Please support our effort by making a small donation. Thank you!

x

April 22, 2015

THE WEEK IN REVIEW

It was a typical week in scamville. Scintillating subject lines were probably easy prey for the overly curious…

Sex offender alert!

Recent data breach exposed your info

Shark Tank product grows hair in 3 days!

View your Experian credit score

You’ve been hired

Luggage waiting for whom it may concern

Business proposal…etc.

But mixed in with the usual scam and spam continue to be malicious emails sent from real people’s hacked accounts. The subject line always says “from:” followed by a name. And the name is always known by the person receiving this scam even though the email itself comes from a stranger’s email address. Like these…

1-From hell again

 

 

 

 

 

In every case the email contains a malicious link and almost always with the same unimaginative lines “Hi! How are you? News from Oprah (followed by a malicious link) She says it works!” And then it is signed by the person known to the recipient.

2-News from Oprah

 

 

We’ve called this scam “From Hell” and wrote a feature article about it last year. April is the one year anniversary of this type of scam and it is still going strong. Don’t let your curiosity get the better of you. If you see a friend’s name in the subject line, let them know that their email account has been hacked and to change his or her password and inform the folks on their contact list to watch out for strange emails with his or her name on them.

 

 

 

 

Phish NETS: Dear Amazon Shopper

Would the email below entice you to click the link to collect $100 toward your Amazon account? We’re guessing that you’ll have to enter your Amazon credentials in order to get this worthless coupon. Once you hand over your credentials to these scammers, expect to kiss your account goodbye while the bad guys have a party on your dime.

By the way, the domain “seeallyour-newonlinespecials.us” was registered the day this scam email was released by a company called “UpTimeWebHosting.” The email on file with WHOIS is uptimehosting@outlook.com. The website was registered through Enom.com, a domain leasing service. We have seen this email address and business name associated with many other scam domains. Also the domain leasing service Enom.com, though seemingly legitimate, appears to be a favorite leasing service used by lots of scammers to register hundreds of scam domains. We think folks at Enom.com would have to be as stupid as sticks to be unaware of the incredible misuse of their services. And how does a domain registrant get away with registering a domain without any of their information getting verified? Check out the WHOIS for this domain.  We conducted a search for UpTimeWebHosting and found that it doesn’t exist on the Internet. And we only find their outlook.com email address associated with other shady website names.

3-100 off your Amazon bill

 

 

 

 

 

 

 

 

 

 

YOUR MONEY: Reality… Check Please?

Condition your dog, Southwest Air voucher & your life insurance. We are always impressed by the remarkably ordinary subjects selected by the scammers to try to engineer potential victims into clicking a malicious link. We’re dog people too and this got our attention, A “humane way to condition your dog.” Of course there is a real product called “Pet Command” but this ain’t it! A mouse-over of the link revealed that it points to the domain “oxinte.ninja.” Dot-Ninja? Really? What idiot makes this stuff up? Oh yeah. ICANNs does. Remember that ICANNs is the governing body for Internet names and numbers. TDS thinks ICANNs needs a reality check. They do little to protect Internet users yet create conditions making it exceptionally easy for scammers to target all of us.

4-Humane way to condition your dog

 

 

 

 

 

 

 

And how about this email offering you $100 towards a flight on Southwest Airlines? We’ve seen these too many times before. It was sent from the email address YourAirlineBonus@fly.yourbest-newairlinepointshere.us. This stuff is as phony as a $3 bill. Just delete.

5-Southwest Airline Voucher

 

 

 

 

 

 

 

And finally in this week’s “Your Money” column, check out this email about YOUR life insurance payment. Did you know it’s been lowered? We hope you’ll notice how remarkably similar this email is to the Southwest Airlines scam above. We are certain that these, and hundreds of others, were created by the same criminal gang using a template to push out their malicious content.

Delete. Delete. Delete!

6-Your life Insurance monthly payment

 

 

 

 

 

 

 

 

 

 

 

 

TOP STORY: Scam or Spam?

TDS knows of a school that has been targeted for months by several companies pushing fund-raising services and their email behavior is extremely questionable. The companies use the same formula emails. Scam or Spam? You decide…

All the emails contain similar language such as this…

Fund Raising Coordinator

I have been trying to follow up on the information I sent over regarding your next fund raiser. If you could provide me with a phone number or email address for the coordinator I would be grateful.

Have a wonderful day!

Sarah Hilbrandt

Aspire Fund Raising

www.aspirefr.com

8hundred-969-1255 extension 129

And this….

Fund Raising Coordinator

I work for the Elementary School Team at Midland Fund Raising, and I am hoping you could tell me who I need to chat with you about your school’s fundraising needs.

Midland Fund Raising has a variety of great programs that are achieving consistent results for the schools that we work with and I know we can help you. Below are just a few of the excellent and effective programs that I think will likely best work for you below:

*90% Profit Value Cards

*Jack Links Beef Snacks

*JOY for all seasons – Our Fall catalog featuring over 200 wrapping papers, candies and gifts

*Heavenly Delights – Exclusively ours! Non perishable food items, kitchen gadgets & MORE!

*Frozen Food–Pre-portioned and Home Delivery Cookie Dough, Full Line Food

*Colorful Spring – Spring Catalog including gifts, candies, wrap and flower bulbs

*100% ECO Friendly – Environmentally friendly cleaners, Organic food items & MORE!

*Spring & Fall flower bulbs

*Magazines

*Candy Bars & Lollipops

*And More!

If you could provide me with their contact number or even email I would appreciate it. Thank you and have a wonderful day!

Mysti

National Accounts Specialist

Midland

www.midlandfundraising.com

8hundred-624-3050 ext. 149

Here’s a screenshot of the various email addresses and domains pushing these emails:

7-Fundraising

 

 

 

 

 

 

 

Every single one of the five domains listed in the list of emails above (effectivefr.com, inventivefr.com, choicefr.com, accessiblefr.com, qualifiedfr.com and skilledfr.com) was registered through Enom.com and the ownership of these domains is hidden behind a WHOIS Privacy Protection Service.   Here is one WHOIS example. When we visit each of these websites, we find a webserver default page showing that the website owner hasn’t yet created the website they have paid for since last year, such as this screenshot from accessiblefr.com:

8-accessiblefr website

 

 

 

Using Google to search for these websites shows nothing at all. Now things get interesting… If you search for “Aspire Fund Raising” you find a legitimate fund raising company at the domain AspireFundRaising.com (NOT aspirefr.com). If you search for “Midland Fund Raising” you also find a legitimate fund raising company at the domain MidlandFundRaising.com. You don’t find any of the questionable domains from the list above. A WHOIS look up of these legitimate companies shows that Aspire owns Midland and they are located in Michigan.

So… Scams or spam? What did you decide about these emails and the companies they claim to represent? Yeah, us too.

Delete, delete, delete!

FOR YOUR SAFETY: EZ Pass scam carries malicious payload

We have written articles in the past about scammers targeting EZ Pass users with all kinds of social engineering tricks meant to infect computers or phish for credit card information. Read our feature article from last fall “EZ Pass Scam Alert!”  This past week we saw a slightly different type of EZ Pass scam email. Check it out…

9-Unpaid EZ pass bill

 

 

 

 

“Notice to Appear” and “Please service your debt in the shortest possible time.” The sender doesn’t quite know what he wants the recipient to do. One thing is certain though. That attached zip file contains a malware payload resulting in the nastiest of computer infections! Sorry Elmer Armstrong, you’ll have to do better next time. But we like your name choice! Elmer Armstrong was a member of the old group The Platters!

ON THE LIGHTER SIDE:

We’ve written a lot about “vanity scams” in the past but that doesn’t stop us from beaming with pride when we discover that we’ve been elected into both the Worldwide Branding Registry of Distinguished Professionals and Executives and the 2015 edition of Who’s Who! While you check out our article called “Recognizing Vanity Scams” we’ll be toasting with champagne!

10-Youve been chosen for worldwide registry

 

 

 

 

 

 

 

11-Youve been accepted by whos who

 

 

 

 

 

 

Until next week, surf safely!