Please support our effort by making a small donation. Thank you!

x

August 19, 2015

THE WEEK IN REVIEW

Last week we saw a small increase in some of the most risky emails containing malware disguised as Word documents and other attached files. We also saw a lot of scams disguised as commercial products such as razors shipped to your home, replacements for old windows, garage floor paint, smartphone tracking software, SUV shopping guides and much more. Now on to this week’s sample subject lines and email addresses…

 

Scam Email Addresses

Back-to-School FLASH SALE: Apple iPad Air 2 64GB Wi-fi, $28.83, Thru 15Aug2015

CBS Warning: Four Warning Signs You Are About to Have a Heart Attack, Video Expires 08/15/15

Distinguished Women of 2015

Electronics Guide… Get a bird’s – Eye View with A drone!!

Living With Diabetes – Diabetes Resources

Re: New 2015 Nissan, Toyota, Honda Inventory LIQUIDATION Expires August 16, 2015

Nationwide Summer Clearance Event!

Notice: Your Financial Report has been Requested No. 24408969

Review Your Matches for FREE Today! (eHarmony partner)

Study to Become A Teacher!

Summer health guide, How To QUIT dRINKING

Talk To Local Experts – about COPD.

Tired Of Everything Falling out of Your purse???

Virtual Phone Systems… Compare Prices

Walgreens wants to give you $50 Coupon, Redeem by August 15, 2015 No. 12497946

Why Amish Have Perfect Hearing

 

Scam Email Subject Lines

Amazon-Shopping-Gift-Card@websew.work

CNNHealth.Brain.Power@muddyhooves.eu

CVS50FiftArchives@speedymower.eu

FixYourBlookSugar@palido.review

GlobalNetworkingOrganization@pucol.reivew

GolfBetter@shrpeyee.eu

GunOwnersAssocFlashlight@storywallaby.eu

Heart-Attack-Remedy@shoppingabyss.eu

Internet_Calls@frequir.review

PreferredPennyStocks@woodaved.review

PublicArrestRecords-EnteraNameAndSearchForFree@pulma.date

RachaelsCarbBlaster@knobbyroad.work

SamsungBackToSchoolFLASHSale@rawembrace.eu

SecretChurchPlot@plantosurvivenowchance.eu

TheEconomist@prela.reivew

TheLeanMiracle@kalia1.faith

YourPrivate-InfoSearched@viewbackgrounds-parts.eu

 

 

 

 

 

 

Phish NETS: Paypal and Blackboard Online Learning system

The Scammers are once again picking on Paypal as well as something new…Blackboard Online. Check out this email with subject PaypalConfiguration. You are led to believe this is about a “notice of changes to the Paypal agreement” and nothing could be farther from the truth. A mouse-over of the link Click here leads to a website called secureintlcheck1.com. Sound like Paypal to you? If you want a good laugh read the email carefully. There are so many grammatical and punctuation errors as well as sentences that make little sense. For example, be sure to “sing into your paypal account.” Seriously, poor language structure is a very good reason to be extremely suspicious about the authenticity of an email since most of the criminal gangs pushing out these scams, by our estimate, are not native English speakers. Perhaps funniest of all is the paragraph in small print at the bottom that was probably lifted directly from a legitimate Paypal email. It says “an email really coming from Paypal will address you by your first and last names or business name.” Then notice Hello Dear…. And in case you had any doubts, check out VirusTotal.com’s assessment of the website to which the link points.

Now delete.
 

2-PayPal configuration -virustotal result

Blackboard Learn is actually an online learning environment used by many schools including Boston University. (Check out the legitimate website!) However, that is definitely not where this link “Click here to read message now” leads one to. A mouse-over reveals that it points to a website in Italy. Notice the 2-letter country code at the end of the domain: studio-aid.it

 

 

Fortunately, VirusTotal.com reports that nine anti-malware/virus services have identified this Italian website as a phishing site and malicious. Thank goodness we can mouse-over links!


 

YOUR MONEY: CVS, Southwest Air, Amazon & JC Penny Gift Cards!

Once again we see a lot of repetition and have often wondered what is so magical about $50. If we look back on the last hundred gift card scams similar to these, $50 is by far the most common value used in these scam offers. That’s why we were so surprised to see the JC Penny scam email for $500!

The CVS notice “You have earned a $50 CVS Gift Card to Use Today. No. 2980220”, Southwest “payout = $50.00 (Expires August 15, 2015) #1558978” and “Congratulations on your Amazon $50 Voucher, Redeem today No. 16363419” were clearly all designed by the same criminal gang. Notice the hidden white text against the white background at the bottom of the scam content.  If you look at the white text it looks as though the scammers have grabbed Yelp restaurant reviews in their effort to fool anti-spam servers.

As to the $500 JC Penny scam below, notice that the email comes from and links to a website called jcpccard.com. A Google search of this domain turns up lots of very suspicious emails and as you’ll see below, the Zulu URL Risk Analyzer scores this domain as 100% malicious.

Delete, delete, delete!

 

6-Southwest 50 gift card

7-Congratulations on 50 Amazon voucher

8-JCPenny 500 gift card9-JCPenny gift card zulu score

 

 

 

 

 

TOP STORY: Apple Computer Critical Security Warning! Call (888) 588-7205

We recently heard from a woman who told us what happened when she visited a link she found on Ebay. It led to a website named mac-securities-care.info. Suddenly a popup covered most of her computer screen with a warning message as well as an audio file of a woman’s voice saying this was a “Critical Security Warning! Your Mac is infected with a malicious adward attack.” (By the way, adward is misspelled. The popup should have said adware. If you Google “adward attack” you’ll find many people talking about this scam.) The popup and audio asked her to call customer service at (888) 588-7205. This scam specifically targeted Apple computer owners.

This is a classic case of social engineering based on a simple popup and audio file. Fortunately the woman was suspicious even though she called the toll-free number. She reported to us that a man answered with a heavy foreign accent telling her that she had reached “online technical support.” However he could not prove to her satisfaction that they were a valid company. This is a big scam problem targeting many people online. This same type of scam against Apple Computer owners was reported in Apple’s support forums back in 2014.  It was reported again in January, 2015 on TheSafeMac.com’s website  and other sites since then such as…

http://macsecurity.net/view/97/

10-Security Threat popup

 

 

A WHOIS lookup of the domain mac-securities-care.info shows that it was registered on August 17, the same day the woman was scammed, to an address in Albany, New York. The email provided for this Albany address is computer.s@fastservice.com. To add wood to this fire, a simple Google search for fastservice.com shows links to many articles talking about a variety of scams.

Just delete!

 

FOR YOUR SAFETY: Resume Attached, Review file & Your tax Report

We’ve told readers in the past about these types of malicious emails. They are generally very effective at engaging recipients to click a link or attached file. This is especially true when the email comes from the hacked account of a real friend, which happened in the case for the email below with the subject line “Review file.” Many of our readers will remember that even Word and Excel documents can contain malicious scripts, as is the case for the resume and tax report emails below.

Just delete!

11-Resume attached

 

 

 

12-Review file

 

 

 

 

 

 

 

 

13-Your 2014 tax report

 

 

 

 

 

 

 

ON THE LIGHTER SIDE: Invitation to Global Business Network

Dear TDS Readers, we are finally getting the recognition we know we deserve! We’ve been invited to join a Global Who’s Who professional organization! (Wait for the applause.) Of course, we’re honored. In fact, we had a lot of faith that this would happen one day. Perhaps it’s kismet that the top-level domain in this email is dot-faith! You’ll all say you knew us when…

Until next week. Surf safely!

14-Invitation to Global Business Network