Please support our effort by making a small donation. Thank you!

x

July 1, 2015

THE WEEK IN REVIEW

We’re still seeing a lot of advance-fee scams targeting Care.com users and have heard from several victims during the week. Criminal gangs continue to use many of the same tricks this past week and some of them are extremely effective! We guess that explains why they continue to use them over and over. It really is quite amazing how well they can manipulate people into opening an email and clicking a link or attachment. Would you open any of the emails below?

But first, we wanted to let you know about a scam that has targeted people using Starbucks mobile payment users. Check it out at Bob Sullivan’s blog.

Let’s look at some of the subject lines and email addresses we’ve seen during the past week.

Subject Lines

Announced LIVE at SharkTank –The 2015 Product of the Year

Are you in need of consolidating debt services?

Big pharma isn’t there to help, but this is

Cut Phone Bills with VoIP Business & Home Systems

Excellent support to muscles and joints

FREE Shipping and FREE Gifts! Try WEN

Lower Monthly Bills by Switching to Solar

Model-Year-Closeouts on new Trucks and Cars!

My resume

Never pay for vehicle repairs again!

Super strong and lightweight garden hose

The Bible Warns: Obama will not finish his second term

This virus is causing you to forget stuff

Try this juicy steak

 

Email Addresses

Alcoholism@threedognight.xyz

Apple-iPad-Keyboard@gatedb.link

BeverlyHills-MD@hyfert.science

hybridcars@goverfront.eu

Keybiotics@econdon.science

LASIKSurgery@hca.science

PrintOilChangeCoupons@korhans.eu

RestoreLostHair@arossifice.science

SamsungLiquidation@bebode.link

SearsRoofingDeals@lvsejc.link

SolarBag@ierife.science

TeachingDegrees@ep0.science

TruckClearance@cucinea.webcam

Verify.info@vaizedcies.com

 

 

 

 

 

Phish NETS: TD Bank N.A.

Anyone who receives an “Account Status Warning” on their bank account might sit up and pay attention. However, the email below is a bit odd, contains a misspelled word (Can you find it?), and is missing some punctuation and capital letters. These are signs that should make one suspicious. Oh yeah…. And the email didn’t come from tdbank.com but from www-data@handelsblatt-service.com

 

A mouse-over of the link “my account activity” easily reveals the fraud. This is where it gets interesting. The link clearly leads to a company (in India) called SameerAirCool.com that has been hacked. Even VirusTotal.com’s collection of resources can easily identify this link as a phishing scam…

On a whim we wondered what Google had to say about SameerAirCool.com and look what we discovered! SameerAirCool.com appears to have been hacked by a Palistinian activist group called PiColO BliDa –or so they want us to believe. Remember, anyone can say anything on the Internet but that doesn’t make it true.


 

 

 

 

YOUR MONEY: Amazon Gift Cards and Your Recent Job Matches

Amazon gets picked on a lot by scammers. We guess that’s part of the price you pay when you are a world-wide, multi-billion dollar company. But don’t be fooled by these emails below. None of them came from Amazon.com and they didn’t contain links leading back to Amazon.com. But we did see many of them this past week in various forms such as this sampler:

 

Of course the emails below contain the tell-tale signs that these are scams, including…

  1. random text included in the first email, meant to fool the antispam servers
  2. strange phrasing and misspelling in the second email

 

 

 6-Amazon Member Loyalty Gift

 

For this next scam we give the scammers an A+ for their creative domain choice “StartYourCareerHere.link.” Would your curiosity get the best of you to click the link “visit here now to browse the listing and apply?” Check out the Zulu URL Risk Analyzer’s assessment below for this site. BAM!

 

 

8-Your recent job matches zulu score

 

 

 

 

 

 

 

 

 

 

TOP STORY: Health Scams, COPD, Diabetes, Neuropathy and Snoring

We routinely see criminal gangs using scampaigns targeting people who suffer from health problems and we’ve reported on this offensive tactic in previous newsletters. During the last week we saw a significant jump in these types of snake oil scams including the four below.

 

The first and last emails, “chronic obstructive pulmonary disease” and “stop snoring so everyone gets a good night’s sleep” were clearly created by the same criminal group. We urge any of our readers who have relatives with medical concerns to caution them not to click links in, or respond to, random emails about their health issues. …no matter how professionally they seem to be crafted!

 

You’ll notice that two of these spam say that they’ve been sent by Audacity-Media LLC. We’re not convinced that Audacity-Media is responsible for sending this junk despite these awful comments about them on FindtheCompany.com  The reason we say this is because there is another address and/or company name listed directly underneath the marketing graphic. For example the COPD email lists this other address as PO Box 540901, Houston, Texas. Bizapedia shows that this address is owned and registered to a company called Challenger Network of Houston but according to Guidestar  it no longer seems to be in business. And then there is the fact that the domains for both of these emails (0a5.science and ia0.science) are registered to someone named Vhali Ghorphis from Pompano Beach, Florida according to WHOIS.sc and not related to the other companies. Like we say over and over, it is simply far too easy to deceive others on the Internet.

Just delete, delete, delete!

 

 


10-Diabetic Health Alert

 

 11-Neuropathy permanently over

 

 

12-Stop snoring

 

 

 

 

FOR YOUR SAFETY: My Resume, Condolences and Hacked eMail Accounts

We are seeing a resurgence of emails containing malicious links coming from legitimate, but hacked email accounts. The body of the email may offer a greeting like “Hey Doug,” a link and then sender’s name or email address. Be wary of these emails. All the ones we have checked lead to malware infections, such as these two:

 

 

 

 Check out the score from the Zulu URL Risk Analyzer for the first of these two emails above. Zulu says it is a “Suspcious” website in the Eukraine. However, notice that Zulu found a redirect on the suspicious website. When we checked out the redirected link we hit 100% malicious paydirt from a website in Russia! Ouch!

Deeeeeeleeeeeete.

15-From hacked account zulu score 1

 

 

 

 

16-From hacked account Zulu score 2

 

 

 

 

 

This past week we have also seen two highly effective but simple emails containing more malicious links. The first claims to be from someone sending you his or her resume but the attached zip file will give only leave you with a big headache!

17-My resume is attached

 

 

 

 

 

The other very effective email contains the subject lines “Thank you for your condolences.” Here is a list of some of these emails we saw recently…

18-Thank you condolences list

 

 

 

 

All of these emails contained a script that attempted to download and install software (which our security software prevented!) Hidden in the white space we found typical random white text meant to confuse antispam servers. Do you see the strange website domain hidden in the script at the top of the email? Txc56.bunggy.link Check out the score below for this website from the Zulu URL risk analyzer!

 

 

19-Thank you for your condolences

 

 

20-Thank you for your condolences zulu score

 

 

 

 

 

 

 

 

ON THE LIGHTER SIDE: Horrible Items About You!

We have to be honest with our readers and say that we’re a little upset this week. We don’t quite know what to do about it. Have any of you been saying bad things about us? Someone has and now our knickers are in a knot! And the worst is that we don’t know which four of the many horrendous items from the last twenty years has been posted unless we click that link. Move over Sisyphus, our sins are exposed!

Until next week, surf safely!