December 12, 2018

[hr_invisible]

Phish NETS: American Express Account Info, Update Cox Billing Info, and Email

One of our readers sent us this helpful email that appeared to come from American Express via the email address @Not[.]com rather than AmericanExpress.com.  “Please Update Your Income Information.”  We don’t like providing this information to the real credit card companies, and certainly won’t give it to cybercriminals!

American Express will ALWAYS inform you of the last 5 digits of your account number in the upper right corner of an email AND greet you by name. (see “Hello,”)  Check out the account number listed in this email! Also, if you read the content of the email, you’ll find that it contains a demand that NO REAL credit card company would ever say…  “failure to update your account [with your income info] may result in temporary suspension of your account.”

That’s harsh! Deeeleeete!

“Dear COX Customer, READ NOW :– FINAL WARNING!” says the subject line WITH ATTITUDE!  But it didn’t come from Cox.com. NOTHING in front of the “@” symbol has any meaning regarding the source of an email.  What comes AFTER the “@” symbol is important (though the best cybercriminals can spoof that too). This phishing email came from vrkrtech[.]com, a domain name that was registered in India early in January, 2018 and is being hosted on a server in Hong Kong.  How do you feel about this “alert” to help you update your Cox online account now?

If your “account storage capacity is very low” are you worried?  Will that keep you up at night or have you reaching for the Tums dispenser?  According to this next email, you ought to be worried or “we may be forced to terminate the activities of your account.”   This message is about your email account, but no email service is named. They don’t even confirm your name! That link to “Re-active” your account points to the hacked website of a Southern fitness center called MyAchieveFitness[.]com.  Time to “exercise” that delete key! (At least we didn’t say “bench press” that delete key!)

[hr_invisible]

[hr_invisible]

YOUR MONEY: Amazon Survey Reward and Prepaid Visa Card for Aldi Survey

We’ve told readers umpteen times to be VERY suspicious of reward surveys, and for good reason!  About 99 out of 100 we’ve seen have been malicious clickbait pointing to nasty malware, phishing scams to collect your personal information, or are sleazy tricks to get you to purchase other products before you can earn your reward. (…which is technically not much of a reward at all if you have to spend $100 on other junk first.)  Here are two more surveys we’ve recently collected…

Let’s start with this email sent to us by one of our readers in the UK.  It appears to have come from the UK website of the Wayfair company, a very legitimate online home goods service.  “You have (1) new amazon survey reward ready to claim perfect picks here!” You read that correctly… Amazon survey, not a survey for Wayfair!  That and the lack of capitalization in the subject or From address should be enough to raise your suspicions that this is NOT what it appears to be!  Take, for example, the unsubscribe address in Post Falls, Idaho at the bottom of the email. We looked it up in Google and found the following three choices at this confusing address with two numbers (2600-A and 317).  This address is either for an Auto Parts store, Youth Ranch Thrift store, or a lovely residential home with a quintessential white picket fence.  We think that egg is already cracked.

Ever heard of the store chain called ALDI?  According to Google, it is a German supermarket chain located in at least 20 countries.  This email invites you to take a “short survey” to receive a prepaid Visa card for ALDI. Except that the email appears to have come from Jessica at swimworkoutsdiet[.]com or “Better Sleep” at a random domain name made up of 54 letters, dot com.  Mousing over the image for ALDI reveals a link that points to a website called anpdm[.]com.  We can stop right here because we identified that domain as malicious in our November 28 Newsletter top story called “Russian Criminals and Clickbait.”

[hr_invisible]

[hr_invisible]

TOP STORY: Celebrating No Good English!

We will be the first to admit that our English skills are not perfect, but we try hard to be as grammatically correct as possible!  We perseverate over our word choices, editing and re-editing to try to make our articles and newsletters accurate and interesting to our readers. (Though we don’t always succeed, especially when exhausted late at night, trying to inform readers of a new  scam or new update to an old scam we just learned about.) We are confident that our cApItaliZaTIon is correct and our punctuation is spot-on…!!!

Fortunately, the overwhelming majority of scams and malicious clickbait come from criminals for whom English is not their first language, they don’t have an eye for subtle language details, or they simply don’t know any better.  Contrast these less-than-stellar-English-skills with the exceptional skill level and thoughtfulness you can expect from a marketing team at Capital One Bank, Amazon, PayPal or other commercial service! You can be certain that the emails and ads sent from these legitimate businesses will be flawless!  So what does it mean when you receive a message with critical English language errors that would make your Elementary school grammar teacher roll her eyes? The question is rhetorical.

Take a more critical look at the top third of that Amazon reward email in this week’s “Your Money” column.  Can you find the three English errors…

Let’s revisit the Cox Communications phishing email as another example.  We count eleven errors including capitalization, punctuation, grammar, and the use of awkward English. (2 capitalization errors in the first paragraph, a variety of six errors in the second paragraph, and three errors in the final paragraph.)

(3 Amazon reward errors above: Missing capitalization on “congratulations” and “amazon,” misspelled the word “th” in the white text with the orange background.  Also, one can argue that the subject line contains awkward phrasing at the end.)

Sometimes, the cyber-criminal’s English skills are so bad that we lose count of all the errors!  Take this short phishing email we documented in our March 7, 2018 newsletter about an Outlook email account.  We see, at least, ten errors. How many can you spot?

And sometimes the English is so awkwardly written that it makes us wince just to read it!  Look at this text that we posted in our May 9, 2018 newsletter claiming to represent Gmail users…

Our point should be obvious! It pays to carefully read texts, emails and ads that target us before we click on anything.  If you spot errors then you should be very suspicious that it is not what it appears to be. We became so focused on this obvious “xyz” crap domain in the header of this next October email about automobile insurance that we didn’t spot the very obvious misspelling the first time we read it!  Critical reading and observation can go a long way to protecting you online!

However, we can’t rely on just our English language skills.  Some of the criminals who target Americans have excellent English language skills.  Below is just such an example. About the only red flag that jumps out at us about the legitimacy of this email is that this email was first used last summer and then recycled for use again.  However, the criminals forgot to remove or change the reference to “consolidate your debt this July 4th.” (The email was sent November 12 and says it is FROM “Happy Thanksgiving!”) Oh well, no one’s perfect.