Please support our effort by making a small donation. Thank you!

x

June 12, 2019

THE WEEK IN REVIEW

Bored while accompanying his wife to the mall recently, Doug took out his phone and began to scroll through headline news.  Unsurprisingly, articles on various news sites were occasionally separated by advertisements. However, one ad in particular really caught Doug’s attention. It was this image and accompanying text stating “Sandra Bullock is Gone She will be missed by fans”  and “Nobody ever thought this is how it would end for Sandra”  This had all the signs of being clickbait!  The biggest reason is that it was clearly meant to suggest that Sandra Bullock had died.  But wouldn’t that be BIG news?! And yet it wasn’t on any of the news websites Doug had already visited.

 

Doug copied the link connected to the button for “READ MORE” and discovered that it redirected the viewer to skin care products on a website called “Blossom Simple Skin.”  We’re just getting started following this rabbit hole but it looks VERY shady. The products appear to use similar techniques as the scam skin care products we exposed in our 2018 article “Anti-Aging Face & Skin Creams  We will keep you posted once we finish digging into this particular skin product and its associated website.  However, the lesson here ought to be clear. If you read news that seems shocking, salacious, or unbelievable… Don’t click!  Instead, go to credible sources of news first, or ask a question of Google to see what Google returns. We asked Google “Did Sandra Bullock die?”  Google returned an article posted on MediaMass.net recently about her “death hoax.”  Apparently, she and other celebrities are being reported as deceased, and it is not true.  These stories are being used to engineer people’s clicking behavior! You can’t believe everything you read on the Internet…. What a surprise!


Phish NETS: Who’s Who in America? YOU!

We have a very different kettle of phish to share with you this week.  Not your usual sample of banking, email, social media or other financial accounts.  This stinky phish also falls under the category of a “Vanity scam” –a scam that tries to manipulate you by flattering you with an award or some type of bogus recognition, while conning you for money or your personal information.  We wrote about vanity scams a few years ago in our article titled Recognizing Vanity Scams” and then again in several newsletters in 2017 such as in the opening paragraph of our newsletters on June 28, 2017 and February 1, 2017.

We are PROUD to announce that TDS’s own Doug Fodeman has been nominated for the 2019 edition of Who’s Who in America! (Waiting for applause to subside)

In order to take his rightful place with Americans of power, authority and influence, all he had to do was click a link to get started.  From a distance (meaning we didn’t visit the site), we took a screenshot of the web page at the other end of that link sent by the “Biographical Submissions Dept.” to see what was in store for Doug.  Below is what we found. It appears that Who’s Who in America candidates are asked to fill out a set of questions that begin with simple data such as name, company employed by, email address, and phone numbers.  Those are just the questions on page 1.

As you already know, we smelled rotten phish from the start and the first thing we did was evaluate the link in the email from “em.usw-mail[.]com” to see if it has been identified by security services as malicious.  And it was! At least three security services have identified it as malicious, including the threat that it is a phishing site gathering personal information…

After that “told-you-so” justification, we looked at the invitation more closely and found the end of the email to be rather peculiar.  It was signed by the “Biographical Submissions Dept.” We Googled that name (with quotes around it) and the second link Google returned was to a security website called PhishCheck.me!  What was also fascinating was that PhishCheck had identified that WHO’s WHO scam on a site called isdcd[.]com.  We know this domain! Read our very next column “Your Money!”

YOUR MONEY:  Update Your Home with Moen and Scotts Outdoor Cleaner

“Update your home with these Moen innovations” says this email that seems to be from Moen or Home Depot.  But it’s not from either of them. It was sent from the domain “isdcd[.]com” and the links point back to that 5-letter domain.  It took VirusTotal.com just seconds to locate 2 security services that have identified that domain as malicious.

To add insult to injury, we received this nearly identical email that appeared to come from Scotts (as in lawn care) or Home Depot.  And like the Moen products email above, this one also pointed to the 5-letter domain “isdcd[.]com” and, once more, was completely malicious!  You know the expression “two points make a line?”  We now have multiple points all saying that these bogus emails, along with the Who’s Who phony-baloney award were designed by the same criminal gang trying to infect computers or gather personal information!

How fast can you say DELETE!

TOP STORY: Beware the Great White Space!

Cybercriminals try all kinds of tricks to plant their landmines in front of our eyes, hoping to entice to click, download, selection, or response.  But that isn’t their first challenge after they create their malicious chicanery. They have to get their landmines and hand grenades past the many and varied anti-spam servers and malware detectors.  They use a variety of tricks to do so but two of these tricks are related to the way they design their malicious emails and they are easily observable… if you know what to look for.

Beware the great white space!  If you see that an email contains a lot of empty space, especially at the bottom of the email, you can carefully try dragging your mouse through it.  If it is spam or worse (malicious clickbait), what you are likely to discover is random hidden text in that white space as white letters against a white background.  (Sometimes we have found an empty colored box containing hidden text of the same color.) We have often found spammers and scammers to paste Yelp reviews or parts of short stories and novels found online as white text into this space too!  By contrast, the contents of the email sent by scammers and spammers is almost entirely in graphic format! The criminals hope that anti-spam, anti-malware tools will find it harder to detect suspicious content if it is sent as a graphic, including the text.  This is true, in part, and we’ve experienced this ourselves. When we copied and pasted text from Nigerian 419 scams to share with readers, we’ve seen that those emails are often flagged as suspicious or untrustworthy, landing them in the spam folder or deleted altogether.  And so we, too, usually make a graphic of the text to get it by the anti-spam filters.

Here’s a recent example of what we mean (as a graphic!)… “Are you ready for a summer of love?” says this email from “Desperate Russian Girls” “@” augusthg[.]world.  When we received this email, everything from “Chat with 30,000…” down to the orange button “View her…” was a single graphic. There seemed to be very little text in this email. However, we also see about 6 inches of blank white space at the bottom of the email just before the “opt-out” information (NEVER CLICK OPT-OUT or UNSUBSCRIBE in suspicious emails!)  You can clearly see all the text we found when we dragged our mouse through this area, without clicking on anything!

By the way, we also find this email very funny.  Does “Inna” look like a “desperate Russian girl” to you?  She must have a lot of difficulty finding a partner for a relationship and so she has pinned her hopes of love on us old American men, right?  Total BS, you say?! Could there be another agenda? Might Inna just be a lovely photo-bomb (pun intended) intent in blowing up our computers?

Of course we asked our security services to evaluate the links in Inna’s email to augusthg[.]world.  As you can guess, they didn’t think so highly of Inna’s links.  We checked a WHOIS service only to discover that this domain was registered by someone in India the day before Inna contacted us.  That felt insincere and hurt our feelings. Is she really not that interested to meet us afterall? 🙁

Here’s another example of camouflaged white text and spam content turned into a graphic.  “The Guy Lost 84 Lbs” says an email from “Flat Belly Fix” “@” marrydsn[.]pro. If you try to read the highlighted text in white you’ll find that it is random sentence-like gibberish.  So the next time a suspicious or odd email lands in your inbox and you are wondering how legitimate it may be, look for a large blank space, usually at the bottom of the email. And beware the great white space!

Time to delete!

FOR YOUR SAFETY: Losing the Battle

We’re sorry to say it but we’re all losing the battle against cybercrime.  Check out this article, updated on May 13, 2019, from CompariTech about 2019 Cybercrime Statistics and Trends.

 


Until next week, surf safely!