Please support our effort by making a small donation. Thank you!


April 8, 2015


The remarkable variety of subject lines in scam emails always amazes us. While we are reasonably certain that most of the email scams targeting Americans are generated from one or two criminal gangs in Eastern Europe and Russia, we often wonder if these gangs hire Americans for their guidance with scam topics and language skills. Judge for yourself. Check out this small sampling of subject lines from scam emails we saw during the past week.

Never pay for roof repairs again

Protect and beautify your garage floor

Install a walk-in bath

Time magazine called this ipad product ingenious

Find the right Alcohol Rehab Center

How good is your 2014 score

Wondering what your score is?

Learn the Truth about looking younger

Anyone with bad eyesight needs to use these eye drops

Exciting legal breakthrough in Cannabis oil

11 Studies PROVING Saturated Fats and Salt are healthy

28 Day Meal Plan for Diabetics

Mom makes $7k a month from home

Its the ink and toner super sale

Buy peace of mind – Buy burial life insurance

Shop Wireless Home Monitoring Cameras

Simple solution to Hard boiled eggs

Quickly and simply train your dog

Equifax and Experian scores are delivered instantly

This Amazing Artist is revealing some big secrets

Are you being cheated on?

Online Registered Nurse degrees – no enrolling

You now have $151 in Walmart Rewards

Say goodbye to your old fashioned garden hose

Get low auto insurance rates today

Reduce your stress and feel more relaxed

#1 Trick to prevent heart attacks

Get your Amazon gift card now

Pedophile Alert, Free Offender Search today only

Does typing on your ipad frustrate you

TDS strongly recommends that you never respond to randomly received emails, no matter how interested you might be in the topic or how legitimate they may seem. Here are two examples from the past week.


1-Reverse mortgage plans for seniors

2-Flight simulator -excellent game











Phish NETS:

This past week we saw a phishing email targeting American Express account holders that was very poorly crafted on the one hand, but carrying a very sophisticated and dangerous file on the other hand. Check out the email below. It seems to come from two different email addresses but neither is “” Keep in mind that an email from address with “American Express” before the @ symbol means nothing. Any child can create an email address and enter the name American Express as the owner of the email. In the email, the recipient is told about suspicious activity on his account but the email neither identifies the recipient or the account number.

3-Am Ex - suspicious activity on your account

The attached “Validation Form” is a web file (.html) and very dangerous. Web files can contain all kinds of instructions that go out to servers and scripts hidden on computers around the world. (To learn more about the most dangerous files online including html files, check out our article “File Extension Names Will Set You Free!) This one is very expertly crafted. First it instructs the recipient to enter “your current information we already have on database for you.” (Note the awkward English.)

4-Am Ex phish

After clicking “continue,” the scammers asked for the sun, moon and stars necessary to steal your account and your identity. Check out these two screen shots:

Part 1

Part 1

Part 2

Part 2


Mother’s maiden name and date of birth? Social security number? ATM PIN?? How about the keys to the kingdom? We filled out the form with false information and clicked continue. The data was sent somewhere across the Internet and we then landed on the legitimate American Express login landing page as if nothing were amiss. Hidden in the “Validation Form” html file is a group of coded lines that takes all the information entered by victims and “posts” it to a strange website “”

<form name=”plasticStep1Form” action=”” method=”POST” id=”plasticStep1Form” class=”formStyle”>

A Google search for shows very little information other than the web site title “Best Global Trade” and underneath the title, in French… “Morocco has been engaged for decades in the way of liberalizing its economy in an era where the opening exchange continues to take…” That’s right. Morocco. Your personal information is being sent to a website in Morocco. American Express, this ain’t.






This week in “Your Money” we wanted to remind our readers that we are still seeing many tax scams such as the one below. (Read our recent feature article “The Tax Scam Cometh!) Also, it is very common practice for scammers to use credit scores as a social engineering trick to entice people to click on malicious links. Don’t fall for these tricks.

In the email “resolve your back taxes” below, notice the strange domain “” that the link leads to and email sent from. Also, notice the random text at the bottom of the email meant to help it get through antispam filters. Just delete. A mouse-over of the links in the credit score email reveal that they lead to a strange website named “” A search for this domain using Google turns up absolutely nothing which is not surprising since a WHOIS lookup shows that the domain was registered on the day the email was sent…. March 31st.

7-Resolve your back taxes







8-Review your credit score














It isn’t uncommon today for people to have their own websites for blogging, a small business, organization, or for family and friends to use. Lots of people have them. And anyone who has a website that enables visitors to write/post comments knows about “comment spam.” Here’s a recent sample of comment spam that looks innocent enough, but rarely is comment spam innocent.

Author : seo (IP: , .)

E-mail :

URL   : htp:/www.SEORankingLinks.comZZ/

*Link broken intentionally by TDS; ZZ added

Comment: Hello Web Admin, I noticed that your On-Page SEO is is missing a few factors, for one you do not use all three H tags in your post, also I notice that you are not using bold or italics properly in your SEO optimization. On-Page SEO means more now than ever since the new Google update: Panda. No longer are backlinks and simply pinging or sending out a RSS feed the key to getting Google PageRank or Alexa Rankings, You now NEED On-Page SEO. So what is good On-Page SEO?First your keyword must appear in the title.Then it must appear in the URL.You have to optimize your keyword and make sure that it has a nice keyword density of 3-5% in your article with relevant LSI (Latent Semantic Indexing). Then you should spread all H1,H2,H3 tags in your article.Your Keyword should appear in your first paragraph and in the last sentence of the page. You should have relevant usage of Bold and italics of your keyword.There should be one internal link to a page on your blog and you should have one image with an alt tag that has your keyword….wait there’s even more Now what if i told you there was a simple WordPress plugin that does all the On-Page SEO, and automatically for you? That’s right AUTOMATICALLY, just watch this 4minute video for more information at. <a href=”htp:/www.SEORankingLinks.comZZ” rel=”nofollow”>Seo Plugin</a>

*Link broken intentionally by TDS ZZ added

At first glance it appears that a business person has dropped by to pitch his or her services to improve the ranking of the website through improved “SEO” – Search Engine Optimization. However, he or she sure has a strange email address. Let’s take a closer look at this pitch…

1. First we selected the IP Address that was logged as the source of the person who posted the comment and entered it into to see where he or she was located.  Try it yourself:   The comment came from a computer somewhere in the area of Buffalo, New York. No red flags here.

2. Next we entered the name of the website “” into Google to see what Google knows about this business. Google’s response? …nothing. It reported absolutely nothing on this site. Hmmm… Very suspicious.

3. Given Google’s response, we asked the Zulu URL risk analyzer about this domain and… BAM! Nearly 100% malicious and too many redirects for Zulu to follow!

9-SEOrankinglinks-com zulu 1

The domain has been blacklisted and contains malicious links:

10-SEOrankinglinks-com zulu 2


We have found that comment spam posted to people’s websites is always malicious. That is why website owners take protective measures to prevent it from being posted for readers to click on, and the site administrators never reply to it. Typically they set their site’s comments so that they have to be approved by a site administrator before they appear for readers, or that the comment may be posted but cannot contain any links. There are also protective plugins to help site administrators keep comment spam from making it into their website at all. One of the most well known plug-ins to protect against comment spam is Akismet. Once again, it is so easy to deceive on the Internet. One more reason to keep a healthy dose of skepticism online and keep your guard up.


Small randomly-received emails often seem so innocent. They are just business pitches afterall, aren’t they? As we have shown our readers over and over, emails and texts are not always what they seem to be. Take this example:


 11-Yourluxuryguide-com home repair






What is a “home repair guard” anyway? Before our curiosity got the better of us, we copied the link and entered it into the Zulu URL risk analyzer…

12-Yourluxuryguide-com zulu score




How about this email that claims to have a great sale on overstocked 2014 vehicles on a website called “”

13-Richwardlow-com 2014 vehicles





We wondered if this were truly a legitimate innocent sales pitch, albeit spam, so we asked Google about this website. Google said very little about this website. Would you trust it given Google’s response?

14-Richwardlow-com Google display


Just delete.


Once again TDS is the lucky winner of a bundle of money! Woohoo! We’re planning a big trip to Thailand to thank Dr. Deng, Rev. Iva and James Morgan personally. Wish us well!

15-Congratulations luck lottery winner








Surf safely!