Please support our effort by making a small donation. Thank you!


January 25, 2015

Last week we welcomed tax season by showing just one tax scam and predicting an avalanche to come. And, as predicted, this week the tax scams have increased! For no particular reason we can explain, we’re also seeing an increase in the number of scam emails that have malware files attached to them and the recipients are asked to download these malicious files. However, since the holidays are long gone there seems to be a significant decline in the gift card scams. There’s always a silver lining somewhere.

But before we dig in, here are a few items of interest… The first is a text sent to us by one of our readers. No link to click, no file to download… Just a simple hello. Though we aren’t sure what the “game” is, we are certain that it can’t be good for the recipient to respond. Notice the very strange sender’s address at the top of the text and the poor English. Best to delete. (Send your scams to The second thumbnail below shows a list of 22 malicious emails sent from various hacked email addresses all saying that they are from the same person “From Franc…” Each contains a malicious link and the recipients know the person named in the subject line. We wrote extensively about this social engineering trick last fall (the trick began early last Spring). Read about it here. Finally, the third thumbnail shows a bogus email from “” with an important employee document. The link points to a free web-hosting service called

 3-Employee documents

Just delete!





Got Tax Problems? We Can Help

And if you believe that, we’ve got land to sell you in Atlantis. Actually, its scams like this one that give us hints about the personalities of the scammers. We think some of them actually have a sense of humor. No really! Look at the email address and the domain name that was used. “” We think that one scammer bet another scammer that he could get people to click the link to this web page and he….(drum roll) bet beer on it!

A search for this domain in Google shows that a WordPress site was installed last fall but nothing more was done. No information. Nothing about beer or anything else:



A WHOIS look up of the domain shows that it was registered by someone from Hungary and hosted on a server in Paris, France. (We hear that Hungarians are good with U.S. tax laws.) Notice the random text after the ad meant to fool antispam filters.

4b-Tax Debt settled








We love the great family photo in this next tax scam and the nice touch by adding “As seen on…” Even though a WHOIS look up shows that the owner of this domain,, is hidden behind a private proxy service (WhoisGuard in Panama), we learned that it is also hosted in Paris, France like the above scam. However, claims that this domain was registered by Dejan Andelic, another Hungarian! Didn’t we say that Hungarians are good with the United States tax laws?












If It Seems Too Good To Be True, It Is

We wish we had a $1 for every time that phrase applied. The next three scams have that in common. Does anyone really expect to install a widget and then pay absolutely nothing for electricity? By the way… According to Google, there is no website at “” Big surprise. The second scam below in this category comes from “” and claims that a simple trick can improve memory and reverse brain aging by 12 years in a matter of seconds! And finally, in this glorious category of scams is our third place winner…. Perfect eye vision! Normally we wouldn’t click this but we’re so curious to know why this lady is hated so much












5c-Perfect your vision










Speaking From the Heart

Our “gut” says that the same scammer wrote both of the next two email scams. They are so heart felt… “Today I would like to reward you with a very special valuable GIFT from a very good friend.” We don’t know what “Abundance-minded partners” are but even the domain name pulls at our heart-strings… “” Though this domain was purchased a few years ago, Google shows nothing there…


And a WHOIS lookup shows that the domain was registered to an organization called the “Department of E Inc.” We’ll pass


 The second scam in this category speaks to all “concerned Americans.” That’s us! Apparently a CIA Whistleblower wants to share a shocking video with us because he loves America so much. The Zulu URL Risk Analyzer can’t find anything wrong with this link but it smells nonetheless. We’ve seen LOTS of emails warning us that the “video is shocking” and they all ended badly for the person who clicked the link.

Best to delete!

6c-Dear Concerned American







Finally, we wanted to leave you with a throw-back to the days (3-4 years ago) when people’s email accounts were being hacked by the hundreds and the scammers were pretending to be the account holder and telling friends they had taken a quick trip to London and got mugged. They lost everything! Send money to help pay their bills! I guess the scammers finished their vacation in London and have moved on to the Phillipines. We’re headed to our nearest Western Union right now to help. See you next week…





Surf safely!