THE WEEK IN REVIEW
So much to tell you! Let’s start with the fantastic news that came out last Thursday… Western Union was fined $586 million dollars by the US Government for “willfully failing to maintain an effective anti-money laundering program.” (Read the story on NPR.org.) As a result of their model to put profits over protection, thousands of Americans were scammed out of millions of dollars. Kudos to the Justice Department for taking action! Let’s hope that Western Union, and other money transfer companies will now step up their protection of people who use their services. If you have been a victim of fraud that involved wiring money through Western Union, report it to the DOJ website. You may be entitled to compensation.
Also last week, the FBI released a Public Service Announcement about advance check scams targeting college students titled “Employment Scam Targeting College Students Remains Prevalent.” We’ve been writing articles about these scams for more than two years. Better late than never.
Previously we’ve mentioned that TheDailyScam.com is routinely under attack by the criminal gangs whose tricks we try to expose. Here is a glimpse of the probes and attacks that targeted our website just last week alone. It’s comforting to know they don’t like the things we say. (Readers should note that an attack, hack or probe blocked from one country might have originated in another country.)
Not only was the inauguration of our 45th President big news, huge, but the increased legalization of marijuana (or the decriminalization of it) was also bigly in 2016. And so these next scams should not be a surprise. A malicious email disguised as a “limited edition Donald Trump coin” as well as blasts of malicious emails all last week promoting cannibis products were common. Evidence in Google suggests that the emails promoting the fake Trump coins were fired at netizens using the Internet gun “fakemailgenerator.com.” (This site should be shut down! Read our top story “Leaving a Gun on the Coffee Table” from November 16.) The domain, bonolovoo.com, used in the Trump coin scam was registered by a “James Wilson” on the day the email was sent and is being hosted in Ortisei, Italy. A screenshot of Bonolovoo.com on January 20, 2017 looks like it wants readers to think it is the satirical website cheezburger.com, but it is not!
Sample Scam Subject Lines: $500,000 Term Life Coverage starting under $16 a month A very special invitation for women only… Address Needed: Your shipment is on hold Cops use these – 1 Tool everyone should have! Get a date with the hottest Asian women! Get Instant Relief from THIS! Get Your Free ADT Monitored system and receive a Free Visa Gift Card from Protect Your Home Make money with your woodworking skills New Message from Home Depot Windows OMG! 143 Million Americans Didn’t Expect This… Plan for the future with your will Power Companies Caught Red Handed Search Business Class Fares Options
Sample Scam Email Addresses BarkBoxPartner@logjunkie.stream BirthControlMethods@loggiant.stream Business.Class.Airfare@sufficient.resortw.us christian_group_society-[YOUR EMAIL]@formthink.men CoffeeCoupons@loglisting.stream Haven-Life-Team@only.icdebut.us Home-Surveillance-Cameras@receive.bbyjive.us iPadCaseandKeyboard@logprofits.stream Live_Healthy_Digest@solution.ictowel.us NaturalDogProducts@logtiger.stream Reverse-Mortgage-Quiz@ratty.lademix.us subway_eat_fresh_gifts-[YOUR EMAIL]@mixedbagedesigns.com UsedCars@logreach.stream
It’s so important to read carefully and mouse-over links before clicking them. Take this smelly phish sent from the email address ingofpuf @mofogo.com. It wants you to think it came from Facebook about “4 unread messages” waiting for you. But the link “Go to Facebook” points to a WordPress website named rentalmobilmanadoblessing.com. This site was registered by a “ghana al mulki” from Indonesia and is being hosted in India. Roll eyes, then delete.
Phish NETS: Facebook
Wouldn’t you love up to 85% off your toner ink supples? We certainly would! But, once again, this is not the special we hoped it would be. This has nothing to do with the legitimate site 1ink.com. The email’s from address and links all point to the newly registered domain asetrs.us. This domain was registered by “shweta sharma” from Khandwa, India on January 13.
This next scam came from one of our readers. Notice that the “name” before the email address is “Thank-you-Amazon” but the from address is a user named ogenamaliaui at Gmail. This is not an advertisement or promotion from New York or Homofresh Dehomes in Colorado! The links point back to a webserver in Germany, pmortzedas.dyn-vpn.de. A search in Google shows a link to the German domain, followed by the odd text “We’re young again and need some special attention. We’ll work out every quirks that you might encounter.” A big, fat delete!
Interest in Lyft and Uber has exploded in the past year so it isn’t surprising to find this bogus email ad looking for Lyft drivers. “See How Much You’ll Bring Home.” “Earn up to $35/hr driving with Lyft.” But the email came from, and links point back to, the odd domain qggromp.us. This domain was registered on the day the email was sent by a “Thomas Pregst” from Crillon, France. Does this sound like the San Francisco corporate headquarters of Lyft? You know what to do.
YOUR MONEY: Ink & Toner Sale, Amazon Gift Card, and Drive with Lyft
Do you get robo-calls? If you are like us, you probably get them every week and sometimes multiple times each week. And, if you are like us, you’ve probably registered your phone with the National U.S. government website called DoNotCall.gov. If only the scammers would pay attention to this call list but they don’t play be any rules, as we all know.
You have several choices available to you when unrecognized calls come in, especially from out-of-state numbers and in-state numbers you don’t recognize. Let’s look at the options… “You have 1 new message” “Call me when you’re online…” This looks a lot like an email from Facebook, though it doesn’t contain any reference to Facebook. Criminals send these bogus messages periodically as another type of social engineering gimmick to produce a click. Mousing-over the link “View Post” shows that it points to a website in Argentina (2-letter country code = .ar
But in this odd-ball case, what you’ll find at this destination is a phony Canadian Pharmacy site. We asked shrinktheweb.com to retrieve the web page waiting at the other end of this link. Don’t get too excited about that “Erection pack” special though. Look below at VirusTotal’s evaluation of this link and then ask yourself how eager you are to give them your credit card info or trust that the “drugs” you are buying are safe or even real.
TOP STORY: Robo-Calls and Random Messages
FOR YOUR SAFETY: Get Approved in Minutes, USPS Delivery Notice, and Settlement
“Get Approved in Minutes” for loans up to $1000. But the only explanation offered is a shortened link through tinyurl.com. Criminals often use shortened links to hide where they really send you. We used Unshorten.it to discover that this loan link will send you to a country that has been in the news a lot lately. Take a look below at the 2-letter country code. Obama had no love for their leader but Trump has begun a lovefest with him. We can guarantee this link is 100% malicious and wouldn’t trust it one bit, like the country’s leader.
“USPS issue #05176315: unable to delivery parcel” says this email from France. Do you think scammer’s first language is English? The attached zip file contains malware.
Ouch.
This next email looks like it came from a law firm about a settlement. “Josh just signed the contract but your signature is required as well.” A mouse-over of the link “Contract #4848186” points to a website in a far away distant land that was once considerd a military quagmire. Figured it out yet? This link is still a landmine.
Avoid clicking.
ON THE LIGHTER SIDE: Money Laundering?
How exciting! We’ve been invited to help launder more than six million dollars for Mr. William KOMO, a banker somewhere in the world. We’re not sure where because the email came from an address in Brazil but he’s asked us to contact him through Yahoo in Canada. No matter. He’s assured us this exchange is risk free. Wish us luck!
From: pos@emescam.br
Time: 2017-01-19 14:53:25
Subject: Greetings,
Hello Dear,
I am Mr.KOMO a banker, I have emailed you earlier on without any response from you. In my first email I mentioned about our deceased customer whose relatives my Bank cannot locate to claim his estate.
I got your address from online directory service and decided to write you. I am asking for your consent so that I can present you to my Bank Management as the next of kin to the late customer account proceeds value (Six Million Five Hundred Thousand United State Dollars) to be transferred into your account for our mutual benefit.
At the successful transfer of this fund, we shall share the fund on a pro rata based percentage am compelled to do this because I do not want my Bank to take over the ownership of this fund.
If you are interested and in agreement with me, get back to me quickly and I will send to you all the information you may need to proceed without coming to the Bank, and be rest assured that it is risk free project.
I look forward to your reply: wmwkomkk.kmom@yahoo.ca
Yours faithfully,
WILLIAM.
Until next week, surf safely!