Please support our effort by making a small donation. Thank you!

x

June 10, 2015

THE WEEK IN REVIEW

No doubt most of our readers have heard about the latest embarrassing theft of personal information on four million government employees from a hacked government webserver. This theft included social security information. It is believed that this latest hack was carried out by Chinese hackers… again. If you missed reading about this, check out these articles from CNN and the New York Times:

http://www.cnn.com/2015/06/05/politics/us-government-hacked-data-security/

http://www.nytimes.com/2015/06/05/us/breach-in-a-federal-computer-system-exposes-personnel-data.html

This fiasco, which apparently went on for months, highlights one of the greatest growing risks for U.S. citizens in our Brave New World of interconnectedness. The vulnerability of our personal and private information through companies and services we use contribute significantly to our risk for many cyberthreats including online theft, identity theft and Internet-based fraud. A scary book to read on the topic is Future Crimes by Marc Goodman.

The Daily Scam recently answered a question posed to us from a reporter who wanted tips on how to avoid online identity theft. We wanted to share our response with you so that you can evaluate how well protected you are against these growing threats in our lives.

Avoiding online identity theft is extremely difficult in today’s world simply because the best source of our most personal information needed to steal someone’s identity is often provided by the theft of that data from health insurance companies, our doctor’s offices, credit card companies and others. A simple example is the theft of data from Anthem Insurance as described on this NPR piece: http://www.npr.org/2015/02/09/384875839/data-stolen-by-anthem-s-hackers-has-millions-worrying-about-identity-theft

However, there are some routine things that users can do to reduce their risks and better protect themselves. They include…. 

1. Reduce your exposure of sensitive information. Do not give out your social security number just because someone asks for it. For example, if your Dentist’s office asks you, ask them why they need it? Only provide it if absolutely necessary!

2. Set up protection and notifications by contacting the major credit rating companies and put a security freeze on your credit reporting. With Experian: http://www.experian.com/consumer/security_freeze.html    With Transunion: http://www.transunion.com/securityfreeze With Equifax: http://www.equifax.com/help/credit-freeze/en_cp

3. Consider setting up an account with a Identity protection service such as ProtectMyID.com (https://www.protectmyid.com/) or LifeLock.com (http://www.lifelock.com/)

4. Many financial institutions, email services like Google, and the U.S. government social security website allow users to set up 2-step verification processes for login. When a user attempts to login, he or she is sent a text with a 4 or 6-digit code required to complete the login process. Take advantage of these 2-step login verifications! And if your financial institution doesn’t offer it yet, ask them why not!

This week we’re not providing a list of some of the more interesting subject lines we see from scam emails. Instead we wanted you to understand the volume that these threats in our everyday lives. From our few honeypots. (In technical jargon, a “honeypot” is a computer on the Internet that is set up to attract and “trap” people who attempt to penetrate other people’s computer systems. In our case, the honeypots are email servers.) In a 24-hour period we collect well over one thousand spam and scams. There is a great deal of repetition amongst the scams we see. Also, as we have said before, at least three quarters of the scams seem to come from the same one or two sources based on their design and construction. And we strongly suspect that these sources are from Eastern Europe and/or Russia. Enough of the big picture. Let’s take a look at some interesting scams from the past week…

 

 

 

 

Phish NETS: PayPal

PayPal, along with Bank of America, has been one of the most phished banks on the planet based on our experiences. In fact, a PayPal phishing domain called “paypai.com” was one of the first phishing links we ever found many years ago. Imagine mousing-over a link and seeing “paypai.com” in the lower left corner of your web browser. The font is small and screen resolutions were less sharp back then compared to today so that most people easily dismissed it as being Paypal.com. It was brilliantly effective at tricking people into giving up their login credentials.

This phish is not as sophisticated as the one we described above. The email comes from official@ail.com and a mouse-over of the link “Click to Confirm” points to the domain passlegal.net, not PayPal.com. “You just need to confirm your billing address.” Yeah right. More like “you just need to hand over the keys to your account.” The domain passlegal.net was registered the day before this scam email appeared.  It was registered by a person named John Allen from a hosting company called BlackGoldHosting.com. This company seems like a legit web hosting company but passlegal.net is not!

1-Paypal - confirm your billing address

We wanted to show our readers what waited for them at this phishing page but unfortunately we cannot take the chance… VirusTotal.com showed that passlegal.net has been identified by two services as hosting malware. ‘nuf said.

Just delete.

2-Paypal confirm your billing address -virustotal score

 

 

 

YOUR MONEY: JCPenny Gift Card and Walmart Rewards

In this week’s Your Money section we’ll take a look at more online gift cards and rewards. We’ve seen them before but not in this dollar amount! JCPenny wants to give you a $1000 gift card! WOW, that’s so generous, don’t you think? We feel special. But before you click the link “Activate your JCPenny gift” though we’re told that “time is limited” let’s look more closely… The email comes from order@boldeaux.com and a mouse-over of the link in the email points to the same domain boldeaux.com, not JCPenny.com.

 

This email seems to have little to do with JCPenny. But that $1000 sure looks enticing. Before we visit boldeaux.com let’s have The Zulu URL Risk Analyzer have a look at the link. It shows several redirects on the site and also gives it a malicious rating of 81 out of 100. Also Webutation.net warns us that one of the redirects leads to suspected malware.

Just delete!

4-Activate your JC Penny gift - zulu score

Here’s another scam that wants us to believe it is coming from Walmart to offer us Walmart Rewards. Take our word for it, this is a scam. However, what is really bizarre is the content of this scam. Read it carefully. Easter deals in June? Who makes this junk up?

Just delete!

 5-Redeem your walmart rewards

 

 

 

 

 

 

TOP STORY: Cancer Appeal, Looking for a Manly Man, and Your International Monetary Fund Payment

This week’s top story consists of three personal emails that share some things in common. The first is an appeal for help from a woman named Ruby who claims to have esophageal cancer. She isn’t asking you for money. She wants to GIVE YOU her money after she passes away. Isn’t that generous of her? We are seriously worried about the judgment of anyone who would fall for this scam but let’s take a closer look anyway…

6-I am diagnosed with esophageal cancer

Ruby sends her email from an email server being hosted in South Korea. How do we know this? Look at the “from” address nobody@ilw05.uhost.co.kr. The last 2 letters are a country code. (Check out our article on understanding 2-letter country code scams!) You can locate the country on this Wikipedia page explaining country codes.  We think Ruby might be making some poor life choices because a Google search of her “from” address shows this 2012 post on Scamwarners in which her email address was used to solicit men all across the Internet for a meaningful relationship.  But she called herself Pamela back then.

And then there is the email address Ruby asks us to use to contact her. Use the Wikipedia link to look up the 2-letter country code in her email address. What did you learn about Ruby’s location now? We see that she left South Korea and moved to the Philippines. Perhaps they have better cancer treatment in the Philippines.

And then there is Marfa. Marfa is looking for a manly man. We think we qualify! We would love to visit with Marfa but unfortunately both the Zulu URL Risk Analyzer AND VirusTotal websites tell us that we shouldn’t visit her at byehost7.com.

7-I am looking for manly man

 8-I am looking for zulu score

 

 

 

Now we’re not so sure that Marfa has our best interests in mind. Fortunately though, we have other activities to keep our mind off of Marfa, like this exciting email from Mr. John David, the personal assistant of Ms. Christine Lagarde, the Managing Director of the International Monetary Fund (IMF).

10-International monetary fund payment

On a whim we entered the words “Mr. John David, the personal assistant of Ms. Christine Lagarde, the Managing Director of the International Monetary Fund” into a Google search field and most of the links returned in the top two pages of Google refer to scams reported all over the web including RipoffReport.com, 419Bittenus.com, RomanceScam.com and Scammed.by. 

There is a take-away from these three easy-to-spot scam emails. As is often the case, the sender’s email address doesn’t seem to match the email or domain of the site they want you to visit. Also, there never seems to be any personal information to identify the recipient. These two clues, of and by themselves, are so important and should raise our suspicions immediately. We know it’s easy to recognize these as scams but not all scammers are so lame. Apply these simple take-away’s to this more sophisticated invitation to join a select group of individuals. Congratulations! You deserve this!  😉

11-Confirm candidacy in Whos Who

 

 

FOR YOUR SAFETY: eHarmony and Shark Tank

Malware writers continue to use pop culture and legitimate businesses like wolves in sheep’s clothing to get our attention and engineer a click. Check out how professionally crafted the next two emails are. The first one, offering a free trial at eHarmony, hit one email server with a wave of solicitations in a matter of seconds… Each “from” address actually included the username of the person it targeted as an additional means to generate curiosity…

 

 

 

 

 13-eHarmony - join for free

 

 

 
 

But 5minuteclub.com is not eHarmony! Not even close. The Zulu URL Risk Analyzer tells us that this domain is blacklisted by many safety services and considered to be malicious.  Next is a malicious email relying on the popularity of the show Shark Tank. The subject line quickly caught our attention… “My fat sister looks better than you.” Notice the hidden white text against the white background at the bottom of the email that is visible when we drag through it. Most of our readers now know that hiding “real” text in an email is a trick meant to try to fool anti-spam servers. We hope our readers can now recognize the 2-letter country code in both the sender’s email address and the link revealed by mousing-over “Top Product in Shark Tank’s History” to know where you’ll end up in the world if you click the link. (In case you’re not sure, look up .in on the Wikipedia page of 2-letter country codes.)


 

 

 

 

 

 

 


 

ONE LAST THING: Paging Dr. Goran, Dr. Richard Goran.

There’s  just not enough junk filling up our mailboxes these days without Dr. Richard Goran’s Power-Innovator scam. (To read more about this scam visit this article on our website!)

3-your amazon order is almost complete

 

ON THE LIGHTER SIDE: Armageddon is Coming!

We have bad news. You better sit down for this… According to NASA, the world is coming to an end in less than 13 months. Total Armageddon that will unleash ancient diseases, produce mass riots and result in complete economic chaos upon the world! People, this is big! Even former CIA director James Woolsey says “two thirds of US population would die” according to this email. We gotta believe it cuz it comes from yoursurvivals.info! How’s that for credibility?! (To see more scams based on sensationalist claims, visit this article on our website!)

We’re headed to the hardware store for supplies to build an underground bunker. Until next week…. Surf safely!

 15-re your survival - Nasa red alert

Until next week, surf safely!