Please support our effort by making a small donation. Thank you!

x

July 7, 2015

THE WEEK IN REVIEW

Last week we mentioned another spike in the sophisticated advance-fee scams targeting users at Care.com. An email we received from a woman named Alicia said it all… “I honestly have so many texts from the Care.com scammers it hurts.” And she wasn’t exaggerating. To learn more about the Care.com advance-fee scams, check out our articles listed below. Here are just two of the many screenshots Alicia sent us…

1-care com scam text 1 2-care com scam text 2

 

Nanny Scams Hit Care.com

Scams Targeting Care.com Users Again!

Just prior to the July 4th weekend there was a new scampaign causing a surge in the volume and variety of scams hitting everyone’s inboxes. Mind you, there was nothing new but a lot more of the same old tricks.

The sampling list of subject lines and email addresses below says it all. We hope your July fourth was scam-free!

Subject Lines

ATTN: (username) – Vehicle oil change notice #181248081

Beware of tax fraud! Help protect your identity against theft

Browse exciting cooking school options

Coca-Cola’s selection committee chose you for this new position

Disturbing video depicting the fall of the U.S.

eHarmony free communication special is here!

Electricity bills lower than hanging fruit!

Here are our new steaks for you to try

New affordable Italy dream vacation-packages available

Stay independent with a medical alarm

Struggle with having healthy snacks around? Get them delivered.

Summer is roofing season. Special discounts 02Jul2015

Toxic parasite prevents you from losing weight????

Weird invention saved his life during hurricane

What if you could do this?

Email Addresses

Apple-iPhone-Voucher@bestphonerewards.link

CableService@researchitaly.us

CNN-Utility-Savings@kluyk.link

CookingSchool@sunhaus.science

Costco-Online-Gift-Card@yenbonusluck.link

EDUOnline@affinastep.science

Experian-Report@cxsayy.link

Hearing@lopsalcid.com

Marvin-Window-Savings@rxdhj.link

Oprahs-CarBlaster@rsist.link

Phone@researchitaly.us

ShockingOnlineRecords@acherecordsaim.link

ToytoaJuly4SalesEvent@reudi.link

United-States-Flags@ishug.link

WaterproofYourBasement@rlwns.link

 

 

 

 

Phish NETS: Apple Phishing Account Hidden on Baby Store’s Website

As far as quality is concerned, this phishing scam for your Apple account information was pretty poorly crafted judging by the choice of colors, the overall design, and problems with the character-set at the top of the email. Plus, who says things like “You’ve placed your Apple ID under the risk of termination?” We would venture a guess that the perpetrators of this scam are not U.S. citizens because they used a very non-American way of writing the date that appears in the subject line. First appears the day, followed by the month.

However, what really got our attention was the Canadian website revealed by a mouse-over of the link “Verify Now >.” It points to a legitimate, but hacked website called Kidslane.ca. (.ca is the 2-letter country code for Canada.) Sophos, valuable anti-spyware software, has identified Kidslane.ca as hosting malicious content since September 16, 2009! We contacted the company to inform them about this but unfortunately got no response. Is anyone listening?

 

When we attempted to go to the exact phishing URL (web address) in the bogus Apple email, even Firefox easily identified the webpage as a forgery…

So what’s waiting on the forged web page? The page looks like you are logging into your Apple account:

6-Apple phish -login page

It is important to note that one of our most trusted tools, the Zulu URL Risk Analyzer, is not perfect. It only scored this URL as 40 out of 100 points, earning the webpage a passing mark. You can’t always rely on software tools.

Just delete!

7-Apple phish zulu score

 

circle-jerk 

YOUR MONEY: Costco, Kroger, Outback Steakhouse Coupons & Giftcards

You’ll notice a lot of similarity between the scams below. In fact, they are nearly identical in every way and were likely created by the same criminal gang using the same scam template. We’re certain of this, even though a WHOIS lookup would like us to believe that these three domains were registered by three different people from different places across the U.S.

http://whois.domaintools.com/vansgiftcard.link
http://whois.domaintools.com/equalgiftcheck.link
http://whois.domaintools.com/steakhousegiftcardlets.link

Also, notice the subdomain revealed by the mouse-over. The subdomain appears before the domain name and is separated by a period from the domain name… “Grabitnow” “Getnow” “Exclusive” These giftcards are as phony as a three dollar bill and each contain the tell tale random text at the bottom meant to fool antispam servers. This random text doesn’t fool anything but serves as a huge shout-out to Delete, delete, delete!

8-Claim your $100 Costco card

 

 

9-Claim your $100 Kroger gift

 

 

 

 

10-Claim your $100 Outback Steakhouse

 

 

 

 

 

 

 

TOP STORY: Scams Through Fear and Intimidation

In 2014 we published a series of scams in our scam collection titled Fear and Intimidation. (Check it out here!) Fear and intimidation are heavy weapons in the scammer’s arsenal to engineer your clicking behavior. Recently we saw some scams that fall into this category such as this email from Online-Records-Exposed@frequently
checkfilesolution.link. 
We joked in last week’s newsletter about these types of emails but the fact remains that they are effective means to engineer human behavior. The scammers have been sending them out by the tens of thousands for more than two weeks now. Ironically, there is so little privacy online that it is possible to pay services for very private information about people such as arrest records. But this ain’t it. Just delete!

11-Your public records have been searched

 

Or how about this email below for intimidation from noreply@secureserver.net.   The giveaway that something is amiss comes from the realization that there isn’t a single bit of information to identify the recipient. Notice too that the language isn’t quite correct in two places… “Notice of appearance in Court” in the subject line and “This is to inform you to appear in the Court” are both a bit odd. Unfortunately that attached zip file contains a nasty payload of malware resulting in a computer infection. Ouch! Just delete and hope your court hearing goes well without you.

12-Notice to appear in court


 

 

 

 

FOR YOUR SAFETY: Preserve Your Memories for the Future

We often see emails that look like well-crafted advertisements but are actually seriously malicious and that lead to malware or fraudulent charges to your credit card. Take a look at the two emails below – “Sears home roofing and installations deals” and “preserving your memories for future generations.” Both look very professionally created and legitimate. Notice that both happen to contain hidden text at the very bottom of the email that is intended to trick antispam servers. Our simple word of caution… Make it a family rule never to respond to random, unsolicited emails no matter how legitimate they seem.

13-Preserve your memories for future 14-Sears home roofing and installation deals

 

 

ON THE LIGHTER SIDE:

We’ve become pretty popular with Russian women! Especially Olga. We know this comes as no surprise to our readers because we’re so darn cute. Before meeting Olga we need to buy a new suit, some flowers, and then try to remember how on earth we know her.

Until next week, surf safely!

15-Email from Olga

 

16-Email from Olga 2

 

 

17-Email from someone looking a man