content, this scam came with an attached jpg certificate.

15-Compliments - lucky winner





After checking with multiple services and applications that the attached file called “Compliments.jpg” didn’t contain any hidden malware, we opened it.   It’s our winning certificate!! We’ve never seen this before either! It must be legitimate and we’re the winners! Our money is coming from “some group of multi-national companies.” We’re going to contact Mr. Ratu straight away. Did you notice that Mr. Ratu’s email address is located in “.za?” Zambia. Well at least it isnt’ from Nigeria!

Yay, baby! Cancun, here we come!!










Surf safely!