June 13, 2018

THE WEEK IN REVIEW

We like to remind readers that there is no privacy online and most everything we do is remembered and documented.  We expanded on this point just last week in our Top Story about Microsoft Office and their forced changes to user’s privacy settings in Office version 16.13.  In another 2018 newsletter last April we wrote about Facebook’s inability to keep our personal information private in this Top Story titled Shades of Instagram. (Facebook owns Instagram.)  Once again, Facebook is in the news for their bumbling misuse of our privacy.  According to recent news articles, a Facebook bug made private posts of 14 million users public.  This bug was allegedly active from May 18 to May 27 and changed users’ privacy settings without them knowing.  Have they yet informed the Facebook users whose personal data was exposed? Not as of the date we published our newsletter.  (Read the CNBC article.)

Mark your calendars!  Free credit freezes will be available starting on September 21st.  We recommend putting a freeze on your credit, and your child’s credit if you wish to better protect yourself against ID thieves who then  open financial accounts in your name. Especially if you have a good credit rating! So much personal data about millions of Americans, including social security numbers, has been stolen. The three credit rating companies in the U.S. are Experian, Equifax and Transunion.  Currently, in most states these companies charge a fee each time you want to freeze and unfreeze your credit. And, to be truly effective, you have to freeze each service separately. By the way, if you are ever the target of Identity Theft, an important step to recovery is to visit IdentityTheft.gov and create an account.  Here are a couple of informative articles about what it means to freeze your credit:

7 Things You Need to Know Before Freezing Your Credit

What’s a Credit Freeze, and Should You Do It?

Another reminder…  Criminal gangs have used hyperbole for years to manipulate our clicking behavior.  In recent months we felt there was a decrease in the use of the words “watch this shocking video” but they now appear to be making a comeback, as you can see in this recent email that points to malware and a resulting computer infection:

[hr_invisible]


[hr_invisible]

Phish NETS: Verify Stripe Now and Email Storage Full

Stripe is a service that allows people and businesses to make payments over the Internet, similar to PayPal.  So we were not surprised when one of our readers sent us this first-ever phishing scam we’ve seen against Stripe account holders.  This email clearly didn’t come from Stripe and the link for “Verify Stripe Now” points to a website being used by phishers. (PhishCheck.me also confirmed this.)  Look at the screenshot of the login page below that the phishers created.

 

 

Many people, especially businesses and bloggers, use generic email accounts that accompany their websites.  That’s who this bogus email is targeting with the subject line “NOTIFICATION – Storage Full.” The link they offer displays as the email address of the recipient of this email.  But that link points to a server in Brazil. (“.br” = 2 letter country code for Brazil).

Delete!

 

[hr_invisible]

[hr_invisible]

YOUR MONEY: How Do We Pay For Assisted Living and Health Coverage for Students

For years, a staple of Internet criminals trying to infect our computers is content related to health and wellness. In just the last week we’ve seen malicious emails with content about acne, Christian healthcare, Medicare, neck and back pain, sleep disruption, snoring, diet pills, how to improve memory, and yoga.  It’s despicable that they prey upon those with health issues! Here are two recent emails that make this point.

You are led to believe this email represents CaringForAParent.com, a senior housing resource, but of course it does not.  The email came from the crap domain mjifrds[.]trade and the links point back to it.  Though VirusTotal.com only identifies this domain as a spammer (rated by both Fortinet and Spamhaus), we’re 100% certain it is malicious based on similarities in design, layout, coding and registration to other malicious emails we’ve seen.

 

Also, very likely from the same source, is this email about “health coverage for students” using the title “Trumphealth Care Replacement.”  There simply is no “Trumpcare” and this email came from the crap domain nationva[.]trade.  VirusTotal.com got this one right and lists it as a source of malware.

Our advice is simple…  Delete these health-related solicitations that may appear in your inbox.  They are not worth the risks involved when there are so many better ways to find and evaluate health-related information.

[hr_invisible]

 

[hr_invisible]

TOP STORY: Facebook Survey… Not!

Facebook again. But this time it’s not the real Facebook. The real Facebook service had nothing to do with creating this scam.  “A message for you” appears to come from the domain romwe[.]com, a consumer product website in Hangzhou, China.  This is interesting since this scam includes a physical address to unsubscribe and that address points to a Doubletree Inn located at 10100 International Drive in Orlando, Florida!   “CONGRATULATUONS! Your social network award is waiting.” (That’s not all that’s waiting!)  Links in this email point to the oddball domain ms00[.]net.  

 

We followed that trail through ms00[.]net to find that you’ll be forwarded to a subdomain of a website called drivingsetup[.]com.  This odd domain was registered a few months ago in December, 2017 using a private proxy service in Panama.  Sound like Facebook or legitimate offer yet to you?

 

When we visited the link to that website we were presented with a “satisfaction survey.”  The “customer reviews” listed on the page are ridiculous, beginning with “Dr. D.” from St. Louis saying “I love taking these surveys.”  This is just click-bait and nothing about it provides any legitimacy at all. Surveys and “exclusive offers” are also often used by criminals to engineer our clicking behavior.

Caveat emptor!

[hr]

FOR YOUR SAFETY: Your Friend Sent You A Web Page

A TDS reader sent us this next email.  It was spoofed to appear as though it came FROM the same person it was addressed TO.  It leads to the special invitation for one of the most ridiculous claims we’ve ever seen… “Uncover the Secret Russian Experiment that lets you legally steal the talents of absolutely any genius!”  But the video wasn’t playing. 🙁 All you have to do is click the link for “Help Center.” Surprisingly, the domain used in this BS was registered back in 2004 through a private proxy service. We had trouble finding out anything about this spammy, scammy pitch other than promotional BS.  However, on Scamero.com we found this post from December, 2017:

“No Refund and No Responsive
I bought the Raikov Effect on Dec 2 2017 and realized very quickly that it wasn’t what I thought it was going to be. So the very next day I emailed for a refund. I have never had a problem receiving a refund until purchasing from this company. I have never received a response even after sending three more emails. Their guarantee is so dishonest and their business practice is as unprofessional as you can get.”

At best, this is a scam to take your hard-earned dollars!  That’s crystal clear just by the way this information was delivered.

Delete!

[hr_invisible]


Until next week, surf safely!