January 18, 2017


The inauguration is almost here and, surprisingly, nearly all malicious emails with Trump as the subject have disappeared! Not what we would have guessed.  Too bad the criminal gangs continue to target diabetics and others who hope for some relief from their health issues…


Criminals continue to use legitimate products as tricks to engineer a click to malicious websites such as this service called iMemories.  The legitimate service can be found at iMemories.com but the links in this email lead to the domain chemtechsource.net, which was registered by “DOMAIN ADMINISTRATOR” from the very abused address of 2885 Sanford Ave., Grandville, Michigan.   Long time readers of TDS know that this address is a front for criminal misuse.  New readers can read the Top Story of our November 23, 2016 newsletter to learn more.



One of our readers sent us a screenshot of a very strange text that appeared to be a malicious social engineering trick.  Turns out it was a trick alright, but not malicious.  It appears to be a deceptive marketing trick by an app called Monkey-something-or-other-we-don’t-want-to-promote.  Others talking about the same spammy tactics on “800Notes.com” (See Dec. 9, 2016 entry).


Block ’em, Dano.

Sample Scam Subject Lines:

1 Tip to Lose 17lbs in 30 Days

104 Year Old Witty And Spry Neuroscientist Reveals The Bizarre Trick To Mental Youth…

Address Needed: Your Shipment is on Hold

Covered Repairs on Us + 1st Month Free!

Final Notice. Your Funds are Available. 21309119

Financial LOCKDOWN coming to your Bank!

It’s Free to Review Your Matches on eHarmony

Long-lost Navajo remedy restores hearing in 14 days

Monthly curated natural toys and treats for your pup

Priest discovers ‘free electricity’ secret

Rates won’t stay this low. Refi now. Don’t miss out.

Sharing Memories is Now Possible.  What Are You Waiting For?

The eyecare companies HATE this woman!


Sample Scam Email Addresses




efficientwindows-[YOUR EMAIL]@com-endorsement.com

glasses-usa-[YOUR EMAIL]@stfuandcoexist.com

endingtree-partners-[YOUR EMAIL]@mp3wpdl.com






save_your_family_memories-[YOUR EMAIL]@chemtechsource.net







Phish NETS:  Ebay Gift Certificate, iCloud Account, and Netflix Membership

You actually have to search carefully to realize that this “Certificate Status” email is meant to be a phishing attack against Ebay users.  “Dear Customer, Your gift certificate has been purchased, but the order is not yet complete…”  While it is crystal clear that the link “Gift Certificates link” doesn’t point to Ebay, we want readers to see that the link points to a hacked WordPress website of someone who speaks Portuguese.  But the hacked website contains a hidden redirect that will then forward you to a very malicious website identified as portal-d.pw





This next email, which came from Germany (.de = Deutschland) with the subject “Account-Alert,” wants you to believe it concerns your iCloud account.  Fortunately it is laughable.  “your iCloud will be permanently Frozen. > login now”  A mouse-over easily reveals that the link does not point to Apple.com but to sromasry.com (a website written in Arabic.) Mouse-over skills are critically important.  You can learn more about them from our video and article at TDS.com.

Just delete.





“Your Netflix Membership has been suspended [#236422]” “During a routine check of your account we have failed to validate the billing method we have on record for your account.”  This is a very clever phishing trick to separate you from very personal financial information.  The link for “Continue >>” leads to the domain response-net1.com, not netflix.com.

A big fat deeeeleeeete!



YOUR MONEY: Get Any Degree, Winning Lottery Tickets, and Restore Your Vision

We found this email from bvjoulq @akis.at, with subject line “You have the experience now you need the Degree to go with it!” to be very interesting for the simple fact that it contains no links whatsoever.  “Get any degree in 5 weeks with our program!”  “Call us for a FREE PRIVATE consultaion!”  They invite recipients to call 206-428-1982.  It seems odd that this esteemed offer should come from an email address located in Austria, doesn’t it?  “.at” is the 2-letter country code for Austria.  Hmmmm…. So little to  to evaluate…. If we search for the telephone number we find only 2 references to a degree scam at ScamNumbers.info and then a spam email identified at Discard.email (a trash email service). And finally, decreasing the credibility of this pitch even more, we find that when we search for the phrase “Is your lack of a degree holding you back from career advancement?” there are frequent references to spam from around the Internet.  As if all this isn’t enough to convince you that this is baloney, check out their spelling of the word “Bachelor” in the last line of this email.


In our January 4 newsletter  Your Money column we mentioned malicious emails pretending to offer tips on how to beat the lottery system.  These are just another social engineering trick to manipulate your clicking behavior to malicious ends.  Check out this deluge of these emails that hit one of our honeypot accounts recently….


This next piece of baloney with the subject “RESTORE your Vision without surgery” has links pointing back to the domain menkot.us. As you can guess, it was registered on the date the email was sent by someone named “shweta sharma” from Khandwa, India.  Any email sent from a domain that is very recently registered is almost always fraudulent or malicious.

Just delete.



TOP STORY: You Think Your Life Is Private?

We need to have a come-to-Jesus moment with our readers.  Let’s be honest.  Do you believe that you have privacy while using the Internet, your smartphone or any home device connected to the Internet?  If you answered “yes” then you may need a personal intervention.  This week’s Top Story is meant for you.


Doug recently had a conversation with a woman we’ll call “K” about an unexpected experience that felt very creepy to her.  K recently purchased an iPhone 6 with the newest iOS software version 10 on it.  The phone was nearby in the room but not actively “on.”  K was talking with her young daughter about new Ked’s shoes for girls that her daughter wanted to buy.  Sometime later she opened the Words with Friends game app on her phone and the first advertisement that came up was Ked’s shoes for children.  She had never seen a Ked’s ad before on her phone and says that she hasn’t seen it in the weeks since.  Coincidence?  We wondered about that ourselves.  Here’s what we learned according to a story posted in Business Insider in September, 2015

  • Beginning with the iPhone 6, Siri is always listening to you
  • iPhone users only need to say “Hey Siri” to engage with it; in previous iPhone versions the user had to hold down the home button to engage (except when the iPhone was plugged in to a power outlet and charging, in which case Siri could be activated by voice).
  • Though Apple has not confirmed, or denied that Siri gathers information as it listens, the licensing agreement is so broad, according to Bruce Schneier, a fellow at the Berkman Center for Internet and Society at Harvard Law, that owners have given that right to Apple.

In March, 2015 the Hacker News broke a story informing readers that Apple admited to sharing data gathered through its devices with third-party companies.  In other words, advertisers.  The Hacker News article quotes someone who claims to have worked for a company that Apple hired to interpret the voice data it collected.  Feel a bit creepy?

Do you have Adobe Flash or Acrobat Reader installed on your computer?  Most people do.  And if you do you should know that these Adobe products have a history of horrible security defenses that make up their code.  These poor qualities are frequently exploited.  This is just one of the reasons why Apple decided to ban the installation of Adobe Flash on the iOS of iPhones and iPads.  You can read more about that controversy on Wikipedia but that is not the concern we want to bring to your attention.  Last week Adobe released yet another security update for Adobe Acrobat and something very strange occurred to many Windows computer owners who installed it and also have Chrome as their web browser.


Adobe’s newest update was also found to install an extension into Chrome on Windows computers. (Apple Mac owners are not effected by this…. yet.) The extension may copy your browsing history and transmit it to Adobe for their own data-gathering purposes.  That means your browsing history, and who knows what else, may be quietly collected and sent to Adobe for analysis. We cannot say for certain if Adobe is, in fact, doing this, but apparently it can.  Given the history of frequent offensive corporate behavior regarding our privacy, we believe it is likely.  This recent article from Bleeping Computer offers a more detailed report about this shockingly bad corporate behavior.

Did you hear the one about the 6-year-old who ordered a $170 dollhouse from Amazon by simply saying to the computer “Can you play dollhouse with me and get me a dollhouse?”  We’re not making this stuff up people.  On January 4, 2017 little Brooke Neitzel managed to order both the dollhouse and 4 lbs. of cookies by speaking her wishes to the family’s new Echo Dot –a new hands-free, voice-controlled computer from Amazon that is always listening and waiting to respond to your questions.  Check out the details about this gaffe on CNN.com.


Think we’re overreacting on this?  The ACLU doesn’t think so and just published an article titled The Privacy Threat From Always-On Microphones Like the Amazon Echo Apparently the Arkansas police are seeking audio records from Amazon to investigate a crime that was committed in the presence of an Echo.  This cuts both ways.

During the past year there have been many articles and reports expressing security and privacy concerns about the “Internet of Things” (IoT).    IoT refers to household devices and their Internet connectivity such as a baby-monitors that allow parents to connect across the Internet and check on their child, or a home security system that reports to home owners remotely, or televisions that enable the owner to call out commands and connect to Netflix, or children’s dolls that connect to a company’s server across the Internet.  These two articles from US News and Business Insider do a good job of articulating these concerns:

The Privacy, Security Risks of the Internet of Things

How the Internet of Things Will Affect Security and Privacy

Own an iPhone?  Unless you have dug deep and turned off this feature, every iPhone can report every location it has ever been for the past few weeks or months.  Check out these articles from Business Insider and LifeWire.com

There’s a Hidden Map in Your iPhone of Everywhere You’ve Ever Been

How to Find Your Location History in Google Maps or iPhone

The bottom line is this…  “Internet privacy” is an oxymoron.  It simply doesn’t exist for normal folks.  And yet, we should all work hard to combat this trend toward decreasing personal privacy that appears to exist just for the sake of marketing and sales by corporate America.


FOR YOUR SAFETY: I Need Your Suggestions and You Received a New eFaxd

“Dear friend! I need your suggestions about my latest work so please read my article…”  The link provided leads to a subdomain of a photographer’s website.  Nothing harmful there except that the Zulu URL Risk Analyzer found a single small redirect that sends the visitor to another very malicious website in the Netherlands! Ouch.





We have seen malicious emails such as these disguised to look like eFax messages.  But they are important to mention again because they seem so legitimate.  The link in this one points back to a malicious website in the Philippines. (2-letter country code = .ph)  Below you’ll see that criminals targeted a user’s email inbox with many of these eFax emails in just 15 seconds.





Microsoft must be incredibly altruistic!  We often hear about their good deeds such as these Microsoft Lottery results for 2017.  And guess what?  We’re one of 7 lucky winners!  OMG!  Although we wonder why Dr. Susan Williams, the Microsoft Corporations Lottery Co-ordinator, doesn’t have an email address at microsoft.com.


From: teste@dinamicamcp.com.br
Time: 2017-01-09 16:11:50



Microsoft Corporations International Lottery Office,

Manchester England.


Microsoft Corporations announced you as one of the 7 lucky winners of the ongoing Microsoft Corporations lottery Award of the Year Held this month. All 7 winning email addresses were randomly selected from a batch of 800,000,000 international emails each from Canada, Australia, United States, Asia, Europe, Middle East, Africa and Oceania as part of our international promotions program which is conducted annually, consequently, you have been approved for a total pay out of TWO MILLION FIVE HUNDRED THOUSAND UNITED STATE DOLLARS (USD$2.5M).

This Lottery was promoted and sponsored by a conglomerate of some multinational companies as part of their social responsibility to the citizens in the communities where they have operational base.

Further more your details (e-mail address) falls within our Branch office here in Manchester England, as indicated in your play coupon and your prize of (USD$2.5M). will be released to you from this main branch office of  Microsoft Corporations Manchester England.

We wish to informed you that your fund has been approved and insured in your name as well as ready for delivery.

These are your winning identification numbers.

Ticket number…………………679-568-9228
Serial number…………………..37016
Lucky number……………….56-34-13-00
Ref number……………….MSCB4900

To begin your lottery claims, Please contact our Microsoft Corporations Lottery Co-ordinator as follows;

Fullname:   Dr. Susan Williams
E-mail: susanwilliams_2007@rediffmail.com

You are to send the completed verification form below to the co-ordinator whose email address is given above so that you will be advised on what to do to get your prize money.

Congratulations once more!!

Full Name:……………….
Country Of Origin:…………
Present Address:…………..
Date Of Birth:……………..
Telephone No:…………….
Ticket and Lucky No:…….

NOTE: In order to avoid unnecessary delays and complications, please remember to quote your reference and batch numbers in all correspondences with us, Furthermore, should there be any change of address, please do inform our Co-ordinator as soon as possible.

An original copy of your lucky winning ticket and your deposit certificate will be sent to you by Lottery Administrative Remittance Operation.

We wish you continued good fortunes.

Yours  Sincerely.
Mrs. kirsten kempkes

Head of Publications Department, Microsoft Corporations Online Promo.
Copyright! 2015-2016 The Microsoft Corporations England.


Until next week, surf safely!