April 26, 2017


We can’t believe criminals are still trying to play the “Crooked Hillary’s Secret Revenge” card as a social engineering trick.  But they are.  What’s more interesting is this email from Stonemasonry @ SummitSit.net containing the subject line “The most viewed post ever on Facebook.”  Now, that’s quite a claim!  But if you look closely, the women in the “before” and “after” photos are not the same.  Still, they say that “everyone is stunned by this new video.”  Yeah, whatever….

Now delete.









Sample Scam Subject Lines:

Christina from Flip or Flop: Divorce explodes live

Control your blood pressure by eating this spice

Drive your pup bonkers with the newest treats, toys, and gadgets

FOX: Megyn Kelly bashes network over her firing

Fox News scandal ends Bill O’Reillys carrer

Grow your business trip after trip

MasterCard Invitation

Mom shocks everyone on ABC Network

Numerology Reading…

Rayban sunglasses $24.99

Tesla crazy device cuts electric bills to 0

The shocking statement you won’t see on the news…


Sample Scam Email Addresses

amazingseniorlivingoptions-[YOUR EMAIL] @ teacher0and.top

eharmonypartner @ eharmhonji.top

flyairplanegames @ vitrguiul.top

healthcoveragefinder-[YOUR EMAIL] @ war3contact.top

healthylife @ memaircol.top

heavenly_readings-[YOUR EMAIL] @ indcrown.com

jane.gunderson-[YOUR EMAIL] @ gokellymegynfox.com

military.supply.usa-[YOUR EMAIL] @ dungeonforge.net

newroofingdeals @ freeroof.top

postmaster @ cdoppo.com

radiologic @ nupgoa.us

VehicleProtection @ onekitchen.top

YourNewProvider @ fivekitchen.top






Phish NETS:  Netflix, Live.com, and Facebook

This email from noreply.net2.com looks very official, beginning with the subject line “Your Netflix Membership has been suspended [#2387632]”  “We recently failed to validate your payment information…”  A mouse-over of the link “Click here to verify your account” reveals the scam as it points to the domain userdirectionunlock-dot-com.  We visited the website in the link and confirmed the phish.  They want you to log into a Netflix look-alike and steal your credentials. (see below)  Maybe they need to binge watch “Pretty Little Liars?





We continue to see phishing scams disguised as Outlook or Live.com friend requests such as this one sent from littlemouse1 @ fsmail.net.  We asked VirusTotal.com to check on the link in this invitation from Wilber and the threat could not be any more clear.  The site you are directed to has been identified as a malware site.



Oh yes, and we still see phony Facebook friend requests.  Can you tell what country this one came from?  These phony friend requests have never gone away.  We just got sick and tired of reporting about them.  Oh well.



YOUR MONEY:  Brain Training For Your Dog, Platinum Visa Card, and Save on Auto Repairs

Many dogs could surely benefit from some training.  Lots of people could too!  But this email sent from dogtrainingtricks @ bratgfordogs.top is pure BS.  The domain bratgfordogs.top was registered on the day the email was sent by our newly-found friend named Dev Thakur from Chandighar, India.  You might notice that this malicous email also has the Kinzar Ave, Danville, VA address at the bottom of it, just like the bogus Hillary email at the top of this week’s newsletter.

What of that a-d-o-r-a-b-l-e picture of the toddler and dog?  According to TinEye.com, the photo can be traced back to May, 2012 (at least) when it was found as a stock image on GettyImages.com.  It has been spotted on more than 100 websites since then.


“You have been approved for a Platinum Visa Card” “See if you Pre-Qualify now.  It takes less than a minute.”  That minute will cost you days of pain!  The links point back to the strange domain war9shoot-dot-top.  That domain was registered by someone identified as “jared smith” the day before the email was sent and is being hosted in Hessen, Germany.  Jared claims to be from an organization called “fjidwal.”  Does any of this sound the least bit legitimate or related to Credit One Bank?



“Save thouands on auto repairs” says this email from autoprotection @ cartranty.top.  We don’t have to go far to know this is a mucho scam-o-la.  Look at the “opt out” address at the bottom of the email.  Dev Thakur must not be lurking far….





TOP STORY: Spim Texts

We at TDS strongly believe that you should never answer a phone if you don’t recognize the number or the number has no caller ID.  Let your voice mailbox get the call instead and then you can evaluate afterwards if it is a call you want to return. We also feel this strongly about random text messages!  These unsolicited texts are called spim, rather than spam. We’ve informally asked small groups of people with smartphones if they have ever received random texts from phone numbers or people they don’t know.  Our unscientific survey shows at least 80% say yes.  And this spim certainly targets our phones.

Most spim asks you to click a link, hire their services and/or donate money to a cause.  Take this one saying “Final 1 hr Left to Activate your 70% Off Custom Animated Video Deal.”  The recipient is asked to click a link for the website 29designx-dot-us.


Our first tool to evaluate authenticity is a WHOIS like this one at DomainTools.com A look up of the domain in this text shows us that it was registered a couple of weeks earlier on April 5 to someone named “Mildrid Smith” who listed an address in Boston but put Boston in the United Kingdom along with a UK phone number.


A search on Google for this business turns up absolutely nothing, except the website itself, but no information is provided in the description…




The Zulu URL Risk Analyzer gives their website a score of 35 (not harmful or suspicious) BUT it identifies that the webserver is hosted in South Africa.

If you were interested in these services and deciding whether or not to contact them, you have little more than a gut feeling whether or not they are to be trusted with your credit card information and doing the work you expect.  Our choice is clear.  The spimmy text, the scattered countries (U.S., U.K., South Africa), and the lack of verifiable information or long history about this business makes our choice very clear….  Delete!

Here’s another recent spim that, oddly enough, appears very similar to the one we received above.  201-431-4175.  “Professional Custom Logo – 3 Logo Concepts….” Etc.  To activate their special offer we’re asked to click a link to the domain designtrojans-dot-com.  The number seems to originate in New Jersey but that’s all we know about it…


The domain provided is designtrojans-dot-com.  A look up of this domain using a WHOIS shows us that it was registered a few weeks earlier on March 15 through a privacy protection service in Australia.

Google doesn’t show much information about this company either but we do find an offer on the top page of their website…


Do any of our readers feel like this website seems very similar in design to the website for the first random text above?  (Cue music for Twilight Zone)

The Zulu URL Risk Analyzer scores this second website as a 6/100, meaning harmless.  DesignTrojans only has 1 complaint against them on the RippoffReport.com by someone claiming the company tries to steal your credit card info but the person who posted this offers no proof or support of that claim.

It’s hard to determine much more about this website’s reputation without contacting them.  But would you want to do that given the little information about them?  Anyone can hang a shingle on the Internet and claim anything they want, but that doesn’t make it true?  As we often say, given how easy it is to deceive others, it is important to be skeptical.

Here’s an interesting article on DomainNameWire.com about out-of-control spim and robocalls. [February 16, 2017]


FOR YOUR SAFETY:  Look Over My Resume, Fraudulent Charge, Good Memories, and Delta Airline Order Confirmed

“How do you do?” says an email sent from Germany (.de = 2-letter country code for Deutschland).  “I’m currently looking for employment either full time or as a intern to get experience in the field. Please look over my Resume and let me know what you think.”  Would you have opened this?  One of our readers did and when Word launched, the person was asked to allow “macros to run.”  Fortunately, she got suspicious and said cancel.  We asked VirusTotal.com to look over that attached resume and the response was overwhelmingly bad.  The document contained Word Trojan malware.






About 12 people from the same organization were recently targeted by this malicious email.  “I just found a $194.07 charge on my credit card originating from [organization name].  I never ordered anything from you so what is happening?”  This is a pretty slick piece of social engineering if sent to the right people.  However a mouse-over of the link for the Word document shows that it actually leads to a malware website in Russia.



Good memories says an email from a friend at Yahoo.  Except that your friend’s account was hacked and he or she didn’t send the message.  Come on, it is Yahoo after all, where millions of accounts have been hacked in the last few years.  The link is malicious.

Now delete.


How about this slick notification from Delta Airlines about a ticket purchase?  But the from address was spoofed!  A mouse-over reveals that the link points to an odd website called thecolonysleepdentist-dot-com.


ON THE LIGHTER SIDE: I Have Cancer, I Was Attacked and Robbed Too. Help!

Usually our friends are “robbed in London” but this email from an acquaintance up’s the anty quite a bit!  Poor Karen…. And all of it happened while on a quick trip to Aklan, Philippines.  We wonder if we ask Karen, via email, how many children she has and what her age is that she’ll be able to give us the correct answer?

I hope this finds you well.

I’m hoping you get this on time as i’m writing with a troubled heart i knew it was a long shot- should have thought of all this sooner,but i couldn’t inform everyone i’ve been diagnosed with advanced liver cancer i’m trying to sort it out and digest this very bad news as i didn’t have any symptoms until the cancer advanced a lot has happened this past few months with having my Chemo.I have been going through a lot with this so i decided just go somewhere to get away from this hard times because am doing my best to breathe and live another day whether I have the will or not i’m in Aklan, Philippines everything was fine until on my way back to the hotel i was attacked and robbed all cash, credit card and mobile phones were stolen.

They had a knife poking my neck for two minutes i was scared and felt the deepest fear i’ve never felt before, I took precautions to ensure my safety and i’m working with the local authorities providing details for investigation the process might take days due to some paper works, i’ve also made contact with my bank it would take 3-5 working days to process funds into my account which i can’t access from here, the bad news is my flight will be leaving very soon but I am having problems settling the hotel bills. I need your help/LOAN financially, I am sorry if i got you at the wrong time but could you please loan me  I’ll appreciate whatsoever you can give if you can’t help with all and I promise to make the refund once I get back home safely.

Please let me know if you can help me out i will appreciate your help in getting back home safely and i need you to keep checking your email as it’s the only way i can reach you.


Until next week, surf safely!