Please support our effort by making a small donation. Thank you!

x

July 22, 2015

THE WEEK IN REVIEW

This past week has taught us that the key to immediately identify most scams is understanding and recognizing domain names. We saw hundreds of scams coming from the newly-released domains by the Internet Consortium of Assigned Names and Numbers (ICANN), whose job it is to govern Internet rules. To completely understand what a domain is, please check out our article Learn to Surf Safely by Understanding Website Domain Names.  The Internet was quite literally running out of names as its popularity continued to explode during the last few years. There were simply few names left in “dot-com” and “dot-org” so ICANN began to release new domains such as dot-click (.click), dot-link (.link) and dot-science (.science).

The problem with the newly released names, so far as we can tell, is that only criminal gangs are using them to create malicious websites. In addition to those just mentioned, scammers are now using “dot-xyz” and “dot-party” to push out their scams. Check out these two lists from our honeypot email servers to see what we mean. The domain will be the group of letters following the last dot (period) in the from address…

 

 2-Domain email list 2 1-Domain email list 1

 

 

 

 

 

 

Phish NETS: PayPal and Apple, of Course!

Apple has long been one of the most targeted companies for phishing scams in recent times but PayPal has also been a popular target and one of the earliest online banks to be targeted. The most clever phishing scams are scams that use domain names that seem legitimate but are actually not. Here are several examples from the email “Apple iCloud Final Notice”

softwareupdateios.com
iapp-upgrades.com
softwareupdateios.co.uk

3-Phish-Apple iCloud final notice

These domains may seem official but they are not from apple.com nor point to apple.com. And then there are the scam domains that are meant to mimic legitimate domains but with a subtle difference. Here is a screenshot of the legitimate website for Apple’s Service Exchange Center called GSX. Look carefully at the domain and subdomain in the address bar:

 

Now look at this email and check out the mouse-over revealed in the lower left corner. Can you spot why this is a subtle mimic and not the real thing?

 

This phishing email is superbly crafted with a spoofed Apple.com email address in the From field and instead of leading to https://isdma.apple.com we find http (missing the “s” for secure) and isdmaapple[.]com. A WHOIS lookup of this domain shows that the owner is hiding behind a proxy service.  The domain isdmaapple[.]com is being hosted in Irkusk. Irkutsk is a city in the Eastern Siberian region of Oblast, Russia. Please read our article mentioned above to understand the difference between domains and subdomains!

 

The above GSX Apple phishing email is far more sophisticated than this Paypal phishing email below with the subject line “Update your paypal account.” Notice that it was sent from an address at boominfotech.labhost.com and a mouse-over of the link “Click here to confirm your account information” leads to a shortened URL at bit.ly. Shortened URLs are often used by scammers because it is very difficult to know where on the Internet they take a visitor until it is too late. (Read our article on understanding and reducing the risks for using shortened URLs!)  We show you below that this phishing link in the Paypal email takes to you a fake login page on a website called secure-update.org, not Paypal.com.

Just delete!

6-Phish-Update your Paypal account

7-Phish-Paypal login webpage

 

YOUR MONEY: Publisher’s Clearinghouse Sweepstakes – The Real One!

There have been plenty of scam websites and emails claiming to be from Publisher’s Clearing House but we’re actually referring to the real Publisher’s Clearing House company because we’ve seen firsthand that some of their tactics are spammy at best and scam-like at worst. You are welcome to form your own conclusions about giving them your personal information when you enter a contest, or buying any of their products.

 

Let’s first report on the experience of an 80 year-old woman who entered one of the PCH sweepstakes and at the same time purchased a new “mesh wheel cart” for $53.98 to help her carry things while walking. The cart arrived but was impossible for her to open and set up without help. It turned out to be a piece of plastic rickety junk and she asked her son to return it. The son wondered why the box it shipped in seemed much larger than needed. The return policy required that any returns be sent back by USPS rather than a service like FedEx. At the Post Office he learned that the box was considered oversize and irregular and would therefore cost $37.13 to return. When that shipping cost was added to the $13.98 cost for “shipping and handling” charged by PCH to his mother, it meant that the total cost to return this junk was actually $51.11, nearly as much as it cost to buy the junk in the first place. How’s that for discouraging a return!

 

One email recipient, not related to the mother/son above, has been the target of an assiduous email campaign by PCH to enter their contests and sweepstakes. Check out the list of email subject lines that have been bombarding his account since June 27th. How do you feel about those subject lines as a means to get attention?

 

We are not calling PCH sweepstakes or their products scams but there is a spam-like quality to what they do and how they do it. Have a look at any of these three email samples and draw your own conclusions. They are just as misleading and confusing as the junk snail mail they send. And frankly, when they heavily target the elderly with this stuff, we think it borders on trying to take advantage of people.

Caveat emptor.

9-PCH 1 10-PCH 2 11-PCH 3

 

 

 

 

 

TOP STORY: One Criminal Gang to Rule Them All

We’ve reported several times reasons why we believe that one or two criminal “companies” are responsible for at least 75% of the scams that target people online. If we were to draw our conclusion from this past week alone that percentage would be at least 95%. First of all nearly all of the scams we saw in the last week had the exact same layout and design, clearly showing that they were created from the same template. The scammers simply swapped out subject lines, graphics and other content but the designs are the same. Have a look at these six and decide for yourself…

12-Local vehicle donation programs 13-Learn where to buy penny stocks

 14-Do you know who lives next door15-Affordable business class airline tickets

16-Best Alaskan Cruises17-Closet organizers

We saw hundreds of these scams. The first line in the body of each seems strange because it was crafted so that it would not be caught by antispam servers. Take the first three emails above..

Can’t view this C0mmercial.Advertisement because of images being off? Please press right here.

If your email display cannot scope out the a-d. because of images being off? You have to browse this page.

If your display can’t load this Advertizement following? You’ll have to follow right here.

And then there is the long paragraph of random text at the bottom of each email, sometimes visible and sometimes all in white and not visible. Our readers know this is just another trick to slide through all the antispam detectors by tricking them into thinking these are legitimate emails. And finally, look at the domains to which these scam emails link? Dot-click. Dot-party. We’re in the Internet age of total-dot-nonsense! Until lots of legitimate businesses start to use all these newly created domains names by ICANN, just stay away! They cannot be trusted.

 

And speaking of ICANN again, why is it that this governing organization is unable or unwilling to govern and police its naming system? Why is it that criminals easily and freely misuse the Internet to perpetrate their crimes against all the rest of us? We wish we knew the answers to questions like these but all we seem to get is the run around. If we get anyone at all, its low-level tech support staff in countries scattered around the world. We wish some serious investigative news group would take this project on! We at The Daily Scam feel strongly that ICANN needs a major overhaul with new enforced rules that are designed to make the Internet a safer place for everyone. Someone needs to conduct an investigation into the people who run ICANN and bring some transparency to their activities. If you want to see a specific example of what its like to chase a criminal down the rabbit hole of Internet fraud, read our recently posted feature article “Taft Technologies and The Truth About Internet Lies.”

 

FOR YOUR SAFETY: Claim your Free Book and Notice to Appear in Court

Both of these emails are completely malicious but deliver their nasty payload in different ways. The first, with the subject line “Claim your free book on how to avoid financial crisis” contains a link to a malicious website. The Zulu URL Risk Analyzer scored the domain instantgrowyourright.xyz as 85% malicious. We give it 100%! And, by the way… The best-selling financial author is not named “Jim Rickards.” It is Jim Richards. Notice that the “offer” expires on the day this email was sent. Better hurry up and click that link…

Or better yet, just delete!

18-Claim your free book

 

 

 

We’ve reported on this next email before but it bears repeating because that attached zip file contains nasty malware meant to infect your computer. Notice to appear in court?

Delete!

19-Notice to appear in court

 

 

ON THE LIGHTER SIDE:  Someone is running a background check on you!

We at The Daily Scam must have pissed off someone because they’ve been trying hard to get our attention for a few weeks and we think it’s funny that they believe these scam emails will do that. Have a look at the “From” addresses and the subject lines. Sometimes we get five of these a day! It’s a good thing we’ve got time on our hands.

20-Background check email list

Until next week, surf safely!