THE WEEK IN REVIEW
Last week our Top Story was about a rise in “sextortion scams.” We even showed readers that Doug and David received seven extortion emails claiming to release an embarrassing video that we know doesn’t exist! True to the scammer’s word, 72 hours after we received the first extortion threats, the “anonymous hacker” sent us a follow up email with his “last warning” to ruin our social life if we didn’t pay up. However, if you read the “PS” at the bottom of his email, you’ll see that he was kind enough to give us a 48 hour extension! How very kind of him, we’ll take it!
Our readers know how important we believe education is to help you reduce our online risks. This education also includes staying informed about the ways that your email and passwords have been captured and misused. The best online resource collecting data about known security breaches and enabling visitors to search the data is the website called “Have I Been Pawned?” We strongly recommend that you visit this website and enter all of your email addresses to see if they have ever been “pawned.” If so, the website will tell you what it knows about the data breach, including whether or not passwords had been captured, when it happened and what some of the risks may be.
[hr_invisible]
[hr_invisible] “Dear User. We are unable to verify some of your information” This phishing email for JPMorgan Chase account holders is pretty lame! In fact, it was so obviously a scam that the website hosting the phishing page was taken down within a few hours after the email came out. The link associated with “UPDATE” points to a link-shortening service. We couldn’t see the final destination because it was removed so quickly. We wish all phish were this stupid. Speaking of stupid… It appears to us that the criminals who sent this next malicious email disguised as an AT&T notification completely forgot to alter the link that they intended victims to click! The link is a legitimate one pointing correctly to ATT.com. And yet, if you look at the FROM address and read the email itself, there is no doubt that it wasn’t created by AT&T Support. [hr_invisible]
Phish NETS: JPMorgan Chase Bank and ATT Services
Apparently, we subscribed to an “Adult Dating list” according to an email sent to us! Part of the mystery here is that we have no idea what dating “list.” This email confirmed our subscription by providing our email address and a first name as proof! How clever of them. We can stop receiving these emails by clicking the BIG BLUE BUTTON “unsubscribe here.” We’re not quite sure what their game is but we know enough not to click the unsubscribe button. According to the behind-the-scenes coding, clicking that button will send a reply to the following email addresses around the world… Roba “@” trendsmap.com (Hosted in Australia)
Roba “@” autopartsonline.de (Hosted in Germany)
Roba “@” etitudela.com (Hosted in France)
admin “@” woodhouseclinic.co.uk (Hosted in the United Kingdom)
admin “@” transformsupport.co.uk (Hosted in the United Kingdom)
admin “@” record-electrical.co.uk (Hosted in the United Kingdom)
admin “@” oxfordenglishexperience.co.uk (Hosted in the United Kingdom) [hr_invisible]
[hr_invisible]
YOUR MONEY: Confirmation About Your Subscription to Adult Dating Site
One of the most important skills to help you stay safe online is to pay attention to details! This includes noticing when those details don’t add up, or make sense. For example, we’ve seen cybercriminals misspell domain names in their effort to trick people with look-alike domains. Or they create domain names that “sound” official, but are not. Here are a few examples… Amricanexprss[.com] Paypai[.]com Apple-authorize[.]info Myappleid-secure[.]com We wanted to present you with a small challenge this week, and hope you have fun at the same time. What follows is a very obvious scam email claiming to represent the multinational telecom company known as MTN. It informs the recipient that she or he has been selected to win $7 million U.S. dollars as part of a 2019 promotion. Read the email closely and critically. How many “red flags” (suspicions) can you cite because things don’t “add up” or make sense? We count twelve! No doubt, some of our readers will find more. Our dirty dozen are listed below. If you find others we missed, please share them with us by emailing them to spoofs@thedailyscam.com. I spy with my critical eye, the following suspicious things that have gone awry… A footnote to this exercise in critical reading skills… We sometimes notice that cybercriminals will try to obfuscate a link by making it so terribly long it will not display properly when the recipient mouses over it. We’ve seen some really long links, including some with redirects hidden in them. But the link in this email exceeds anything we have ever seen before! Mousing over the link for the Wikipedia article, we discovered that it consists of 88,460 characters! Here is an image showing just the first couple of hundred characters:
[hr_invisible]
TOP STORY: Do You Pay Attention to Details?
[hr]
FOR YOUR SAFETY: Your FedEx Tracking Number and Critical Update Available
And while we’re on the topic of “paying attention to details” check out these next two emails. Both lead directly to a malware infection! The first may say “here is your FedEx tracking” but it clearly didn’t come from fedex.com. A mouse-over of the tracking number in this email shows that it points to a website that appears to be for a business called “Morgan Manufacturing.” However, this is not the real website for Morgan Manufacturing. And waiting for you at the end of that link is some nasty malware!
This next email claims to represent Adobe software but is far from it! It came from a domain in the European Union with links pointing back to that malicious domain. This is clickbait to have you install malware disguised as Adobe flash software.
Just delete!
Until next week, surf safely!