July 13, 2016


This week’s newsletter marks our 100th. We’re sentimental fools for things like this and want to take a moment to thank our readers. Every week we get emails from people who find our articles helpful and thank us. Some readers share their scam experiences with us and help us inform others. This great feedback keeps us going! Eighteen months ago we were thrilled to have a thousand page views in a month. We’re now averaging more than 7,700 page views from about 5,700 visitors each month! It makes us feel all warm and fuzzy. Thank you! And if you know someone who might benefit from our site and free newsletter, pass it on…


Last week our Top Story was about the deluge of bogus job offers hitting our honeypot email servers. The fact that these outrageous offers have continued suggests that people are responding to them. And this even though there are so many warnings signs such as poor English, the “From” email address is spoofed to appear as your own email, and a big salary is offered up front. Does anyone really think that a legitimate job offer randomly appears in your inbox? Read how ridiculous the sample job offer is below and then check out the Zulu score to see how risky it is to click the link “visit our web page.” Responding to these emails reminds us of this silly video created by the anti-malware folks at Sophos. Hopefully you won’t see yourself in this video!

1-Job offer  2-Job offer zulu score


We also added two new feature articles in the past week and invite our readers to check them out:

Scholarship and Financial Aid Scams

Summer 2016 Update on Care.com Scams


Sample Scam Subject Lines:

Dinner Vouch valid ONLY July 8

Explore New auto Insurance Listings

Explore These River Cruises Options!

Find the affordable airline tickets now

Get Cloud Computing Solutions

Important Notification: Your Health Maybe at Risk

Listing your skill set in the global business network is important.

Restore your blood pressure in 21 days

Shocking Images (also: Shocking Video)

The situation you never expected to be in…

View mortgage listings

We’ve helped thousands of people lower their life insurance rates and get improved coverage.

Win the lotto every time


Sample Scam Email Addresses:





fidelity-life-[YOUR EMAIL]@com-claim.com







terminix-pest-control-[YOUR EMAIL]@buyandgrin.com








Phish NETS: No Phish! Time to Review Mouse-over Skills

We are happy to report that we couldn’t find a single phishing threat all week long! And that rarely happens. Woohoo! So we wanted to take this time and opportunity to review mouse-over skills and point out some other very important tips for staying safe while using the Internet.

To “mouse-over” means taking your mouse and moving it over a link you see on a website, in an email, post or feed WITHOUT CLICKING! If your web browser is properly configured, you should see the real location for the link revealed in the lower left corner of your web browser or email program. (If you don’t see it, then your web browser preferences need to be changed.) Does the link location look like the place you expect it to point to? For example, if you are clicking a link to your bank account, is that what you see? Here are a few of our articles and a video that demonstrate this critically important safety skill:

Mouse-over Skills Explained (video)

Mouse-over Skills

iDevice Mouse-over Skills


Other important safety tips:

7 Tips to Recognize Threats

File Names Will Set You Free!

How to Create Strong Passwords

Learn to Surf Safely by Understanding Website Domain Names

Smart Phones, Dumb People

Unsubscribe Me, Not!

Use Google to Detect Fraud

Where its @!



Your Money: Walmart Certificate, Quibids July Blowout, and Outback Steakhouse Gift Card

This email from nom@rollbackcardss.com tells you that this is a “certificate as good as cash.” “Your Rewards Are About To Expire” A simple WHOIS look up of the domain ownership shows that rollbackcardss.com was registered by our new archnemesis… **drumroll** …Judy Santiago! And through Enom.com once again. Readers will remember that “Judy Santiago” from Alexandria, LA has registered many domain names we have found to be malicious and fraudulent. The domain is also being hosted in Dusseldorf, Germany.



Are you familiar with the online auction bidding site Quibids? We see many poor reviews for the real Quibids site such as on PissedConsumer.com and ConsumerAffairs.com. However, this next email for 4th of July Cyber Blowout auction items didn’t come from Quibids.com though it appears so. Look closely at the sender’s domain name. The domain is actually quibiidds.bid and was registered on July 4. It is being hosted in Spain. This is one more reminder how ineffective the rules and safety standards are from ICANN (Internet governing body for domain names) for the Registrars they license. A domain name like this should raise alerts because of likely copyright infringement. We wonder if we would hear from ICANN if we registered the domain ICANNot.org.





We would love to “try this juicy steak ( Gift card inside)” from customer@bestoutbackreward.com.   But this email from “Outback” is another fraud. We wondered why there was a big black box at the bottom of the email so we dragged our cursor through it and discovered hidden text about the recent tragedy in Dallas, Texas. The purpose of the text is to help this scam pass through antispam servers. A WHOIS look up shows “Judy Santiago” up to her dirty tricks again.


 5-Outback Steakhouse gift card








TOP STORY: Urgent Message to U.S. Seniors

Criminal gangs in Russia, China, Eastern Europe, Nigeria and elsewhere target ALL Americans with their scams and malcious payloads. But after looking at hundreds and hundreds of malicious emails, texts and posts every month we begin to see patterns and risks that vary by demographics. For example, would it surprise you to know that teens and twenty-somethings are most at risk for scams delivered through social media, texts and employment websites like Care.com? Or that people dealing with health problems are most at risk from malicious emails claiming cures or false methods to ease their pain? Or that couples in the midst of a contentious divorce are more susceptible to the IRS and U.S. Treasury Agent scam calls?

Another demographic that we have not addressed often enough are senior citizens. Sadly, they are targeted a lot by criminals. For example, a very successful scam targeting seniors during the past few years has been the “phone call from a panicked grandchild” scam. We know several people with grandparents who have been targeted. These scams are described in these news articles:

Sometimes we see email pitches specifically designed to target seniors such as this one below with the subject “Urgent message to US seniors.” (It also appeals to the slightly paranoid patriot who likes conspiracy theories, but we shouldn’t digress.) This email came from dawson@srvivlmd.click.   That email address alone should set off warning bells as should many of the phrases in it…

“Leaked info…”

“The real answer will SHOCK you!”

“Click here before the video is taken down”

“…shield yourself and your family from this nationwide killer”

The email is malicious, plain and simple. The domain was registered on July 6 by someone identified as Siddharth Ahuja from Chandigarh, India and is being hosted in the Valenciana region of Spain. We have found other malicious emails registered by Siddharth Ahuja.

6-Urgent message to US Seniors


The critical question for everyone is… do we have a senior in our family who uses the Internet, email, and social media and might be susceptible to scams such as these? If you do, talk to them about the scams they are likely to get. Show them some examples if you can. Urge them never to click on odd or suspicious emails or links. Invite them to sign up for our free newsletter or visit our website! But most of all, teach them. Good places to start are the Top Stories in some of our previous newsletters:

The Best Scam Word is… Shocking!

Criminals Target Those With Health Problems

10 Most Important Skills to Protect Yourself



FOR YOUR SAFETY: Business Listing, Attached Invoice and Courier Unable to Deliver Parcel

To be honest, we’re not quite sure what their exact “game” is but we found this email and it’s organization of “theworldbusinesslist.info” listed as a scam on the UIA.org website under Fraud Monitor. The UIA is the Union of International Associations. Step away from that pdf….



Here is yet another “attached invoice” infected Word document. Their plea for a response is very heartfelt though… “I kindly ask you to finally reply. We’re getting no answers from you.” It makes us wonder if a clever programmer who might receive this could send their own malware right back at the criminals. We would like to hear about that one!


8-Attached invoice past due[hr_invisible]

Check out the FROM address field in this next malware-laden email. It says “FedEx Ground” but the email was sent by martin.simmons@jet-systems66.ru   Dot-ru = Russia.



9-Courier unable to deliver your parcel


ON THE LIGHTER SIDE: Winning Lotto System

We are so excited because we received the secret information that will guarantee our ability to win the lottery! In fact, we received this secret from 5 different emails at winmoneyy.bid. Check out the email below to see what we mean! Can’t wait to count our winnings!

10-Winning lotto system email list[hr_invisible]

11-Winning lotto system



Until next week, surf safely.