Please support our effort by making a small donation. Thank you!

x

January 18, 2015

One of the many ways we know that the holiday season is over is that the number and variety of scams targeting people rises sharply after January 2nd. Here are just a few of the headlines we’ve seen during the past week…

Advance fee scams

Anti-aging products

Auto repairs

Auto insurance & warranty

Control blood sugar

Chipotle gift cards

Diabetes was cured again!

Diets

Eliminate wrinkles

Hair loss / restoration

Home alarm systems

Job offers

 

Learn a new language

Melt fat away

Outback gift cards

Reverse tinitus

Stop chronic nerve pain

Warning signs of memory loss

 

With so many to pick from it was difficult to decide on our choices for this week’s newsletter. Here are the runners-up….

The first scam targets E-Z Pass users. Many of us who live in the busy corridors of the United States have an E-Z Pass for tolls, which explains why these scams are increasing in frequency. (Read more about these scams!) Thankfully, a simple mouse-over identifies that this email doesn’t point to any official E-Z Pass service at all but to a domain a company in western France that installs roofs.

What season follows the holidays? TAX SEASON! The second scam below is just the tip of the iceberg for what is to come. (Several more tax scams are listed in our Scam Collection on Finances.) The final runner-up is meant to appeal to those of us who can’t resist a good celebrity knock-down! But the only one getting knocked down is the person clicking the link since it leads to a malware site. Notice the white-on-white text below the pink button “Photos released – see them here.” It’s meant to try to trick anti-spam filters into thinking the email is legitimate.

1-EZ Pass Invoice

 

 

 

 

 

 

2-Tax scam

 

 

3-Golden Globe backstage naughty photos

 

 

 

 

 

 

 

 

Phishing 101 – Baited, Hooked and Caught

During the past week we saw a wider variety and volume of phishing scams. Phishing scams are tricks designed to make you think you are logging into a personal account (Apple, email, bank, credit card, etc.) when, in fact, it is a fake website created to capture your login credentials and other personal information.

Here is an email that appears to be sent from mail@id.apple.com, a legitimate Apple email address with the subject line “iTunes Alert.” However, the email address has been spoofed (Read about spoofing). A mouse-over reveals that the link points to a website in Germany. In the domain “mentavit.de,” .de is the 2-letter country code for Deutschland.

To show you how sophisticated these scams appear, we clicked the link of another Apple phishing scam and screenshot the webpage that the link sent us to. These scams look VERY authentic but look at the link in the web browser telling us where we are on the Internet…

4b-Phish Apple

(We informed the owners of HeftPathology.com that their webserver had been hacked.)

Here is an email sent to us by one of our readers this past week…

4c-Phish Google Drive & Malware

Notice again what a mouse-over of the link “google drive” revealed. However, before you let your curiosity go exploring or pursue your desire for genuine Italian foods, think again. The website “genuineitalianfoods.com” is a scam site and the Zulu URL Risk Analyzer informed us that this website is also hosting malware ready to infect computers. Here is Google Drive phishing site (without malware on the site) that came from another Google Drive phishing email…

4d-Phish Google Drive

Again, look how sophisticated and authentic the login page appears. But look at the URL in the address bar! (We also informed Tac-Pave.com in Australia that their webserver had been hacked.)

Phishing 201 – Trolling for Dollars and Cents

If you open each of these two thumbnails you’ll find two nearly identical phishing emails for HSBC bank but the scammers made a big mistake. They didn’t disguise the links. We certainly hope that anyone who happens to have an HSBC account would not click these links because they lead to CoolKidsLearn.com and ApexBiotech.com. The former is a legitimate site that was hacked (We informed them.) while the latter is EXTREMELY suspicious and likely a malware site. We say this because Google’s single link to the website is very suspicious, the website ownership is hidden behind a paid proxy service, and the Zulu URL Risk Analyzer has identified the site as blacklisted by online safety authorities.

For ApexBiotech.com’s listing in Google, notice the grammatical errors in the site description and lack of a proper title or other web pages:

 5c-Phish link to ApexBiotech

By contrast, here are two very well constructed phishing emails targeting customers of Barclay’s and Lloyd’s banks. The Barclay’s scam email even comes from an address that sounds legitimate “barchelp.co.uk” and leads to the domain “barc-help.uk.” (“.uk” is the 2-letter country code for United Kingdom. Read our article about 2-letter country code scams!) The Lloyd’s Bank email is very well crafted but a mouse-over still reveals the truth that the link doesn’t lead to Lloyd’s bank but to a shady website in India called OnlineDegreeIn.net.

To learn more about how these phishing scams operate, read our January featured article Anatomy of a Phishing Scam.”)

Windbags or “Much Ado About Nothing”

These next two scams have lots of information but what are they really saying? The email from “Kathryn Herron” from Wells Fargo sure looks official but what does it really say? Does it identify the recipient by name or account number? No. In fact, it comes from a popular website and email service in Russia! (mail.yandex.ru where .ru is the 2-letter country code for Russia.) The attached compressed files “Important_Documents.zip” contain infecting malware. Just delete!

Just delete, delete, delete!

The subject line for this next email sure got our attention… CONTACT HIM NOW! (Caps as if shouting at us!) But for someone who claims to work at the United Nations, Mr. or Ms. Tarullo’s English, grammar and sentence structure sucks. This is nothing more than an advance fee scam and not a very sophisticated one at that.

7-Advance fee

Delete!


One final note… We’ve decided to quit our day jobs and work as freelance market researchers! Careerbuilder.com sent us the email below and we can’t wait to begin! The link points to a bunch of numbers called an IP address. We used IPChecking.com to look it up and discovered that we’ll be going to Argentina! Wish us luck!

 

 

Surf safely!