Please support our effort by making a small donation. Thank you!

x

April 28, 2015

THE WEEK IN REVIEW

Oh, the scams we’ve seen! What a crazy week. Check out some of the subject lines reported. The variety boggles the mind…

#1 Most Dangerous LIE in Basketball

Obamas 2nd term in jeopardy over this

Upgrade roof window package attached

Introducing Applepay – Only 1.59% per swipe!

Get your complimentary Applepay equipment today

Burn FAT quicker without DIET or EXERCISE!

Urgent: Banned Cloths off (Miranda Lambert) exposed at ACM

Visibly reduce wrinkles with Christie’s Skincare!

Don’t let depression get the best of you

Is your timeshare available? I’ll buy it today

Your mailbox is almost full

New Credit Monitoring Alert

Become a Certified electrician

Never lose your stuff again

39 Positions remain up to $378/Day

Diabetes Does not exist says Sanjay Gupta

2015 Back pain product of the year

Your Education Loan Information

[Secret revealed] arctic-glacier eliminates wrinkles forever

Reverse 20 years of wrinkles in minutes

New Expandable garden hose that never tangles

We’ve got hundreds more. Check out a group of scam emails that arrived in one email server over a few hours:

1-Weekly subjects lines

 

 

If you don’t get our free weekly newsletter and want to read about the latest scams, sign up here!

 

 

 

 

Phish NETS: Fake Pinterest + Apple websites

This is something new and interesting to TDS…. A phishing scam targeting Pinterest users. Check out the email below and look very carefully at the web site domain listed in the link: pliinterest.com

The emails says that it is from Pinterest and asks the user to “unlock your Pinterest account please follow the link below and confirm your Pinterest account details.” But pliinterest.com is NOT Pinterest.com!

2-Pinterest account has been suspended

We actually tried to visit the phishing scam site in the link but our Sophos anti-spyware protection stopped us:

3-Pinterest-look-alike blocked

 

 The Zulu URL Online Risk Analyzer also identified this phishing site as malicious. Notice in the next screenshot that a visit to the original malicious link in the email above leads to a redirect to a fake Pinterest login page. We’re certain that when you log into your Pinterest account through this phony-baloney site you can kiss your personal information goodbye. And do any of you use the same password for financial accounts that you use for your social media accounts like Pinterest? If you do, you can kiss those $$ goodbye too!

4-Pinterest phish zulu score

 

The scammers have just started a new Apple ID phishing campaign again! These started pouring into one email server on April 25:

5-Apple phishing domains

These fake Apple ID emails look very genuine. However, there is no such thing as “Know your Customer (KYC)” legislation from Apple. Apple computer will never delete your account within two days if you don’t login. It’s simply nonsense.

Look carefully at the mouse-over of the link for “Review your iTunes Profile.” It leads to “appleservicelocked.co.uk,” not apple.com.

6-Apple phish sample

 

 

A WHOIS lookup of these Apple phishing scams reveals that they were all registered through Crazy Domains and registered to a “David Lunn” in Birmingham, Great Britain.

http://whois.domaintools.com/appleserviceslock.com

http://whois.domaintools.com/appleupdates.co.uk

http://whois.domaintools.com/appleservicelocked.co.uk

http://whois.domaintools.com/apple-lock.co.uk

Clicking the link will bring you to a website that looks exactly like the “Verify your Apple ID” website:

7-Apple Phish website

 

 

 

NASTY FOOTNOTE to the Apple phishing scam: As additional proof of how nasty the criminals are that have created this set of scams, look what happened to us when we entered a fake email address and password on the phishing page instead of the email address the form was expecting… The website actually recognized that we weren’t acting as it had instructed and the form automatically directed our web browser to Google with a hidden redirect and forced a search for child pornography!

8-Apple Phish leads to child porn request

 

 

 

 

 

YOUR MONEY: Scam Calls to your Smartphone

Have you ever received a phone call from an out-of-state number that you didn’t recognize? Followed by the doubt and debate in your mind… Should I? Is this really gonna be a legitimate call? You answer and… another scam, survey or marketing junk call. This week’s YOUR MONEY column is all about the junk calls that target our phones.

Last week one of our Massachusetts readers contacted us to say that he was getting frequent phone calls from a very unusual number 617-000-0000. He said a man’s voice leaves a message stating that he is from the Massachusetts State’s Attorneys Office, Civil Rights Division. He asked us if we thought the call was legitimate since he’s not expecting anything from that office. Our response? Extremely unlikely given the confusion we find online about this telephone number…

We looked online for 617-000-0000 and found some interesting information. First was this list of callers who reported between 2009 and 2014 about this number. Some said it was legitimate and some said it wasn’t. Check it out.

Then we found the number listed as the phone and fax for the India Society of Worcester in Shrewsbury, MA

And the number is also listed as the FAX line at the Office of Labor-Management Standards in the JFK Federal Building on 25 New Sudbury Street in Boston, MA. Check out the bottom of this web page.

Very confusing! Who knows what to think about that telephone number. However, we know exactly what to think about these numbers. They are extremely UNAMBIGUOUS! Check out what folks are saying about calls from these scammers. Most are credit card scams.

609-279-0220

830-540-5245

270-369-5465

Our advice? Be wary of calls from numbers you don’t recognize. It is as easy to decieve others through a phone call as it is through the Internet. Also, today’s technology enables callers to spoof the number that shows up on your caller-ID (why is this legal??) The caller can be in India or Russia and look like he comes from Indiana. If you get a questionable call, let them leave a message while you visit 800Notes.com and look up their number to see what others may be saying about it.

Listen to IRS and U.S. Treasury phone scams captured on audio:

http://www.thedailyscam.com/irs-phone-call-scam/

http://www.thedailyscam.com/enforcement-action-from-u-s-treasury-agent/

Other resources:

http://www.consumer.ftc.gov/articles/0076-phone-scams

http://www.htrnews.com/story/news/local/2015/04/24/scammers-call-pretending-sheriffs-office/26326193/

http://www.microsoft.com/security/online-privacy/avoid-phone-scams.aspx

 

 

 

 

TOP STORY: Spam Tactics from CoTap, Flipmailer and EducatorsMortgage

Though technically these may not be scams, the deceptive marketing practices of these companies are so sleazy that we consider them like scams. And sadly, many companies use these shady tactics to get your attention. Take the first email below from Cotap.com…

Cotap says they are a secure texting app (We have our doubts anytime anyone makes the claim to be “secure.” Didn’t you believe your photos and data were private and secure in Snapchat, HomeDepot, Target and Apple? Yeah, and we were all proven wrong.) Cotap sent an email to one of our readers claiming that “you’ve been added as a contact on Cotap.” Cotap stated that a directory was set up for their organization. The recipient was asked to “Get Started” and enter their information at Cotap as a part of the organization’s directory. This was a complete lie. The organization never set up anything in Cotap and used this deceptive tactic to generate users. Shame on them! We would never give Cotap our personal information or use their software with tactics like this. Look at the reviews written about this software at the bottom of this web page at AppTweak.com.

9-Cotap -youve been added to directory

And then there is Flipmailer.com. This company sends out emails leading the recipient to believe that a friend has invited him or her to join the Flipmailer service. (Whatever the heck that is.) What the recipient doesn’t know is that this malware tricks people into accepting it and then hijacks the recipients address book, sending out email invites in the recipient’s name. Flipmailer has been at this for some time in the guise of other companies…. Flip, Flipora, and Fliporamail. Flipmailer’s scammy tactics were written about extensively in February, 2014 in this Blogspot article.

10-Flipmailer invite-confirm your friendship

 

And in case you have any doubts about this assessment, check out these links that call Flipmailer (and it’s other company names) untrustworthy at best and malware at worst:

http://emmanuelcontreras.com/content/how-remove-fliporainfoaxenet-spam-extension

http://www.scamadviser.com/is-fliporamail.com-a-fake-site.html

WOT is “Web of Trust” rating service…

11-Flipmailer reputation

 

 

Our next spamming company is a Mortgage company called EducatorsMortgage.net (also called EduPrograms.org). Since February they have sent dozens of emails to employees at a school, including people who haven’t worked at the school for years! Each email from EducatorsMortgage.net says that the recipient was subscribed to their email service. Not true. No one from the school willingly subscribed! EduPrograms.org is not accredited with the Better Business Bureau in Oak Brook, Illinois where they are located. Also Project HoneyPot has identified these emails as spam too.  So has MyWOT.com (Web of Trust)  Check out one of their spam emails…

12-Partners in education-low mortgage

 

Delete. Delete. Delete!

Look at the repeated spam tactics from the EducatorsMortgage.net. Would you want to do business with them and trust them with your very personal information?

13-Partners in Education emails

 

 

FOR YOUR SAFETY: Malicious attachments: zip files, cab files and Word documents

We are seeing an increasing number of random small emails that seem to be misdirected. Each contains an attached file and those attached files contain dangerous malware. Even the Word document is infected with a virus. You all know the expression “curiosity killed the cat?” Don’t be that cat!

Sports Factory – cab file

Sports Factory – cab file

Shipment status change for package due to “invalid postal code”

Shipment status change for package due to “invalid postal code”

New voice message in mailbox – sound file attached

New voice message in mailbox – sound file attached

Annual report sent to you from CDC Consulting

Annual report sent to you from CDC Consulting

Good afternoon from Barfleur FRANCE

Good afternoon from Barfleur FRANCE

Got a mail from you, my answer in the attachment

Got a mail from you, my answer in the attachment

 

 

 

 

 

 

 

 

 

ON THE LIGHTER SIDE:

Unless you’ve been living in a box the last year you no doubt have heard a lot about the increasing legalization, or debate about legalization, of medical marijuana. Many states are re-evaluating their marijuana laws. And so it comes as no surprise that the scammers would hop on this moving train as a means to get you to click on links to malicious websites. Check out the list of cannabis related emails below during the last three weeks to one email server! “Miracle Smoke” “Cannabis Oil” “Legal breakthrough” “Liquid money?” Hmmmm…. We wonder if we can buy some of this wholesale….

20-Cannabis scam emails

 

 

 

 

 

 

 

 

 

Until next week, surf safely!