December 26, 2018

THE WEEK IN REVIEW

Just because a person or message speaks with authority doesn’t mean it is real!  Here are two recent examples. The first is a call that came to Doug at TDS from the “Department of Official Security” about some “legal action” against him.  The scammer’s response was immediate and predictable the moment Doug refused to give up any personal information.

Click to hear audio clip:


The second message was a text sent to a Reddit.com member informing him that his “account was under review” and to complete the security form available through a link sent to his phone.  Notice that the link pointed to an official-sounding website called secure-alerts[.]net.  It turns out that this domain was registered 1 day before this text was sent.  In less than 24 hours, VirusTotal.com informed us that ten services had already identified this domain as malicious!

 

It is so important to keep a healthy dose of skepticism!  Don’t believe something just because it “sounds” official!  Speaking of official, we received this very important email from Treasury Secretary Steven Mnuchin.  We know it must be the real Mnuchin because he sent us a link to his Wikipedia page and a copy of his identity card!  He’s informed us that he has $1.5 million dollars waiting for us. We sure could use that money for a new website! In case, Secretary Mnuchin doesn’t come through for us, we are asking our readers to please visit our Kickstarter link and listen to our three minute pitch for help!

 

We wish you a very happy, safe, and scam-free new year!  
David and Doug at The Daily Scam

From: Mr. Steven_Mnuchin [mailto:deadhead “@” kfedisbroke.com]
Sent: Monday, December 17, 2018 9:34 AM
To: Recipients
Subject: Possible Spam : TREASURY DEPARTMENT OF USA

Dear, I am Steven T Mnuchin, Secretary of the Treasury under the U.S. Department of the Treasury. You can get more details about me here; and attached is my identity card for confirmation of office. https://en.wikipedia.org/wiki/Steven_Mnuchin At the recently concluded meeting with the World Bank and the United Nations, an agreement was reached between both parties for us to settle all outstanding payments accrued to individuals/corporations with respect to local and overseas contract payment, debt re-scheduling, outstanding compensation payment and lottery funds.tis is more concentrated on your lottery funds. Fortunately, you have been selected alongside a few other beneficiaries to receive your own payment of $1.5million (One Million five hundred thousand United States Dollars only). We have been notified that you are yet to receive your fund valued at $1.5million this money will now be transferred to your nominated bank account, A check delivery or Delivery of Master Card ATM. Feel Free to contact me with below details: Email treasurydepartmentofusa19 “@” gmail.com Looking forward to hearing from you and God Bless America Secretary Steven T Mnuchin Treasury Department USA Note: This transaction is %100 legal with the security of the FBI

[hr_invisible]


[hr_invisible]

Phish NETS: Bank of America

The only phish found swimming in last week’s sea was sent to us by a TDS reader.  This email claims to represent Bank of America. Though we could not verify where the link “Online Banking” pointed to, it is CRYSTAL CLEAR that this is a phishing email if you simply read the email itself and look at the FROM address.  Thank goodness for bad English.

 

[hr_invisible]

[hr_invisible]

YOUR MONEY: GTRacing Gaming Office Chair and Canada Goose Coats

Read these wonderful advertisements and think of the old adage “if it seems too good to be true, it is.”  This first Ad also comes to us through a Reddit.com user. It seems he found this fantastic online deal on December 21st, just before Christmas for a “GTRacing Gaming Office Chair.”  It normally sells for about $300 but this remarkable sale puts that price at 80% off. (“80% Off” seems to be the magical percent off in every single malicious clickbait advertisement we’ve ever seen in the last few years, without exception!)

Note how this advertisement contains language meant to pressure you into making a decision quickly….

  • Sale ends Dec. 22 (tomorrow)
  • Hurry Only 4 Left!

…as well as content that is meant for you to feel that this is legitimate and valued by others…

  • 93% of our customers have enjoyed their order. 1530 Orders.
  • Guaranteed Safe Checkout from 7 known services (None of which are true! They’ve just stolen and misused the graphics!))
  • Free Worldwide Shipping! (Seriously???  If this were real, it would cost more to ship this chair than the price of the chair!)

This oddball domain, dualsmok[.]com, was registered through an anonymous proxy service just 13 days before the Reddit user found this ad.  We know from long experience that a newly registered domain is never a good sign of legitimacy!  And one final note, according to the Reddit user, the “ABOUT” web page states, “Here at Dualsmpl, we understand that each gamer has different preferences which is why we value having choices.” They don’t even spell their own business name correctly!  A big, fat delete!

Speaking of 80% off, we received this advertisement for Canada Goose down jackets, except that the email didn’t come from CanadaGoose.com, or other recognizable establishments.  The email came from the crap domain uqdkh[.]com and all links in this email point to another crap domain, uqbuy[.]top.  This second domain was registered to Nexperian Holding Company Limited of Hangzhou, China.  We’ve written about Nexperian’s shady business offers seven times, starting in February, 2018. (Read the Feb. 7 Your Money column.)

 

[hr_invisible]

[hr_invisible]

TOP STORY: PayPal Instant Payment to You

Quite honestly, we’re not entirely certain how this next scam was meant to unfold.  But we are 100% certain that this is a scam and the TDS reader who sent us this information was at risk of losing money to criminals who are likely based in Africa or at risk for doing something illegal on their behalf.

This story begins and ends with an “official” lengthy email that appears to be from PayPal about an “instant payment of $750.00 USD from Michael Salgado.”  Apparently, the recipient was asked to ship an item to an address in Aflao, Ghana for which she was to be paid the large sum of money. Suspicions first arose because no payment of any amount appeared in the recipient’s PayPal account, though the email clearly says that an “instant payment” was made to her account.  This caused the recipient to look more closely at the details of this email and contact us. Here are the red flags that jumped out at us…

  1. The email says “From: PayPal” but the domain that follows the “@” symbol is not paypal.com.  It is ukaccountant[.]net. TDS learned that ukaccountant[.]net is a free email service available in the UK.  ScamWarners.com has noted many instances that this domain has been used by criminals in fraudulent emails such as this example pretending to be from Lloyds Bank of London.
  2. The email below states in bold that the recipient should not reply to this email but instead, click the link to contact the PayPal representative named “Agent Diana Hentges.”  However, mousing-over that link for Agent Hentges shows that it pointed to a Gmail account, not an employee account with paypal.com.
  3. The email below contains a table with information about the expected transaction.  The bottom row of this table contains a link under “Status” and another under “Details.”  The first link simply points to “www.paypal.com” and not to any particular account or transaction.  The second is simply a link to send “Agent Hentges” an email. So essentially, these links contain no details or information about this transaction at all or the accounts involved.

 

The red flags raised in this email are proof that it is fraudulent and the sender doesn’t represent the real PayPal.com business.  So we wondered what’s the scam here? Though we are not certain, PayPal itself has detailed many scams that target PayPal users in an article titled “What Are Common Scams and How Do I Spot Them.”  If you visit this PayPal page and scroll down about ⅔ of the way you’ll see several “Shipping Scams.”  We believe this email represents one of these shipping scams.

TDS has recently seen a number of shipping scams reported to us during the last three months, compared with none in the last three years!  In one conversation with a TDS reader in early December, the victim had been hired to re-ship packages for an “agent” and was paid for his time.  He stopped after the third box when he realized that it was highly likely that he was shipping stolen goods overseas.

[hr]

FOR YOUR SAFETY: Proof of Payment

Did you know that a pdf file, which normally consists of text and/or images, can be turned into a clickable link?  Take a look at this message from “Stella” (who goes by the email name “zomper?”) through another free online email service called Reagan[.]com.  She claims to have sent a payment receipt and you’ll see that a pdf file is attached called “Payment.”

 

However, the pdf file contained only two embedded graphics that appear as an Adobe button to download a file.  This is where this email gets extremely dangerous. The graphics (the entire pdf file) was a clickable link to a domain called topsms[.]com.  If you look carefully at this link you’ll find a 2-letter country code following “com.”  The fully qualified domain is topsms[.]com[.]ng.  The “ng” means that this is a link to a website hosted in Nigeria.  (Check out our short video about how to recognize scams that involve country codes.)

 

It took no time or effort at all for every tool in our toolbox to identify this link as malicious…

 

 

 


Until next week, surf safely!