Please support our effort by making a small donation. Thank you!

x

December 21, 2014

Happy Channukah! Merry Christmas! We wish all of our readers a joyous and SAFE holiday season! We are thrilled to announce that during the past week we have seen a cure for Alzheimer’s, gift cards from CVS, Kohl’s, Walmart, RiteAid, Walgreens and Sam’s Club, personalized Christmas gifts, fat-melting miracles from Dr. Oz, methods to fight hair loss (we could use that), improve hearing, and stop the ringing in our ears. But the most innovative scam we saw were emails pushing a “flame-less candle that will put out 100,000 hours of candle light.”   We did the math on this one….That’s over 11 years and 3 months! We’re going to buy a whole lot of these considering how much electrical costs are going up!

Here are a few choice email and text scams to warm your hearts this holiday season before our main events below:

 

Free Oil Change Coupons

This scam actually seems pretty credible. We find many coupons and promotions-through-coupons online. Why not oil change coupons? The Zulu URL Risk Analyzer actually scored the domain “get2.yournewoil-changecoupons.rocks” a “5 out of 100” points, meaning it was harmless. Zulu is good but it isn’t perfect.

However, the domain is nothing more than a redirect to another website “smancart.com.” An analysis of this secondary domain by Zulu shows that it is malicious.

Also, if you search for the oil change domain in Google, the first three links that come up are about phishing scams from PhishTank.com. It turns out that this scam deepens when you try to locate your coupon. You are asked to sign up for other things that are not in your best interest.

Just delete!

What Do These Scams Have in Common?

Here’s your holiday quiz! Look at the next two scams (which were created by the same criminal gang) and see how similar they are…

5b-Do your own email marketing

Here’s what we hoped you noticed:

  1. Both were sent from the same domain “specialdiscounts.mex.com.” The actual domain is simply “mex.com” (“specialdiscounts” is a subdomain.) Mex.com is owned by TLD Registrar Solutions in Florida and, quite honestly, we’re not sure how this domain is being mis-used for these scams but it clearly is.
  2. Both emails seem to have the same kind of gibberish text at the bottom of the email. This gibberish is meant to fool anti-spam servers into thinking that the email must be a legitimate email because it has so many “legitimate” words. This block of text is a dead giveaway that the email you’re looking at is a scam.
  3. Both have identical “unsubscribe” information. But that is neither here nor there…. Except that clicking the unsubscribe link will not work and only insure that you get more scams to your in-box.

Walmart Rewards and Customer Satisfaction Study

This first Walmart scam says it is from Pine Cone Research, a legitimate marketing research company but nothing could be further from the truth. The link points to an unusual website:

6a-Walmart Customer Satisfaction Study

Ironically, Travelbugged.co.uk is an online community that “watches your back while you travel” and was created by Conor Woodman. Mr. Woodman is an Irish Director and star of the show “Scam City” in which he exposes travel scams. On his website he offers visitors a list of common scams directed at travelers. We’ve contacted him to let him know that his website is being abused. (Believe us, we know what it feels like.) And if you are planning a trip to Europe, you might want to check out his site (but not the link to Pine Cone Research). Visit: http://travelbugged.co.uk/

The second Walmart scam contains a link to an unusual domain and “global top level domain.” The domain revealed by a mouse-over of the link is “all-newstorecardspecials” and the global top-level domain (gTLD) is “.rocks” (Instead of .com or .org etc..) We’re seeing more of these unusual gTLD “.rocks” in scam emails.   This scam speaks volumes why it is so important to look at the domains the email comes from and the domains revealed by the mouse-over of the links. This certainly didn’t come from Walmart!

 6b-Walmart Holiday Rewards


Finally, we wanted to leave you with a scam that was delivered to Evan@TheDailyScam.com. It put a smile on our faces because there is no “Evan” at TheDailyScam.com. However, as soon as we hire an Evan, we’ll let him know that his Facebook password was reset!

7-Facebook password has been reset

 

 

 

 

 

 

At this holiday season, we leave you with the proof that legitimate products are being mis-advertized to direct folks to malicious websites. Case in point is the TouchFire keypad for the iPad. It is real and a great product, but not at the link in this email!

Surf safely!