THE WEEK IN REVIEW
We at The Daily Scam are routinely targeted by cybercriminals. You’ld think they don’t like us! Someone tries to hack our site weekly, routinely sends us malware and tries other means to attack us. We shrug it off as being part of the job description since we’re exposing their shennanigans and try to help others avoid their scams and traps. (Read the article about the barage of attacks we suffered during our first year online – Why It Hurts to be Right!) Here is just one small example of their continued effort… “Our UPS courier can not contact you (parcel #03376533)” This email, with an attached malware payload was sent to us. Three times. **sigh** From our good friends in Russia most likely. See “.ru” in the from address. That is the 2-letter country code for Russia. We suppose the country of origin could be spoofed but why would Chinese hackers or anyone else care enough to point a finger at Russia?
[hr_invisible]
Here’s yet two more ridiculous click-bait emails designed to send victims to malicious websites… “Facebook closing its doors” “The board has decided to get rid of its boss Mark after its reported that these allegations surface” We can’t help but wonder if the cybercriminals who sent this crapmail were inspired upon hearing the recent news that the Uber CEO and founder, Travis Kalanick, stepped down in the wake of the sexual harrassment scandals. The link shown as “ABC Daily Report” directs you to a web page on the domain calalime-DOT-com. This domain was registered by someone identified “Terrence Miller” from Colorado just hours before the email was sent.
[hr_invisible]
The second email is equally absurd and also uses a domain (suiuite-DOT-com) that was registered on the same day by Terrence Miller. “The wildest Shark Tank episode ever” “Stephen Hawking attributes this to being smart” “Raise your IQ by 100 in just a day.”
[hr_invisible]
Sample Scam Subject Lines: Anderson window-package 594057618: Reduced CBS Shark Tank most shocking moment Congress Gives Homeowners A Once-In-A-Lifetime Mortgage Bailout Find the Mobile Phones you’ll love for any carrier Get HBO for 1 year before 4th of July HGN: Megyn Kelly removed as host over shocking comments How this single mom just made your job obsolete Incoming Voice Mail 2:27AM Lotto Winners Across America Are Terrified New Low Home Low Rates New Voicemail 6:56PM Simple Tip Gives You 6-Pack Abs Your 50 Dollar Amazon Offer Is Waiting
Sample Scam Email Addresses 158f209fb2a4613d4ccb5_f5d45459 @ truthconquest.com Amazon-rewards-[YOUR EMAIL] @ fridaypriime.com Apetpetrol @ apetpetrolonline.com barkbox-[YOUR EMAIL] @ shopcreativeenergy.com DiySmartSaw @ dogfoodss.us Gyving @ holytape.info Hooky @ stargost.info Homothurmy @ annurshop.info James.holt @ grandrealtyusa.com maddox.silva-[YOUR EMAIL] @ packeyage.com sams.club.deals-[YOUR EMAIL] @ givingyouthis.com Samsclubrewards-[YOUR EMAIL] @ samznowis.com Walgreens_today-[YOUR EMAIL] @ nowinwalgrins.com
[hr]
[hr_invisible] This phish is pretty easy to spot… “Please confirm your billing information” wants you to think it came from Bank of America. However, the email address is from haproxy @ localhost.novalocal and the link points to diyaaforwarders-DOT-com. We strongly suspect this phish was created by someone from a foreign country primarily because the date in the email is listed by day first, then month. That isn’t standard practice in the US. Now delete.
Phish NETS: Bank of America
Here’s something completely new! “POLO 2017 Summer promotion, 70% OFF” “Ralph Lauren ON Sale” What’s most funny about this email from the domain alaoooer-DOT-top is that the links lead to the site called ralphlaurensok-DOT-com. Ralph Lauren’s OK? That’s good to hear because at age 78 we sometimes worry about his health. As for that website, we honestly cannot tell you if it is legitimate or not. You’ll find many pages that appear to be Ralph Lauren products at the site. HOWEVER, here’s what we do know that makes us very reluctant to purchase anything from it… None of this inspires us to purchase these products. This email from todayamzn-DOT-com with subject “Your Amazon Accoun Balance: $50” is malicious, no question! Todayamzn-DOT-com was registered on June 30 by “Darrell Lemley,” a bogus name we have identified in previous weeks as a name used to register malicious sites. A peek (DON’T VISIT!) at the top page of this site shows a fake news page titled “INFOWARS.” We used Screenshot machine to follow the link in this malicious email and found ourselves looking at a web page that pretends to be a congratulatory note from the search engine of the Czech Republic called Seznam.cz. (See below) We used Google Translate to learn that “our desktop had won a gift from the portal Seznam.cz.” Does any of this sound like Amazon to you yet? Delete! [hr_invisible] [hr_invisible] [hr_invisible] We’ll finish off this week’s YOUR MONEY column with two more scam emails that look like promotions from Walgreens and Sam’s Club. Check out the bogus domain names that are intended to appear that they have something to do with the real Walgreens or Sam’s Club. Big fat deeeeleeeetes for both!
[hr_invisible]
YOUR MONEY: Ralph Lauren On Sale, Amazon Promotional Gift and More
[hr_invisible]
[hr_invisible]
We always tell our readers to keep a healthy dose of skepticism when it comes to information online. However, when it comes to businesses we have to set the bar higher! There is so much deception that targets business owners, it is often hard to tell real from scam. So, to those TDS readers out there in the business world trying to make a living we say without equivocation… Never pursue any business offer or connection online that solicits YOU! If you want to do business with individuals or companies across the Internet, whom you do not personally know, you had better set your bar pretty darn high to confirm, examine, appraise for authenticity, evaluate, determine validity, review deeply… because there is so much fraud online! Every week we see business-related emails that could never meet any meaningful standard of authenticity. Here are just a few from the last week. What do you think of them? Need money for your business? Don’t go to GetABusinessFunded365-DOT-com. Google can’t find any content at this domain and the only thing that turns up on a search for it are forum spam complaints. (Forum spam means a spammer visiting websites has pasted their spam email into the comment section.) And though the domain was registered back in 2015, it was registered using a private proxy service in Panama. Are you feeling good about applying for a loan? [hr_invisible] Ms Julian Smith, claiming to be a Purchasing Manager from Sinara Group Co.Ltd in Russia, informs the recipient that she is “glad to know about your company from the web and we are interested in your products.” She wants you to send your “Latest catalog and price list for our trial order.” Really? So why did his email come from “dealer.com,” a digital marketing platform for the automotive industry headquartered in Burlington, Vermont? A search of Sinara Group Co. Ltd in Google shows the first link to a Wikipedia article about Sinara (a Russian Investment Company) but the second Google link is about fraudulent emails from “Ms Julian Smith” described in AntiFraudIntl.org! [hr_invisible] Perhaps we can find a ray of business sunshine by taking a new job somewhere? Completely unsolicited, we received these very interesting job offers. Though we must admit that the first is a bit confusing. The subject line of this email from chuckie @ southread.info tells us that there is a New Position Open With Apple – Salary is 89K for 2017. But the body of the email says that “You are being presented with an offer to work with us” at Google AND Facebook! Wow….Apparently they have (3) work-from-home opportunties. This phony-baloney is a funny read but hurry up because you only have 9 hours and 26 minutes left to respond. After that “the position will no longer be available to you.” Bummer! [hr_invisible] One of our TDS readers sent us this exciting job offer for “Job H;33220;27_,36519” Did someone let their toddler randomly hit the keyboard after typing “job”? “Your email was found by our company via recruiting agency for Wrapping Assistant.” We would rather be hired to help Snoop Dogg or Dr. Dre. If you read this remarkably special job offer you’ll see that whatever company this is actually formed a search committee! For a wrapping assistant?? By the way… what company is it???? We’ve got plenty more emails like these but we know when to quit. (Not really but we’re still figuring it out.) Bottom line? You want to do business across the Inter-web-ness? Do your due diligence to fully evaluate WHO you do business with. And if the solicitation finds you before you find them, chances are really high that it’s a scam.
[hr_invisible]
TOP STORY: High Risk of Online Business Solicitations
[hr_invisible]
[hr]
FOR YOUR SAFETY: Facebook Friend Request for Sex, Meet New Singles, and Freedom Circle App
Many of our readers are on Facebook. One of them sent us this screenshot of a friend request he had just received from Aurora Dilley. It came with a special invitation you can read below. The Zulu URL Risk Analyzer informed us that sex-now-DOT-site contains a redirect to another vulgar site called ineed2f… Well, we’ld rather not say. However, “Dr.Web” (A Russian malware analysis site) tells us that ineed2f… is malicious. DatingBusters.com says that ineed2f… sends visitors to fake dating sites. Oh my gosh! You can’t trust anyone nowadays!
[hr_invisible]
As long as we’ve decided to open this sleazy Internet path, how about this warm and welcoming solicitation to “meet new singles in your area?” By the way, this email came with a hidden web beacon so the email sender knows when we open the email, how many times and perhaps even more information. How nice. We guess we’ll be getting more of these.
[hr_invisible]
[hr_invisible]
In recent weeks we’ve informed readers of emails encouraging them to download and install apps of varying kinds. Here’s another one you’ll want to pass on… “People from Freedom Circle software has created an app that is so advanced it beats everything you have seen before.” Huh? Apparently this app is a money generator. Not for you. For the cybercriminals who sent it. See the Zulu score below. By the way, you’ll be forwarded to thefreedomcircle-DOT-ru as in RUSSIA after visiting the hacked website omearacustom.com. What is it with Russia and malicious content these days?! The fact that so many malicious threads point back to Russia makes us want to stop eating borscht and chicken kiev!
[hr_invisible]
[hr_invisible]
ON THE LIGHTER SIDE:
You Will Be Greatly Rewarded
Neil Trotter tells us that he wants to share his jackpot with us if we are a God fearing individual. He’s pleased we’ve shown an interest in his plight… whatever that is.
From: neiltrotter43@outlook.com
Time: 2017-06-27 12:15:40
Subject: Hello Beneficiary,
Hello Beneficiary,
My entire family is pleased to read your reply to us. I am Mr Neil Trotter i am a 41 years old, and I am from London United Kingdom, But I live in India with myself and my family. My jackpot was a gift from God to me. I have agreed to do the will of God. I may not know you, but i believe if you were chosen by God to receive my donation of $2,000,000.00 USD. You must be a God fearing individual, I am a catholic and i believe that Good things happens to those people who wait and also believe.
I am very grateful to you for the interest shown in my plight and I want to assure you that you will be greatly rewarded for what you have chosen to do. Although we know each other for the first time but I believe our father has directed me to you as I prayed and searched over the internet for assistance because I saw your profile on a list of registered email addresses provided to me by Microsoft list/Google list from which I picked you.
Be assured you stand no risk as this is my money,for source and verification please visit my secured link:
https://www.theguardian.com/uk-news/video/2014/mar/18/mechanic-neil-trotter-wins-108m-euromillions-jackpot-video
I decided to donate Individuals and i told some Ministers about this which they said was a welcome idea and promised they will get me a list of some people who can help others with my donation and put smile in the face of the needy, i decided to select my self by going to Microsoft and Google to make a research.My donation OF $2,000,000 us dollars may not be much to you but i believe it will go a long way to improving your standard of living like my Power ball Jackpot did to me, I would like you to fill the below and return back to me and my entire household will be glad for you to visit us after my donation gets to you. Do this on time so you can contact the payout bank for further directives to receive donation,
Name:
Address And Country:
Age:
Sex:
Occupation:
Phone No:
I do not want to ask you for your ID as we do not want to leave an impression in your mind that we want to steal your identity). I do hope that you will be able to use the money wisely and judiciously over there in your country.
we will employ you to do what you can to alleviate the level of poverty in your region and also try to enhance the standard of living of as many people as you can because that is the only objective of donating this money to you in the first place. May the Good lord bless your heart to be a blessing to your family and your society as soon as my donation gets to you.
Yours Faithful,
Neil Trotter.
—
Until next week, surf safely!