January 31, 2018


Using Internet services and apps for dating in today’s tele-connected world can be brutal!  This is certainly our point in this week’s Top Story.  But don’t just read that to understand what we mean.  Read the stories shared with us by a man we call “Abe” in our newest feature article Online Dating Scams Based on Abe’s experiences, using technology to find women to date feels more like a stroll through a minefield than a walk in the park.  You’re going to need a medic.

We want to remind readers of these malicious emails that have been targeting people for months and show no signs of stopping.  The subject lines change, as does the short content.  But they all have the same basic layout and button design.  They always inform the recipient that there are multiple messages waiting for him/her.


Sample Scam Subject Lines:

About our previous discussion…

DiActivate your $50 eRewards from Amazon by Sunday

Different In Bank Account details / URGENT!!!

Do the words Obesity, Alzheimer’s, Heart Disease and Cancer scare you?

Drops 10 sizes from your waist – Shark Tank

Grow a younger heart and brain..

High Wages, No Training Needed

HURRY, this FREE offer won’t last long!

Last chance? Don’t miss this out.

Qualified students may return to school with a grant.

Re:120.000 Euro/Dollars

SolidQuote: Low-Cost Auto Insurance Options

What is your cat trying to tell you?


Sample Scam Email Addresses

Amazoncom <amazoncom @ mondayrewards-DOT-com>

“Bath & Body Works” <bathtub @ bathtub-DOT-com>

“Cat_Behaviour” <Cat.Talking @ casinoss-DOT-us>

“ClassesUSA.com” <clases @ clases-DOT-com>

“CNN Health Report:” <contact @ controldibetes-DOT-bid>

“Diy_Home_Energy_System” <Robert.Mathews @ shipting-DOT-us>

“Gout Free Life” matchseniorssingles @ antigoutdiet-DOT-com

“Health Dept.” <healthcare @ gobackpain-DOT-com>

NeuropathyTreatment Group <NeuropathyTreatmentGroup @ ghvfvvd-DOT-date>

“psoriasisfreeforlife” <psoriasisfreeforlife @ beruphu-DOT-us>

Storage_Shed_Plan <Wooden-Shed @ shedpln-DOT-bid>

“Walmart Rewards” <walmart-rewards @ blackrangegiift-DOT-com>

Walmart <walmart @ abzvoucher-DOT-com>




Phish NETS: Apple GSX Account and Zoom

Phishers haven’t targeted Apple certified support folks for quite a while but they are back at it now.  Men and women certified to repair Apple devices become members of a service known as GSX, or Global Service Exchange.  Check out these two emails pretending to be about a tech’s GSX account.  This first one was sent from apple.com-DOT-co.  “.co” is the 2-letter country code for Columbia.  That is not the same as apple.com.   The link in the email is meant to look like an official Apple Authentication site but it’s a phishing siteIdmsaapple-idmswebauth-DOT-com was registered on January 21 through a privacy service in Moscow, Russia.  The phishing website is being hosted in Doesburg, Netherlands.


Technically speaking, the second email isn’t a phish.  It actually contained a virus meant to infect your computer and it also targeted Apple GSX users…


We found something totally new!  A Zoom Info phish!!  Zoom Info, Inc. is a database service providing users with access to millions of professional profiles and email addresses.  Some sneaky bastard is trying to get into these accounts to steal data, no doubt.  Fortunately, this phish is easy to see through.  The email didn’t come from Zoom and the link points to a web page on the official Bar Association of lawyers in Patti, Italy.

They’ve been hacked and misused.  Perhaps they’ll sue!



YOUR MONEY: Improve Your Dog’s Health, Compare Auto Rates and Walmart Voucher

Most people LOVE dogs!  We do!  Of course, dog lovers would want to improve their dog’s health and “add years to the life of your dog.”  This email claims to expose dirty secrets in the dog food industry that are harmful to your dog’s health.  We say donkey-doo!  This is just malicious click-bait.  The email came from, and contains links that point back to the domain adroger-DOT-date. On January 19, just a few days before this email was sent, that domain was opened but not even correctly registered.  There’s no Registrant name or address but we can see that the site is hosted by a server in Germany.  The telltale sign that this was sent by a criminal gang is the reference at the bottom of the email to “TedMed.”  We’ve seen hundreds of malicious emails containing this same reference.

Just delete.


This next email inviting the recipient to compare auto rates was sent to us from one of our readers.  Notice that it was sent from a Yahoo email account, not a business.  The link points to the odd domain jersectic-DOT-com.  We followed that link and found that you’ll be redirected to another equally suspicious website called dytbq-DOT-com.  Google can’t find a thing about either of these websites.

Apply the “smell test” and delete.




“You’ve received $50 from Walmart” says this email sent from blackrangegiift-DOT-com.  Not from Walmart.com.  The site was registered to “Gary Little” of Georgia a few months ago.  We’ve identified Gary as a registrant of other malicious domains so let’s move on people….



TOP STORY: Sex & Dating Weaponized

Sex, dating and companionship are very strong motivators of people’s online behavior.  We’ve tried to avoid the most salacious content but it seems that we can’t avoid the topic altogether.  There’s just too much of it that is used to manipulate both your clicking behavior and your trust. (If you want more detailed evidence of this manipulation, read our article Online Dating Scams!) Random contacts from women, decoy dating services, and promises of sex bombard millions of Americans every week.  We finally caved and decided to show you some of what we see.  These are rated PG-13 or R.  We’ve excluded the “X” content.

These first two emails are designed to look exactly like legitimate dating services, Match.com and SeniorPeopleMeet.comBut they have nothing to do with the legitimate businesses.  They are wolves in sheep’s clothing, trying to send you to malicious websites.  Judging by the design of the emails, similar unsubscribe content and domain names, we’re certain these were created by the same criminal gang.  They both are registered to the crap global top-level-domain “date.”



Here’s another fake email meant to fool people into thinking it is from the real website RomanceTale.com.  It is also a wolf in sheep’s clothing.  However, before you consider using the real website RomanceTale.com, we urge you to visit the reviews posted for it on Sitejabber. We especially liked the review posted by Gordon on 1/20/18 saying “I love this site, and I found my beautiful wife on it……. Just kidding, this site is the most transparently fake dating site ever, Avoid it like the plague…”

And he’s speaking about the real dating site, not the fake one!


And then there are the random emails from women, often Russian women, who want to get to know you better.  (We say “Russian” because these lovely ladies use an email service in Russia… rambler.ru). We received five in just one week.  This UK online security website has written about this spam in greater depth.  Here are two of the emails from two lovely ladies, Masha and Julia. Isn’t it amazing that the emails are nearly identical?  They must be good friends.


And then finally, there are those delightful emails/posts/texts that try to have a man think with his “d” and not with his head.  Such as this email that will undoubtedly take you AND your “d” straight to malware…. Quite frankly, we marvel at the idea of any man falling for this carp.   But then again, when hormones rage and the frontal lobe isn’t too well developed, some men will do really stupid things.  One only has to search YouTube for “man jumps off roof into pool” to see what we mean.


Our advice for love and companionship via the web is simple…. Keep it local, use legitimate websites (not from randomly received email promotions), meet in a public space and don’t send money, especially before you’ve met.



FOR YOUR SAFETY: Quickbooks Invoice Portal, Shipment Status, Google Notification, and E-Fax Documents

Many small businesses use Quickbooks so this kind of email might get a knee-jerk response to see what invoice they are talking about.  That would be a big mistake!



We were bombarded with HUNDREDS of emails claiming to be from the U.S. Postal Service and a subject line “Shipment status changed for parcel #” and some number.  Look at how many hit our honeypot accounts in less than a minute!


You’ll see that the link looks like a link to the USPS but mouse-over and the truth is revealed!  We tried to look up the domain revealed by mousing-over and the top link in Google points to an article on Malware-Traffice-Analysis.net


Google’s notification message informs you that “3 broken emails has been found and recovered.” And the date listed is 1/25/2013!  The link points to a hacked restaurant website in Ireland.



Think you have a new E-Fax document waiting for you?  Think again.  The link in this malarkey points to a crap domain “.team”. The Zulu URL Risk Analyzer described the destination to us as 100% malicious.

‘nuf said.



ON THE LIGHTER SIDE: From FBI Director, Andrew McCabe

We thought Acting Director McCabe was pretty busy.  But he took time from his day to notify us of a Citibank payment waiting for us to claim.  Very kind of him, don’t you think?  Judging by the English in his email, he must be really distracted by the Russian investigation.

From: Mr. Andrew McCabe [info@decorima.com]
Sent: 1/22/2018 4:33:55 PM


Urgent Attention: Beneficiary,

We hope this notification arrives meeting your good health and mind. We (FBI) Washington, DC in conjunction with some other relevant investigation agencies here in the United States of America have recently been informed through our Global intelligence monitoring network that you have an over-due payment in the tone of (Ten Million, Five Hundred Thousand U.S Dollars) with Citibank, NC. It might interest you to know that we have taken our time in screening through this project as stipulated on our protocol of operations and have finally confirmed that your payment/transaction with Citibank is 100% genuine and hitch free from all facets and of which you have the lawful right to claim your funds without any further delay.

Having said all this, we will further advise that you go ahead in dealing with the Citibank, NC, accordingly as we will be monitoring all their activities with you as well as your correspondence at all levels. NOTE: There are numerous scam emails on the internet, impostors impersonating names and images. We therefore warn our dear citizens and foreigners to be very careful with any claim email you receive prior to these irregularities so that they do not fall victim to this ugly circumstance anymore. And should in case you are already dealing with anybody or office claiming that you have a payment with them, you are advised to STOP further contact with them immediately in your best interest and contact the real bank Citibank, NC, branch only where your fund is laying, with the below information:

Bank Name: Citibank
Address: 300 S Hughes Blvd, Elizabeth City, NC 27909, USA.
Contact Person Lambert Huddles
(Remittance Director)
website: www.citibank.com

Contact the bank today quoting your (PAYMENT REFERENCE NUMBER:

FBI/CITIBNK-4J/383X/17) and make them understand that you have been directed from this office and ask them for processing of your payment/funds immediately. Meanwhile, ensure you follow all directives or instructions from Citibank as this will further help hasten up the whole payment process in regards to the transfer of your funds to you as designated. Also have in mind that the Citibank equally has their own protocol of operation as stipulated on their banking terms.

All modalities has already been worked out before you were contacted and note that we will be monitoring all your dealings with them as you proceed so you don’t have anything to worry about. All we require from you henceforth is an update so as to enable us be on track with you and the Citibank, NC, branch. Without wasting much time, we will want you to contact them immediately with the above email address and phone number so as to enable them attend to your case accordingly without any further delay as time is already running out. Should in case you need any more information in regards to this notification, feel free to get back to us via email so that we can brief you more as we are here to guide you during and after this project has been completely perfected and you have received your payment/funds as stated.

Thank you very much for your anticipated co-operation.


Andrew McCabe
Federal Bureau of Investigation
J. Edgar Hoover Building
601,4th Street,
935 Pennsylvania Avenue,
NW Washington, D.C.
20535-0001, USA.

Until next week, surf safely!