Please support our effort by making a small donation. Thank you!

x

August 12, 2015

THE WEEK IN REVIEW

Dot-Review (.review) seems to be the latest misused domain in large numbers of email scams lately. You can see a few examples below. The scammers are still pushing out scams from dot-work (.work) and other domains as well, including the old favorite dot-com (.com) domain. We’re also seeing an upsurge in the number of malicious emails coming from legitimate, but hacked email accounts, including emails with a generic time-stamp subject line such as “Re:FW:7/28/2015 7:03:37 PM.”

 

Scam Email Addresses

CompareCeilingFans@laccile.date

delivered@mastal.website

Dr.WilliamPatterson@simplycleansherpes.work

DurablePatioCoating@newhomesurfacestools.work

LeaseaYacht@charredburger.review

MesotheliomaWarnings@ninetere.review

MortgageQuotes@staggeredmen.review

PellaSummerWindows@frailreality.work

SouthwestParticipantReward@dimplestore.work

YourBackgroundUpdates@thenewestscanupdates.work

Scam Email Subject Lines

Do-it-yourself dent and ding repair-kit

Earn Your $50 CVS Voucher by 08/07/2015, #18232478

Effective Solutions for Email Marketing

GPS Navigation Gadgets, Fast and Accurate Mapping

Over 40? You Need to Read This!!

Re: Your background report

Redeem Your Walgreens Gift by Aug. 7, 2015, No.12712502

Save on hundreds of patio pieces

You can reverse your hair loss in 60 days

You?re Never going To believe this!!!

 

 

 

 

 

Phish NETS: USAA Bank and Web Mail

It appears that the phishers are taking a break from their attacks on Apple and Paypal users. Our guess is that they have more phished accounts than they know what to do with! However, we found these two phish swimming in the Internet ocean during the past few days… The content in this email from online@ealert.com (rather than from usaa.com!) is classic phishing language complete with subtle grammar errors… “We’re currently updating our systems to bring an enhanced levels to your online banking experience. As a result, your details are under review.” Fortunately, a simple mouse-over reveals that the link points to a hacked website called USPensionCrisis.com. (BitDefender has identified this hacked website as hosting malware so we don’t recommend a visit for those who may be curious.) REMINDER: Mouse-over skills are critical to online safety! Review our article and video on how to mouse-over:

http://thedailyscam.com/articles/mouse-over-skill/

http://www.thedailyscam.com/mouse-over-skills-on-i-devices/

http://thedailyscam.com/mouse-over-skills/

 

This next email targets the millions of people who use generic webmail accounts provided by their hosting services when they purchase a domain and put up a website. The email below contains mixed messages because the subject line says that “Maximum email size exceeded” as if you got one really BIG email but the message says that you have gone over your quota for number of emails (though it claims this happened at 85% of mailbox size.) All very confusing…. Fortunately, a mouse-over of the link shows that it points back to a domain called runmate.com. We discovered that runmate.com is a website for runners in Istanbul, Turkey. You’ll see below that when we checked the link provided to log into your webmail account, no less than 8 online scanners have identified the runmate.com link as malicious.

Just delete!

2-Mailbox exceeded quota

 

 


 

YOUR MONEY: Amusement Park Discount Tickets and Macy’s Gift Cards

We are in the dog days of summer and many of us with kids are hitting the water amusement parks. Every parent knows the parks are not cheap! Wouldn’t you love to get a discount coupon at a water or amusement park? Look before you click because the only thing this email delivers is malware to your computer…

 4-Amusement park discount tickets

Thinking about back-to-school clothes? Or is it simply time to buy those to-die-for boots at Macy’s you’ve been oggling? Clicking this coupon comes with the same price as the Theme Park Deals above. (And notice that both emails contain the hidden white text at the bottom of the email that is intended to fool antispam servers.)

Just delete!

5-Macys Gift Card

 

 

 

 

 

TOP STORY: MyLife.com

This week’s top story is about a real website started in 2002 called MyLife.com. According to Wikipedia MyLife.com was created to provide services allowing people to see and control information that’s publicly exposed about themselves or anyone. We at TheDailyScam.com can tell you that this claim is absolutely impossible. Paying for the MyLife.com service is a big waste of money. However, that’s not what we’re here to report. We want to report to our readers that this company feels like a scam though it is considered a legitimate online business. Read some of the hundreds of complaints against MyLife.com on ConsumerAffairs.com. or the awful reviews on SiteJabber.com. And then there is this 2011 article from ABCNews.com who reported on a class-action lawsuit against MyLife.com. Many people called MyLife.com a scam because the website starts with a false solicitation telling potential victims that ‘someone’ is searching for them, and they can find out who by paying a small fee. This was an important point in the 2011 lawsuit. Apparently MyLife.com and its CEO/founder, Jeffrey Tinsley, hasn’t learned their lesson yet. We know of a woman who has been getting dozens of scam emails from MyLife.com since April. Check out the sample email below and the subject lines that are intended to manipulate her into joining the site. Where’s a good lawyer when you need one?

6-MyLife-com Someone is searching for you

 

 

 

 

 

 

7-MyLife-com email list

 

 

 

 

 

 

 

 

 

 

 

FOR YOUR SAFETY: Dropbox, Best Annuities for 2015, and InstaCheat requests!

Sadly, we have too much content for this week’s Safety column. Let’s begin with this email that appears to have come from Dropbox. Mitch Gertz has shared files with you… The recipient is asked to first verify an email address but a mouse-over of the link reveals that it doesn’t point to Dropbox at all. It points to files at a domain called egasatellite.us. You can see by the Zulu score below that this website is not safe to visit.

Deeeleeete.

 

8-Mitch Gertz has shared files with you

 

 

 

 

 

 

 

9-Mitch Gertz has shared files with you 2

 

 

 

This next email with the subject line “See, if an Annuity; is right for You” is equally dangerous but the scammers have made it much more difficult to figure that out. The email is sent from a domain called AnnuitiesExclusive.review, which seems at first glance that it could be a legitimate place to compare the best annuities for 2015. Right?

10-Best Annuities Rate 2015 1

The Zulu URL Risk Analyzer gives this website an extremely safe score of 5 out of 100 points. However, Zulu also finds that the webpage contains an embedded link on the page that retrieves content from a website called rpredir04.com. Most people won’t even notice this and those that do may think it is just for site advertising pulled into AnnuitiesExclusive.review. But we aren’t most people. We dig and dig…

11-Best Annuities Rate 2015 2

 

 

 

 

When we used the Zulu URL Risk Analyzer to look at the link pulling from rpredir04.com we discovered a “redirect.” Redirects mean that a website is sending the visitor somewhere else on the Internet. Still, Zulu scored rpredir04.com as completely harmless… 0/100!   But we have seen that redirect to enzjptkr.com before! When we asked Zulu to check out enzjptkr.com we found our hidden explosive! 97% chance of being malicious!

Delete, delete!

12-Best Annuities Rate 2015 3

 

 

 

 

13-Best Annuities Rate 2015 4

 

 

 

 

 

Finally in this week’s Safety column we wanted to share something that looks like it came from the seedier side of the web. You may have heard about the website AshleyMadison.com which is meant for those who wish to have extramarital affairs because it was in the news recently for not protecting user’s account information. (AshleyMadison.com got hacked and user’s info was publicly posted. Big surprise.) This offensive email below wants you to believe it is from a similar site possibly named Instacheat though there is no such website. The link it titillating and the sender made many content manipulations to get the email to pass through content/spam filters.

14-Instacheat request is pending

 

 

 

However, before your curiosity gets the better of you, have a closer look at what online scanners are saying about that link. Ouch!

15-Instacheat request is pending 2

 

 

 

16-Instacheat request is pending 3

 

ON THE LIGHTER SIDE: Network Power Charitable Trust

We sure were surprised to get the email below! Mrs. Thinh must also work for the Brazilian government because the sender’s address appears to come from a Brazilian (.br) government email server. We guess she travels a lot… Brazil, Japan, Cambodia and Vietnam. Poor woman is dying though so we’ve decided to help out her charity. Isn’t it nice that our “details” were available on the Network Power Charitable Trust?

Should we be concerned that a look up of “Network Power Charitable Trust” turns up lots of links to posts about online scams:

https://www.google.com/?gws_rd=ssl#q=network+power+charitable+trust

 (If you want to see more about these types of titillating emails used to manipulate your clicking behavior, visit our article Lookin’ for love in all the wrong places.)

17-Offer for charity plan