Please support our effort by making a small donation. Thank you!

x

July 15, 2015

THE WEEK IN REVIEW

We can’t speak for everyone but from where we sit the scampaign that started a couple of weeks ago blasting our honeypots with thousands of scams has continued. Please drop us an email at info@thedailyscam.com and let us know if you’re seeing a higher than normal number of scams in your in-box, Twitter feed, texts, or social media accounts. The preferred scam domain of the past week has been the “dot-click.” We’ve never seen a legitimate email coming from any dot-click domains. Check out a small sampling of these bogus emails from websites that end in dot-click:

1-dot-click email scams

Most of the scams (we estimate 75%) continue to target health related topics and gift cards/award vouchers. Here are four recent samples…

 

2-Apple iPhone 6 voucher3-Get info on laser eye surgery4-Trick to prevent heart attacks5-You look like a pig - please try this

Do you think it’s easy to know who you’re dealing with on the internet? Think again. Check out our newest feature article… “Taft Technologies and the Truth About Internet Lies.”

 

 

 

 

Phish NETS: American Express

The Anti-Phishing Working Group (APWG)  recently released their report for the second half of 2014. Below are just a few of their findings:

  • The ten companies that are targeted most often by phishers are attacked constantly, sometimes more than 1,000 times per month.
  • Phishers continued to attack Apple, PayPal, and Taobao.com heavily. Each of these three e-commerce giants suffered over 20,000 phishing attacks against their respective services and brands. Together, these top three were the targets of nearly 54 percent of the world’s phishing attacks.
  • One of the newest targets in 2014 was the U.S. electronic toll road collection system called EZ Pass.

To read their full report, download their pdf here

Phishing sites are typically shut down after a day or two at the most. According to APWG, the average uptime of a phishing site is 29 hours, 51 minutes. So we were very surprised to see what the attached web file (html file) revealed in this American Express phishing scam:

 

This phishing scam was sent from a spoofed email address and is made to look like it came from mailservices@amex.com. Perhaps surprisingly, amex.com doesn’t even belong to American Express though we may think it does. It belongs to the American Stock Exchange. However, they didn’t send the email either. The scam email “Confirm your American Express online details” contains at least two subtle grammatical mistakes and so may not make people suspicious. The attached html file is a very dangerous web document that contains instructions for a web browser. In the hands of criminals, these files can be extremely dangerous to open. You can learn more about risky file names such as .html and .htm in our article Filemames Will Set You Free! We downloaded the attached html file to show our readers the very sensitive and private information these scammers want from you…

7-American Express phishing page

Our surprise came when we anlyzed the code in that attached html file. Though the majority of links on the web page led back to the real American Express website, several graphics actually came from a website in Portugal called jpmmotos.pt. One of these graphics included this one:

 

JPMMotos.pt is an “official seller” of motorcycle-related products and services in Portugal. We first reported in our June 24, 2015 newsletter that the jpmmotos.pt website was being used by criminals to host image files like the one above for phishing scams. That’s why we’re surprised to see this happening more than two weeks later! In June the scammers were sending your precious data to a website in Brazil. Now they are sending it to a website in India called villagemart.in. Villagemart.in appears to be a legitimate website that has been hacked and misused.

Delete, delete, delete!

YOUR MONEY: Mystery Shopper

We typically roll our eyes when we hear stories about Mystery Shopper job offers but a reader once corrected us that there actually are legitimate mystery shopper job offers. But this ain’t one of them! “We have a mystery shopping assignment in your area and we would like you to participate.” They don’t address the recipient by name. How can they possibly know the area she/he lives in?

9-Mystery shopper invitation

 

The email seems to come from Postmaster@mysteryshopperinc.com and they say they wish to pay you $170 per assignment. We’re told by real mystery shoppers that the usual payment for an assignment is $40-$50, sometimes a bit less, sometimes a bit more. The sender’s domain sounds legitimate so we Googled it. You had better read carefully or you’ll think that this domain is legitimate…

 

MysteryshopperSinc.com is a legitimate marketing domain for these assignments. But the email came from mysteryshopperinc.com, a look-alike without the S. Google cannot find any website or domain for mysteryshopperinc.com. Scammers have been pretending to hire people over the Internet for these bogus jobs for years. We’re not sure exactly how their scam runs but several people online have described a form of advance-fee scam in which the newly hired shopper is sent an advance check higher than their expected salary assignment. The shopper is then supposed to wire/send the extra dollars to someone somewhere else as a part of the con. If you read the scammer’s email above carefully he says that the mystery shopping assignment is for the “customer service of any Western Union in your area.” No doubt the scam will ask you to rate your experience as you wire YOUR hard earned money to the scammer somewhere in the world while you wait to learn that the check sent to you has bounced. Here are a couple of recent links talking about these scams:

http://www.ivetriedthat.com/2015/06/24/beware-of-mystery-shopping-fake-check-scam/

https://www.consumer.ftc.gov/blog/mystery-shopper-scam-strikes-again

Caveat emptor… Anytime someone wants to send you money in advance run as fast as you can in the opposite direction.

 

 

 

TOP STORY: Student Scholarships

We reported on scam, or very-questionable scholarship offers, in our April 15, 2015 newsletter. Unfortunately, with a new school year just around the corner, we are seeing an uptick in the number and variety of these scams and questionable scholarship services. Let’s start off with an easy one… USAStudentMoney.com.

 

 

“Get a $10K scholarship on July 15.” …a mere five days from the release of this scam. That promise of a quick turn-around should make anyone suspicious. Fortunately, there are two important pieces of information in this email we can check on. When we look up ownership of the domain usastudentmoney.com in a WHOIS tool, we see that the website was registered just a few weeks earlier on May 18 with remarkably little amount of information about the registrant.  Notice that the address listed at the bottom of the email is a PO Box, not a physical address. When we look up that PO Box in Atlanta, GA we see several links that should raise eyebrows, including a link from Spamhaus.org identifying this PO Box as being used in vanity award scams  and another link from Spamhaus.org identifying this PO Box as being used in a fake travel agency spam operation.

A search for this website using Google turns up a link with no accompanying information at all.

Just delete!

This next scholarship offer isn’t as easy to see through. We reported on this scholarship website back in April and what we said then holds true today! Read what we found in the April 15, 2015 top story.

13-Scholarship confirmation-scholarservice-info

 

 

 

FOR YOUR SAFETY: Careerhiring dot-com and Attention Artists

Sometimes the greatest online dangers arrive in the smallest packages. Check out this short, simple email from ykpzrqd@schwanpan.com with the subject line “Discount.”

14-careerhiring-com discount code

 

 

A mouse-over points to a website called careerhiring[dot]com which sounds like it could be legitimate. But before you think about looking for a job there, have a look at what Virustotal.com and the Zulu URL Risk Analyzer told us about this website.

15-careerhiring-com virustotal

16-careerhiring-com zulu score

 

 

This next malicious email caught our attention because it was the first time we ever saw a scam target artists! The “dot-club” domain made us very suspicious. You can see below what the Zulu URL Risk Analyzer thought about the website.

OUCH!

17-AllArtistsRequiredNow-club

 

18-AllArtistsRequiredNow zulu score

ON THE LIGHTER SIDE:  Tropical Cruise for 4

Like you, we’re in need of a vacation and have been hunting online for good deals. Imagine how excited we were to receive this email for a tropical cruise for four at $20 a day! I guess at these prices the only place we’ll be cruising is our bathtub.

Until next week, surf safely!