December 4, 2019
The Week in Review
The Daily Scam launched a new website! Visit our new site and let us know what you think. Our old (2013) tired website desperately needed a facelift and it finally got it! Unfortunately, the installation of the new site also created a lot of problems that needed time and attention to fix (and we’re still not done). This delayed our sending of last week’s Newsletter, the first time that has happened in six years of sending a weekly newsletter!
Check out this list of emails that poured into one of our honeypot accounts. It may look like a list of spam but it is far worse. Each is malicious clickbait intent on infecting your computer with malware! Yikes! Notice that a lot of these emails are centered around health and wellness.
Phish Nets: Apple Invoice and Netflix Annual Subscription Failed
One of our longtime readers sent us this email claiming to be from Apple.com but clearly is not! It came from the domain onstartediot[.]org. This oddball domain was registered in Canada early in November. The email claims to be from the Apple store with an attached invoice for a game order you’ve placed.
Total BS! Delete!
This next email was supposedly sent by the “Netflix Team” but it came from ferasgbut[.]com, another domain that was registered in Canada on November 24, 2019. Subject line is VERY awkward…. “Need action: Ups…We’re currently facing a difficulty to continue your monthly plan. Would you like to retry your information?” The link appears to point to yhindi[.]com, not netflix.com, but it then redirects you to the website strongnetweb[.]blogspot[.]com. Once again, criminals have misused a free web service to post a phishing web page. We also noticed a LARGE white space underneath the email content. When we dragged our mouse through it we found lots of white text against the white background! Look at what’s written in the white text.
Your Money: Personalized T-Shirt Designs
Zolatee is a t-shirt business that appears to be about a year old. This email wants you to think it is from Zolatee, showing cool designs created by a graphic design student named Kate. However, all of these graphics are stolen images and are being used as malicious clickbait. Look carefully at the email’s FROM address. It didn’t come from Zolatee, or anyone named Kate. It came from a private Gmail account. More importantly, the links point to an Amazon link service at rebrand[.]ly for businesses. VirusTotal.com told us that three services have identified malware waiting for you at the end of that link!
Top Story: Christmas and Malicious Clickbait
Now that Thanksgiving is over, we all know to expect a deluge of advertisements, emails, jingles, etc. about Christmas. And mixed into that deluge of merchandise is malicious clickbait. It is really important to warn friends and family not to assume that all the emails that will pour into our inbox are legitimate. And so it has begun. Check out these two examples of holiday cheer misery….
The first is a Black Friday pitch to purchase a personalised letter from Santa for your child. Of course, we would write “personalized.” This spelling difference tells us, according to StackExchange.com, that the creator of this clickbait is from a UK influenced country, not the United States. In any case, the links point back to a malicious domain sitting on a server in London.
And then we received another malicious clickbait disguised as a personalized letter from Santa. But the email came from, and links point back to the crap domain lettrchrismas[.]monster! This monstrous misspelling of “letter Christmas” was registered the same day this email was sent, November 26, 2019. And this awful domain is sitting on a server in Bhopal, India! At least the Zulu URL Risk Analyzer has identified this domain as malicious!
Bottom line…. Look carefully before clicking and don’t assume it’s safe just because the content is about Christmas!
For Your Safety: Celebs Before and After
Are you interested to see some “mind-blowing photos of celebs before and after photoshop?” Don’t click on this email! If you clicked on this email you would end up on a website named enthralling[.]us. The DOT-us ending to this domain implies that it is a website registered and hosted in the United States. But that is a lie. A WHOIS lookup of this domain shows that enthralling[.]us was registered in late July, 2019 by someone named Daniel Zevedei from Bucharest, Romania and is being hosted in St. Petersburg, Russia. Does any of this sound like the United States?
Step away from this landmine!