Please support our effort by making a small donation. Thank you!

x

August 7, 2019

THE WEEK IN REVIEW

As you can expect, we find it vile that criminals decidedly choose to target the elderly and others who are most vulnerable to their scams, yet can least afford to fall for them.  Now multiply that vile feeling times a hundred when we think about criminals who target those that have already been victimized by online fraud!  Last week we accidentally came across a “global company” created just a few weeks ago “with offices in four countries whose mission is to help those who have been scammed to get their money back.”  But this company, called Global Elite Recovery Group, is itself just another scam intent on stealing your money and personal information for their benefit, and your loss.  Read how we pulled back their layers of deception in our newest article “BEWARE Global Elite Recovery Group.”  (You’ll also see what the actress Gina Davis has to do with this company!)

Anyone paying attention to U.S. news in the last couple of weeks has no doubt heard about the settlement reached between Equifax and U.S. consumers about the theft of consumer data back in 2017.  Or perhaps the massive security breach of data from Capital One Visa, impacting about 100 million Americans! These are just the most well-known recent breaches and settlements. The theft of people’s personal information is epidemic the world over and there are important steps that we strongly recommend our readers should consider for themselves and their family members.  That is the topic of today’s Top Story below.

However, be forewarned that cybercriminals are already preying upon Americans who are concerned about both the recent Equifax settlement and Capital One breach.  For example, one anonymous consumer on July 30 reported to have received scam texts about “Equifax Alerts” from phone numbers 267-526-0423 and 806-491-0112. The U.S. Federal Trade Commission (FTC.gov) is urging consumers to beware of fake data breach texts, emails and websites.  Law enforcement has already shut down at least two phony websites trying to take advantage of people’s confusion and anxiety about these issues.  You can read more about the fraud they have uncovered and how to avoid it by visiting…

https://www.consumer.ftc.gov/blog/2019/07/equifax-data-breach-beware-fake-settlement-websites

A cautionary warning: We’ve been hearing from many people lately about search-engine poisoning in Google when searching for an Amazon customer support phone number.  This has been a problem for several years off and on, but is worse lately. Instead of finding the correct phone number, people are calling fake customer service numbers posted by cybercriminals in India!  We’ve now posted 117 fake phone numbers used by criminals since August, 2017, including nine new numbers in the last four weeks. Read “Amazon Customer Support…NOT!” (We have also posted the legitimate Amazon phone number on our site!)


Phish NETS: You Have Been Limited on Amazon!

We have limited phish on this week’s scam menu.  Just two…. One of our longtime readers sent us this brief and lame phishing email that came to her cox.net account from another cox.net account.  “Action Required: You have been limited on Amazon! The link for “Restore my account!” pointed to a hacked webserver at the Forestry Training Institute (FTI) in Olmotonyi, Tanzania.  (Notice the 2-letter country code “.tz” in the link revealed when we moused over it. Fortunately, the Institute found the offending hack and removed it pretty quickly.

 

One of our honeypot email accounts got hit with this invitation that seems to have come from Zippy Loan.  The email was sent from the domain rookiestewmails[.]com which is a far cry from zippyloan.com!  Sucuri.net tells us that this domain has been found to host a phishing scam collecting people’s personal information.  Delete!

YOUR MONEY:  Free Makeup Brush and “Amazon Survey” Browser Hijack

One of the many tricks used by criminals to target netizens is to offer something for free.  Check out this oddball email that came to a business through their online contact form. The email came from the junk domain called biglep[.]com. It was registered two and one half months ago through an anonymous proxy service in Panama.  CleanTalk.org has identified spam hitting at least 118 different websites from this domain. Check out one of the spam reports at CleanTalk.org.  No business was named in this bogus email.  No consumer product name was given. The link you are asked to click is EXTREMELY SUSPICIOUS but we love the file structure of their directories:  make/up/get.

BIG fat deleeeeeete!

              

While researching another online scam, and visiting some questionable oddball websites, Doug suffered a browser hijack and was suddenly sent to a website called “2019 Annual Visitor Survey” at the subdomain-domain prize2290[.]fastsearchday58[.]life  “Dear Chrome User, You are today’s lucky visitor…” Don’t EVER believe this malarky!  We can guarantee that you’ll never, ever win that $1000. More than likely, you’ll lose big time!  Either through the loss of personal information that can be monetized by criminals or by the installation of malware onto your computer.  That domain “fastsearchday58[.]life” was registered just 3 days before Doug got hit by this redirect and Google can’t find anything about this website.  In case you were wondering what the “58” is for, CubDomain.com tells us that there were 57 other domains registered before it and many after it, up to “fastsearchday99[.]life”, and all anonymously on July 31, 2019.  That would be 99 scam domains! Run, don’t walk, away from this wolf in sheep’s clothing no matter what number follows “fastsearchday.”

TOP STORY: How Best to Protect Your Finances

Security breaches of personal information are so terribly routine nowadays that much of it doesn’t even make the news.  Both the Equifax settlement from a 2017 security breach and the recent Capital One Visa card breach (from March, 2019, but only recently made public) did make news because of the massive number of people impacted.  Estimates put the number of Americans at 147 million for Equifax and more than 100 million for Capital One. If you are an American citizen reading this newsletter, the chances are very high that one, or both, of these breaches puts you at risk.  Hackers were able to acquire consumer names, Social Security numbers, dates of birth, credit card numbers, driver’s license numbers, and even some passwords as part of the data stolen in both breaches. Now imagine how this threat is multiplied when you consider how many people unwisely use the same password for many (ALL???) of their important digital accounts.  For the record, we do not! Read our article about how to make sets of strong passwords that are also easy to remember. 

(NOTE to our Readers in the UK and Australia: This Top Story applies to US Citizens.  However, we imagine there are similar issues and services we describe below in both the UK and Australia.  We would love to hear from readers who live in these countries to tell us what are the equivalent services in each country!  Email us at [email protected].)

In a recent settlement between Equifax and the FTC, every consumer who was found to be impacted could file a claim and receive a settlement of $125, depending on the nature of that claim.  So many Americans have tried to file a claim, however, that estimates now put the settlement closer to $65 since settlement funds are not unlimited. But every consumer affected can get something FAR MORE VALUABLE than $65 or even $125!  They can receive free credit monitoring and reporting for up to 5 years! Read more about these circumstances on CNN’’s website or the FTC website:

   https://www.cnn.com/2019/07/31/tech/equifax-ftc-money/index.html

   https://www.consumer.ftc.gov/blog/2019/07/equifax-data-breach-pick-free-credit-monitoring

As the FTC.gov website states is so succinctly… “A data breach is a magnet for scammers.”  You can reduce YOUR RISK for being victimized by the Capital One Visa data breach. Read their article about how to check on your credit report for free:

   https://www.consumer.ftc.gov/blog/2019/07/capital-one-data-breach-time-check-your-credit-report

As for Equifax and you, the FTC has provided a web page with information to get you started, including the deadline for taking advantage of the offer to file a claim for reimbursement or credit reporting.  Visit:

   https://www.ftc.gov/enforcement/cases-proceedings/refunds/equifax-data-breach-settlement

The  first step is to see if your data was stolen.  Visit: https://www.equifaxbreachsettlement.com/file-a-claim

NOTE: At the bottom of their web page is a link for parents to use regarding filing a claim for their children.

EVEN IF YOU ONLY WANT TO  OBTAIN THE FREE CREDIT MONITORING, you must choose File a Claim.”  You’ll be asked to enter some personal information, including the last 6 digits of your Social Security number to determine if your data was stolen.  Though this made us feel a little uncomfortable, you have to remember that criminals more than likely have it already!

If it is determined that your personal data was stolen, you’ll be given the option to continue filing your claim.  Choose “Option 1, Credit Monitoring” as the best value!  We also recommend choosing the additional option “Yes” for “Equifax’s free one-bureau credit monitoring service for up to 6 more years after the initial, three-bureau credit monitoring services expire.” (However, if you have already suffered a financial loss due to the theft of personal information, you are more likely to file one of the other claim types.)

If you have already suffered a financial loss as a result of data loss, you’ll have an opportunity to state that claim in section 2 and 3….

Changing your Capital One password and turning on credit monitoring services are not enough in today’s day and age of massive data breaches and stolen personal information.  The Daily Scam STRONGLY RECOMMENDS that consumers FREEZE their credit reports with all 3 major credit agencies….

   Experian.com

   Transunion.com

   Equifax.com

By freezing your credit reports at all three services, it means that no one can apply for a loan, open a credit card, start a mortgage or any financial transaction that requires a company to verify who you are and your credit-worthiness.  Including you! However, if you want to do any of these things you simply temporarily UNFREEZE your 3 accounts for several days and then re-freeze. It can even be automated to re-freeze the accounts after a certain date. It may be a minor inconvenience but this is nothing compared to what you will have to deal with if someone opens accounts in your name, or your children’s names.  Take control over your information held by these powerful companies! If your accounts are frozen it also means that fraudsters who might have every detailed bit of information needed to open a new account in your name, cannot do it!

FOR YOUR SAFETY: Your Adobe Flash is Out of Date, Your DHL Parcel, and The Prayer That Brings Heaven to Earth

Since January, 2017 we have identified 15 instances of phony popups meant to trick website visitors that their “Adobe Flash” software is out of date and should be updated by clicking and downloading disguised malware.  These tricks happen when a website has been hacked and a redirect sends you to a website that makes it look like you need the Adobe software update. Below is example #16. It hit us as we were, once again, researching another scam story last week.  The hacked website sent us to thebestpreparedossiting[.]info where all this nonsense happened.  This crazy domain was registered about 3 months ago through a private proxy service in Panama. If you truly need an Adobe software update, visit Adobe.com to get it!  By the way, we had visited “CryptominerPro” at Deskgram[,]net when we got hit. The web path we were sent through is shown below.

 

 

Sometimes bad guys are pretty straight forward with the malware they lob at you like a hand grenade. This phony email was correctly spoofed to look like it came from the real domain DHL.com but the grammatical, spelling and capitalization errors make this scam email obvious.  So, too, does the attached file name! Though it begins with “DHL_205495 receipt document,pdf” you can easily see that it ends with “exe.iso.” ISO files are burned file formats for CDs readable by Windows computers. But many (most?) Windows computers come with software that can read those files directly (without the CD).  Therefore, if you were to open that ISO file on your Windows computer, it would automatically launch the “exe” or executable file, containing malware! Drop kick this bad boy back to “DHL.”

 

 

We want to leave you with this recent email we received about a 4-sentence prayer. Cybercriminals often target groups of people by creating content designed to manipulate their clicking behavior.  For example, survivalists! (Folks who plan for Armageddon or for simply living “outside of mainstream society.”) Another commonly targeted group are those who are very religious, with a STRONG belief in God.  Here is such an email targeting them. These criminals have no shame and target whomever they please.  

“Subject: The Prayer That Brings Heaven to Earth.”  “This shockingly simple 4-sentence prayer has helped 135,375 people manifest extraordinary miracles.”  The link leads to a malicious domain called “specialprice[.]icu”  where so many redirects await, along with malware, that Sucuri.net couldn’t follow them all.  However, the final redirect is to a prayer website so you don’t become too suspicious.

Pray that no one clicks on this junk!

 

 


Until next week, surf safely!