January 30, 2019

THE WEEK IN REVIEW

Last week our Top Story was about a rise in “sextortion scams.”  We even showed readers that Doug and David received seven extortion emails claiming to release an embarrassing video that we know doesn’t exist!  True to the scammer’s word, 72 hours after we received the first extortion threats, the “anonymous hacker” sent us a follow up email with his “last warning” to ruin our social life if we didn’t pay up.  However, if you read the “PS” at the bottom of his email, you’ll see that he was kind enough to give us a 48 hour extension! How very kind of him, we’ll take it!

 

Our readers know how important we believe education is to help you reduce our online risks.  This education also includes staying informed about the ways that your email and passwords have been captured and misused.  The best online resource collecting data about known security breaches and enabling visitors to search the data is the website called “Have I Been Pawned?”  We strongly recommend that you visit this website and enter all of your email addresses to see if they have ever been “pawned.”  If so, the website will tell you what it knows about the data breach, including whether or not passwords had been captured, when it happened and what some of the risks may be.

 

[hr_invisible]


[hr_invisible]

Phish NETS: JPMorgan Chase Bank and ATT Services

“Dear User. We are unable to verify some of your information”   This phishing email for JPMorgan Chase account holders is pretty lame!  In fact, it was so obviously a scam that the website hosting the phishing page was taken down within a few hours after the email came out. The link associated with “UPDATE” points to a link-shortening service.  We couldn’t see the final destination because it was removed so quickly. We wish all phish were this stupid.

 

 

Speaking of stupid…   It appears to us that the criminals who sent this next malicious email disguised as an AT&T notification completely forgot to alter the link that they intended victims to click!  The link is a legitimate one pointing correctly to ATT.com. And yet, if you look at the FROM address and read the email itself, there is no doubt that it wasn’t created by AT&T Support.

 

[hr_invisible]

[hr_invisible]

YOUR MONEY:  Confirmation About Your Subscription to Adult Dating Site

Apparently, we subscribed to an “Adult Dating list” according to an email sent to us!  Part of the mystery here is that we have no idea what dating “list.” This email confirmed our subscription by providing our email address and a first name as proof!  How clever of them. We can stop receiving these emails by clicking the BIG BLUE BUTTON “unsubscribe here.”

We’re not quite sure what their game is but we know enough not to click the unsubscribe button.  According to the behind-the-scenes coding, clicking that button will send a reply to the following email addresses around the world…

Roba “@” trendsmap.com (Hosted in Australia) Roba “@” autopartsonline.de (Hosted in Germany) Roba “@” etitudela.com (Hosted in France) admin “@” woodhouseclinic.co.uk (Hosted in the United Kingdom) admin “@” transformsupport.co.uk (Hosted in the United Kingdom) admin “@” record-electrical.co.uk (Hosted in the United Kingdom) admin “@” oxfordenglishexperience.co.uk (Hosted in the United Kingdom)

 

[hr_invisible]

[hr_invisible]

TOP STORY: Do You Pay Attention to Details?

One of the most important skills to help you stay safe online is to pay attention to details!  This includes noticing when those details don’t add up, or make sense. For example, we’ve seen cybercriminals misspell domain names in their effort to trick people with look-alike domains.  Or they create domain names that “sound” official, but are not. Here are a few examples…

Amricanexprss[.com]

Paypai[.]com

Apple-authorize[.]info

Myappleid-secure[.]com

We wanted to present you with a small challenge this week, and hope you have fun at the same time.  What follows is a very obvious scam email claiming to represent the multinational telecom company known as MTN.  It informs the recipient that she or he has been selected to win $7 million U.S. dollars as part of a 2019 promotion.  Read the email closely and critically. How many “red flags” (suspicions) can you cite because things don’t “add up” or make sense?  We count twelve! No doubt, some of our readers will find more. Our dirty dozen are listed below. If you find others we missed, please share them with us by emailing them to spoofs@thedailyscam.com.

 

I spy with my critical eye, the following suspicious things that have gone awry…

  1. I’ve won $7 million dollars and the best they can do is address me as the “owner of the email address?
  2. The sender claims to represent the company MTN but her email address is from a yahoo account, not a MTN.com account.
  3. Again, I am not addressed by name, just “Dear Lucky Recipient.”
  4. Don’t you expect the English in this email to be flawless?  “…you was selected by your email address” (We count 15 grammatical errors, errors of punctuation or capitalization, as well as awkward English.)
  5. The only link on the page, identified as Wikipedia, leads to the email service Yandex.com.  According to this REAL Wikipedia page, Yandex is a Russian company offering internet products and services across Eastern Europe, Russia and Africa, such as free email service.
  6. Isn’t it odd that the “Head of Department” (what department?) at MTN is a Reverend? … Rev. Fred J Williams.  Is he done tending his flock, or does he have to work two jobs to make ends meet?
  7. The email address for Rev. Williams in not an mtn.com account, but a Yandex account again.  Also, it is a very peculiar email address name… “file.officefile2016”
  8. Why provide a Post Office Box for Rev. Williams but no other address information?  Not even a city or country!
  9. It is not the business of the FBI to “investigate” any promotion or award to determine authenticity or offer a stamp of approval.  (And at the bottom of the email, the sender drops in “U.S. Department of Justice” as well, as if that will add some additional legitimacy to their claim.)
  10. It is very odd that the winners of a company promotion should be called “beneficiaries.”  This is a term that typically refers to those who receive money from a trust, will or life insurance policy.
  11. In an email to announce a $7 million dollar winner of a promotion for an International company, one would think that the email would use the same font and size throughout.  Clearly, there was no marketing department doing their due diligence to make sure this email represented the company well. It is not professionally crafted!
  12. The ONLY way to respond to this winning announcement is through email.  THAT of and by itself means it is a scam!

 

A footnote to this exercise in critical reading skills…

We sometimes notice that cybercriminals will try to obfuscate a link by making it so terribly long it will not display properly when the recipient mouses over it.  We’ve seen some really long links, including some with redirects hidden in them. But the link in this email exceeds anything we have ever seen before! Mousing over the link for the Wikipedia article, we discovered that it consists of 88,460 characters!  Here is an image showing just the first couple of hundred characters:

 

 

[hr]

FOR YOUR SAFETY: Your FedEx Tracking Number and Critical Update Available

And while we’re on the topic of “paying attention to details” check out these next two emails.  Both lead directly to a malware infection! The first may say “here is your FedEx tracking” but it clearly didn’t come from fedex.com.   A mouse-over of the tracking number in this email shows that it points to a website that appears to be for a business called “Morgan Manufacturing.”  However, this is not the real website for Morgan Manufacturing. And waiting for you at the end of that link is some nasty malware!

 

 

 

This next email claims to represent Adobe software but is far from it!  It came from a domain in the European Union with links pointing back to that malicious domain.  This is clickbait to have you install malware disguised as Adobe flash software.

Just delete!


Until next week, surf safely!