Please support our effort by making a small donation. Thank you!

x

December 9, 2015

THE WEEK IN REVIEW

During the last ten days we have seen a huge spike in the both the number and variety of phishing scams disguised as legitimate bank, credit card and other accounts. And since Thanksgiving and CyberMonday ended scammers have been turning their attention to sending out hundreds of Christmas holiday scams. It’s enough to send you back to bed and bury your head under the pillows.

 

Sample Scam Subject Lines:

Bathe in- safety with a — walk in tub

Christmas OVERSTOCK: Asus 11.6″ 500GB LED Touch-Screen Laptop, $5.61, Until 12/05/15

CVS wants to give you a Christmas points

Duke-University: Herpes is no longer incurable, You can cure it in less than 3 weeks

Family Health Insurance on a Budget

How much will you receive from a reverse mortage?

Look 20 Years Younger, in Minutes

Re: Congratulations on your Macy’s $50 Christmas voucher

Re: Donald Trump’s amazingly effective financial plan for American’s

Re: Finish Your X-Mas lights in less than 1 minute

Re: Kohl’s Christmas Sale- Beat the crowds and save

Re: Shower your home in lights this Christmas

Reduce Muscle Soreness

The BEST Wrinkle Remover Ever Released… Celebs Movie Stars Secret Revealed

Sample Scam Email Addresses:

ABCNews-Memory-Enhancer@dhgmk.revivepodcasts.accountant

AffordableSeniorCare@rgatin.top

Amazing_Coffee_Flavors@zjwms.readcurrent.party

BuriaFuneralGuide@ocurry.top

CancerTreatmentCenters@partinos.top

Costa-RicaResorts@stagling.download

FreedomGenerator@eagear.top

GlowCandlesDeal@mntant.top

MedicareSupplementPlans@theyhemical.download

Off-GridFreedom@norwr.top

PersonalSecurityCameras@chtoll.top

ProbioticAmerica@ghuil.science

SantaLetters@ujqas.vouchvalue.accountant

VAHomeQualify@trburg.top

 

 

 

 

Phish NETS: Google, Capital One, Sun Trust, PayPal and Apple

Just before last week’s newsletter went to print, we suddenly saw a flood of Google account phishing emails target an email server in just 40 minutes so we warned our readers. You’ll see below that all these phishing scams came from the same bogus address noreply@googlequery.co.uk The phishing flood waters have expanded this week to include Capital One Visa, Sun Trust Bank and, of course….PayPal and Apple.   As always, we encourage readers to keep a healthy dose of skepticism about them and mouse-over links to see where they lead before clicking them!

You can see by these two samples that the scammers have registered domains that are meant to sound credible and belonging to Google…. Googleplayupdates.info and Googleappassist.org. Fortunately, both of these phishing domains were taken down a few days after they went up.

2-Phish-please update your google profile  3-Phish-please update your google profile2

Check out this email from a user’s hacked and misused account with subject line “Access Suspended!” The email doesn’t identify the recipient by name or give the last 4 digits of his/her account. And a mouseover of the link points to taskteam.pro.

Delete!

4-Phish-Capital One access suspended

As for this SunTrust bank phishing scam, the same is true… No personal information whatsoever. The link points to a website in India…. “.in” is the 2-letter country code seen in the link.

5-Phish-Suntrust bank suspension

What would the week be like without a PayPal phishing scam? Here are three! Can you figure out which one contains a link pointing back to a server in India again? The most clever of the three is the one containing the link to this domain… www.paypal.com.view-login.info.   This domain is cleverly crafted to look like it is for www.paypal.com but it is not! If you have an understanding of FQDN (Fully Qualified Domain Names) you know that the domain is actually view-login with a top level domain of .info. It turns out that view-login.info was registered on December 2, 2015 by someone named “Gins Paperas.” Have a look at the WHOIS record.

6-Phish-Paypal account suspension 7-Phish-Paypal Your account has been limited 8-Phish-Unusual activity in your paypal account

Finally in this week’s Phish Nets column we leave you with an Apple phishing scam as well… “Please verify your iCloud account” with a link pointing back to a clever domain named icloudappleticket.info.

Your Money: Discount Gift Baskets, How to Donate a Car, Free Water Pitcher

“Give Thanks – With a Gift-Basket” How sweet! “Send someone you love a beautiful personalized gift basket” and get scammed in the process. Their domain, saltfair.download, was registered on December 3, the day this email was sent, by a company called Yellow Media, from Cheyenne, Wyoming. According to Bizapedia.com, Yellow Media filed for LLC status in Wyoming on November 23 without listing any company contacts. Also, Google cannot find much else about this company. Still want to buy a gift basket from them?

Have you ever thought to donate a car to charity? This ain’t how…   The email comes from, and link leads to apexnation.download. Guess who registered this domain on December 3? We’ll give you a hint… What color is a canary? According to a WHOIS lookup, it was our friends at Yellow Media! According to DomainBigData.com, Yellow Media has registered a lot of strange sounding domains over the last year or so.

Best to delete!

Finally in this week’s Your Money column we wanted to tell you about a great “free” offer that will likely cost you in ways that will hurt more than your pocket book…. The email came from, and leads to a domain that sounds good, sorta… purifywater.date. This wasn’t from Yellow Media. But the website was registered by someone listed only as nida” from Nagpur, India. We loved nida’s email address… verysmartnida@gmail.com.  By the way, the Zulu URL Risk Analyzer scores the link in this email as 100% malicious.

Now delete!

12-Claim your free water pitcher

 

TOP STORY: Christmas Holiday Scams… Let the Deluge Begin

“Deluge” …A severe flood. …inundate with a great quantity of something. Need we say more? It’s going to be a long 16 days. Best prepare yourselves. Let’s start with this list of emails enticing you to “give your child the perfect gift with a letter from Santa” or other variations like “Personalized package from Santa.”

13-Christmas-personalized letters from Santa list

We got an extra bonus by finding the hidden Yelp reviews in red inside the big red box at the bottom of the next email or in white in the email after that. And the last email didn’t even make an effort to disguise the text! Our readers know that this random text is meant to try to fool the antispam servers.

The lesson here is very simple… Stick with the national and local vendors that you know and mouse-over all links before clicking to make sure they take you to the company domains you expect them to. Want a reminder on mouse-over skills? Here are three from our website…

Mouse-Over Skills Explained (video)

http://thedailyscam.com/mouse-over-skills/

Mouse-Over Skills

http://thedailyscam.com/articles/mouse-over-skill/

iDevice Mouse-Over Skills

http://www.thedailyscam.com/mouse-over-skills-on-i-devices/

14-Christmas-personal letter from Santa

16-Christmas-50 Amazon reward

FOR YOUR SAFETY: Donald Trump, Obama Deadly Curse, eTickets and Invoices

Each of the first two emails below leads to malicious content meant to infect your computer. The first two emails try to entice you to click a link by presenting you with rediculous claims that can’t be true…. Can they? We love the expression on Donald Trump’s face and that alone might engineer you to click, but don’t! Look below at the score from the Zulu URL Risk Analyzer and you’ll see that Zulu finds a redirect hidden on the website “giftlighters.eu.” The redirect sends the visitor to a website called plzentygra.com. According to VirusTotal.com, BitDefender has identified this redirected site as malicious.

 

 

 

18-Donald Trump Zulu score 19-Donald Trump Vtotal

 

 

 

 

There is actually of lot of rediculous information online about “end of days” and appeals to survivalists to buy things to get them ready as described in this article from MSNBC.  The article talks about online preachers like Herman Cain using this madness to sell survival tools to people who buy into their doomsday madness. As crazy as that may seem to most people, that is NOT what the next email leads to. This is another wolf in sheep’s clothing that leads to adware at best, malware more likely. Check out this short discussion on the Apple discussion boards from someone who clicked the link. (By the way… In our experience, anytime someone tells you to watch a “shocking” anything on the Internet, it’s usually not in your best interest to click the link.)

20-Obamas deadly curse

And finally in this week’s For Your Safety column we have a group of short manipulative emails that all have attached zip files. These compressed gems each contain malware that will infect your computer faster than you can say “Saint Nicholas.”

“Below you can find the order details and e-ticket information”

“Invoice from PASSION BEAUTY SUPPLY LTD”

“November Invoice #2324658”

From EZ Pass… “You have not paid for driving on a toll road”

“A copy of our receipt is enclosed”

“Your payment has been accepted, thanks and best wishes”

Definitely delete!

21-American Air e-ticket attached 22-Invoice from Passion Beauty Supply  25-copy of receipt enclosed 26-payment has been accepted 23-November invoice 24-Payment for driving on toll road

 

 

ON THE LIGHTER SIDE:

Our readers know that we’re raking in the money faster than you can sneeze. We’re sure to retire any moment now, especially with the help of these two benevolent strangers who contacted us.

 

27-I trust you to do business

 

 

28-Help receive huge amount of money

 

 

 

 

Until next week, (unless we retire), surf safely!