Please support our effort by making a small donation. Thank you!

x

December 14, 2014

Paying too much for your Medicare plan? ….or Health insurance? Looking for supplement plans? Will you complete this survey to receive a $100 gift card! How about a $1000 Sam’s Club gift card? If you don’t believe these lines then how about “get new discounted prices on ink cartridges?” Learn the best way to take selfies on your mobile! (That was a new one we had never seen.) Oh, and another cure for diabetes was discovered which brings the cures for diabetes up to about number 23 in the past three months. If these don’t grab you, you can still lose weight, boost your metabolism and eat white kidney beans and never diet again!

We could go on but… Here are three quick scams we found particularly annoying. CVS Rewards card, send your child a scam…. we mean letter from Santa, and download the attached file to check the shipping status of your package. All are pretty effective at engineering recipients behavior.

 

Facebook: Good News! And Your Password Has Changed!

This next scam is most certainly an “advance fee scam” which is similar to the famous Nigerian 419 scams. However, it is so obviously lame but that we have to give the scammer points for trying and creating the two ”official” email addresses. Read the email and have a good laugh. No worries about anyone falling for this one.   This email is a candidate for our next Hall of Lame! What’s an “out staff” anyway?

4-Facebook Good news

This next Facebook scam is also pretty obvious. The email comes from notification@bootyringtossgirls.com (really??) and a mouse-over of the link on “this form” leads to “dottiedew.com.” Nothing here has to do with Facebook. Just delete.

5-Facebook password change

Your Verizon Account Has Been Locked Due to Unusual Activity.

Notice that the email was sent from noreply@tin.com. Though the graphics were broken, the link that appears when we mouse-over  “Sign in to My Verizon” points to a website for a newspaper in Freetown, Sierra Leone, Africa. The Awareness Times.

6-Verizon phishing site to Siera Leone newspaper

We contacted the newspaper publisher, Dr. Sylvia Blyden, by email to inform her that her website was hosting a phishing scam. She replied immediately. Apparently, the hackers hosted a lot more malicious content on her AwarenessTimes.com web server but all is well now. That’s what we like to hear… Another Scam Exorcism!

6-AwarenessTimes response

Wire Transfer Confirmation Slip.

We saved the best for last… An email server was hit with a few dozen emails with the subject line “Wire transfer confirmation slip.” However, none of the emails contained any visible content other than a broken graphic:

7-Wire transfer confirm email w broken link

A mouse-over of the link showed that the link pointed to a legitimate URL shortening service called TinyURL.com. but the link was very strange in the way it was constructed… or misconstructed. The shortened link seemed to point directly to the service itself and, at first glance, didn’t appear to be malicious. Yet we were certain it was! So we dug into the email code behind the scenes and found that there was another shortened URL hiding inside. We’ve highlighted it in blue:

8-Wire transfer confirm email code showing links

When we used the Zulu URL Online Risk Analyzer to check out this second shortened URL highlighted in blue we learned that it sent content to the visitor from a suspicious website called “ozkent.com.”

10-wire transfer confirm tiny url w redirect

When we further investigated the link at Ozkent.com, Zulu Risk Analyzer also showed us that it was located in Turkey. This mess stinks like two week old fish. Just delete.

11-Wire transfer confirm redirect to Turkey


At this holiday season, we leave you with the proof that legitimate products are being mis-advertized to direct folks to malicious websites. Case in point is the TouchFire keypad for the iPad. It is real and a great product, but not at the link in this email!

12-Touchfire for iPad

 

 

 

 

 

 

 

 

 

Surf safely!