December 5, 2018

[hr_invisible]

Phish NETS: Netflix, Discover Card and M&T Bank

People don’t often realize that many types of online accounts can be monetized if a criminal gains access to them, including a Netflix account!  If you have a Netflix account, you have a credit card connected to it! Check out this email from “info[.]com.” “We’ve just detect unauthorized login from unknown user in Moscow,Russia using your account.”  A mouse-over of the “Login to my account” points to a website in the Czech Republic! (“.cz” is the 2-letter country code for Czech Republic) Don’t be fooled by that fake but authentic-looking login page!

This next phish was pretty lame… “As a security precaution for your Discover account, Please verify the temporary identification form prompted:”  However, the email came from the domain xmas[.]net!

M&T Bank is a financial service in nine states with hundreds of branches.  This email didn’t come from them and the link points back to a web page on the free hosting service called 000WebHost.  This free service is often used by criminals to post phishing pages.

Another big, fat delete!

[hr_invisible]

[hr_invisible]

YOUR MONEY: World Company Registry and Free Psychic Reading

Over the years we’ve seen many “vanity scams” targeting professionals with an invitation to join some elite group or to be listed in a “Who’s Who of Professionals.”  Sometimes these scams target business owners with an invitation to be listed in a professional publication such as this “World Company Registry” for 2018-2019.  Notice in this invitation that “updating is free of charge” but that doesn’t mean that entering is free of charge! The attached “form” was a very low resolution graphic file.  Look carefully at the paragraph at the very bottom of the form. The lines in it are purposely tucked up against each other and the resolution is so poor to make it extremely difficult to read.  But hidden in that paragraph are conditions saying that your signature is a legal agreement to pay them 995 Euros for entrance into this registry!

What’s more, this email’s FROM address says “Global Company Register” BUT the email appears to have come FROM Hagen Ford, a certified Ford dealership in Michigan!  And your reply will be directed to a domain (wb-l[.]top) that was registered last April.  This particular scam has been going on for years!  Here are just 3 of many links referring to it:

https://www.scamwarners.com/forum/viewtopic.php?p=360091

https://playingintheworldgame.com/2015/01/24/world-business-list-this-scam-just-wont-die/

http://www.siso.org/press-releases/do-not-fall-for-this-new-directory-scam

It’s hard not to smile when we think about someone offering to give us life-changing advice BECAUSE he or she claims to be a psychic.  But apparently there are people who believe in psychics and it has cost some of them dearly, such as this woman who very recently lost $12,000 to a psychic.  This “psychic” convinced her victim that she was carrying a curse from a former life as a mute Egyptian healer! (**sigh**)

Checkout this email for a “free psychic reading” by Chris Voyance.  Whether or not you believe that Mr. Voyance is a real psychic or a fake is not the point.  The point is that this email is just clever clickbait. It comes from, and has links that point back to the domain jobscout[.]club.  This domain was registered in Panama on September 28, 2018 and a Google search shows that there is a domain by this name but no website.  Also, using Google’s Site Command to search this domain, we cannot find anything at this domain when we search for Chris Voyance, psychic, or astrologer.  We may not be psychic, but we can see far enough into your future to know that you’ll end up with malware on your computer if you click that link!

[hr_invisible]

[hr_invisible]

TOP STORY: What Do Trump & Santa Have in Common?

Do you think you know what Donald Trump and Santa Claus have in common?  Could it be the red tie and red suit? How about that one of them gives gifts to children and the other gives gifts to billionaires and corporations?  Or that each one is famous for emitting a deep, loud roar… “Ho, Ho, Ho” and “You’re Fired!” Nope! What they most have in common is that they are often used as clickbait to online scams, fraud and malware!

The Christmas season is in full swing so let’s start with these annual invitations for parents to purchase personalized letters from Santa to be mailed to their children.  Except that these are not real, er.. We mean real fakes, not really the real fake Santa letters… This email came from the domain technogroovy[.]com and has links that point back to the crap domain focusedreality[.]stream.  The Zulu URL Risk Analyzer gives it an 80% chance that it is malicious.  How do you like those odds?

And then we received this “Make Christmas Magical for a Special Child!” email from the website launchcentro[.]com.  According to a WHOIS lookup, this domain was registered just 9 days before this email was received.  The email claims to have a “very special surprise” that they offer to their customers.  At least they are telling the truth there! (We also found images of “Payday Loans” on their web site.)

Now what about our esteemed President?  Here’s an email that seems to be a newsletter from “Roger” but comes from the domain healthypupil[.]com.  Google can’t find that website at all and it was also just registered via a proxy service in Panama nine days before this email was received.

And last, but not least, we offer this exciting email from Victoria for FREE MONEY, according to a tweet from Trump.  The email was sent from the domain dern[.]info, which was also registered in Panama just three weeks ago on November 8. “Your check cannot wait any longer.”  “Click now and see how to claim your Trump bonus check.” The links in this email actually point to a real live web page at visionmiracles[.]stream….

However, before you get too excited and click “Click to Play” for your “Trump Bonus Checks” you should know that the domain visionmiracles[.]stream was also registered by a proxy service in Panama, though it happened in January, 2018.  In fine print at the bottom of the email, we’re informed that this content belongs to “Seven Figure Publishing, a Division of Agora Financial, LLC.”  If that isn’t true, then we have a lot to worry about. And if it is true, who is Agora Financial? According to the Better Business Bureau, they are a financial services firm with at least 286 complaints against them as of December 2, 2018, including many people who complain they got hit with unauthorized charges from Agora Financial.  Agora Financial also has the special privilege of having an article written about it on the website ScamFinance.com.  TrustPilot.com gives Agora Financial a 1-star average from 17 reviews, with the latest complaint describing Agora Financial as “a huge scam boiler room that employs liars, crooks and clowns to pitch fear and greed while running penny stock scams.”

Poor Santa Claus and Donald Trump.  At least they can share a hot cocoa and commiserate about the misuse of their names.