Please support our effort by making a small donation. Thank you!

x

June 17, 2015

THE WEEK IN REVIEW

Lately we’ve been reporting on the “power innovator” scam, including our recent featured article on our website because the scammers have been sending out LOTS of scam emails to drive traffic to the power-innovator.org website and generate sales of a product that doesn’t work. This heavy campaign continues such as this “U.S. News emailed article “How Tesla Could End Your Electric Bill.” Apparently a sucker is born every minute.

1-power innovator scam again

 

We are also seeing a significant resurgence in the sophisticated advance-fee scams targeting young adults who use Care.com to offer services like nannying, house-care, and dog sitting. We had fun baiting one of the scammers who identified “herself” as Cristin Seely and sent us a check for $2,850 in advance! How nice of her to pay us in advance. Of course the check was fraudulent and we notified the Indiana company that the check claimed to represent. We were their fourth caller in a few days about a fradulent check in their name. We’re working on a new article about these scams but here are links to two of our former articles:

http://www.thedailyscam.com/nanny-scam-targets-care-com/

http://www.thedailyscam.com/update-on-care-com-nanny-scams/

 

Sample Scam Subject lines and Email Addresses from the Past Week…

Subject Lines

AARP Supplement-Coverage: Less than-$25-per-Month: Expires 12-Jun-2015

Endless moments of intimate fun

First ever household sprayer with extreme power

Free a family-member from addiction

Good evening (username) -12Jun2015

How to get the cheapest wireless internet

IMPORTANT UPDATE –Word at home jobs report

I know all the truth about you now

[VIDEO] Explain your business in 60 seconds or less

Search for Child Predators in your area

You are welcome… – Friday, June 12, 2015

Your – one stop shop for printer ink and toner

You’re advance in the amount of 1250.00

Email Addresses

10off@savemoneycellular.rocks

AnimalHealthInsuranceGuide@holdova.science

AutoOilChangeCoupons@ministical.eu

GasCardFinder@westeroic.science

info@cokerewardsUSA.com

OmegaKHeartAttackFighter@preditary.science

PrivateJetRentals@yellers.eu

ReverseMortgageUSA@honemes.science

RoofingDiscounts@cyprussion.science

theo@trustedloans.com

TripstoHawaii@sulfa.eu

Vacation_in_Ireland@evantation.eu

WeightLoss-offers@chardrobor.science

 

 

 

 

 

Phish NETS: PayPal… Again!

Yes, we reported on phishing attacks directed against Paypal users in last week’s newsletter. These scams are continuing but in slightly different presentations. Check out the email design below warning that “Your Account Paypal Has Been Limited.” Awkward English, and then followed by “Hello Dear.” The grammar and capitalization are clearly wrong indicating that the scammers pushing these emails out are not likely native English speakers.

 

A mouse-over of the link “Log in to get Access” reveals that it points to a legitimate WordPress website at the domain TheLifeLongLearningAcademy.com. It is a non-profit organization in Sarasota, Florida. We contacted them a few days ago to inform them that they’ve been hacked and are being misused but they never responded and the misuse continues through more phishing emails. Clicking the link in this bogus email brings you to a PayPal login look-alike page buried on the host server for thelifelonglearningacademy.com.

But now this scam gets really weird and we don’t pretend to understand what’s going on either. Being the Geek Dads that we are, we sometimes look at the source code of scam web pages to see how they are crafted. (You can tell a lot by doing this!) Look at the screen shot below of the source code for this PayPal phishing page. Hidden in the source code is a weird type of ASCII Art that spells out a name. (If you don’t know what ASCII art is, visit http://www.asciiworld.com/) Hidden in that name is an email address as well as Facebook page address. And to add strangeness upon weirdness the name “Fallag Mahdi” is Arabic but phonetically spelled into English…

 

4-PayPal phish source code

We visited the Facebook page (https://www.facebook.com/fallag.mahdi.tn) to find very little besides a graphic stating “I want to inspire people. I want someone to look and say because of you I didn’t give up.” But there is also more information in place of the Facebook profile photo. So into Google we searched for Fallag Mah Di Fallaga Team and jumped down the rabbit hole. Have a look at the Google results.  As best as we can tell, it seems that this is a team of Arabic hackers and what Google shows is that they have successfully hacked a number of websites. They even have a strange YouTube channel and post their exploits on it such as this one. Curiouser and curiouser, said Alice.

 

 

 

YOUR MONEY: Online Job Offers

Nearly every week we see bogus job offers or offers to do business with an email recipient. These scams come in many forms, from the rediculous to the sophisticated. Though we believe that anyone with half a brain should realize no stranger is going to email him or her and offer a job, the fact that these are delivered by the thousands every month makes us think there must be half-brained folks out there who want to believe. Here are a couple examples from the past week. This first email for a “survey specialist” claims to be from a Jeffrey Boyd, Hiring Manager from Dossier Group, LLC in West Hollywood, California. However the email was sent from barvycomplet_cz@blueberry.cz. Our readers know that a “dot” followed by 2 letters at the end of a domain name is a country code. Can you guess which country this email came from? No peeking! Answer is below…

 

 

We hope you guessed Czech Republic! You can look up 2-letter country codes on this Wikipedia table.  And if you read the email carefully you’ll notice that the English is awkward, once again indicating a non-native speaker.

 

How about this job offer below? Emails claiming you’ve been hired by Microsoft have been around since the Internet began in the 90’s! Of course you know the adage “if it sounds too good to be true, it probably is.” Somehow we think this is too good to be true… Weekly paychecks upwards of 11,000 working from home! Wow! Sign us up!

 

 

 

 

 

 

 

 

TOP STORY: Penny Stocks and Stock Tips

Penny stock scams are nothing new. The well-respected site BankRate.com explains penny stocks very well, including their risks and why they often seem to be associated with scams. One of the most notorious types of scams associated with penny stocks is known as “pump and dump.” Check out this article last year on the N.Y. Times website about the exposure of such scams. We believe this first email is part of such a scam. It was even reported on Reddit.com. And though PennyStockCrew.com seems to be a “legitimate” website that puts out a newsletter about penny stocks, this does not mean that this penny stock isn’t risky or that this email was actually sent by pennystockcrew.com! Someone on June 10 was clearly pushing this stock.   We wonder who was buying it up on June 9.

 


Even if you were interested in purchasing penny stocks, we would never recommend responding to random emails like the one below. It doesn’t matter how graphically slick and professional the email appears to be. This particular email has all the tell-tale spam/scam signs we’ve seen before and believe it was created by one of the criminal gangs in Eastern Europe or Russia. Look at the opening line at the top of the email. “Are you unable to scan Our A. d. because images are turned off? You have to touch me.” And then there is the bogus domain “equalistic.science” and the random text at the bottom of the email. 

 8-Put your spare change to good use with penny stocks

 

 

 

We asked the Zulu URL Risk Analyzer to check out the link in the email but it didn’t find any threats on the webpage the link points to. However, it did find an embedded code on the page that connected a visitor to another website called wwwclkcs.com. VirusTotal.com told us the security firm Fortinet identified wwwclkcs.com as being associated with malware. Just delete and stick with the major stock exchanges.

 

 

 

FOR YOUR SAFETY: Bank Password; Thanks for your Order: UPS order needs Attention

Below are three malicious emails, one of which was sent to us by one of our readers. The first encourages the recipient to open the attached “Re-activation form.” However, that attached zip file contains nasty malware!

 

The next email has so many red flags starting with the fact that they don’t identify the customer or what the order is for. “Your credit card will be charged for 199 dollars” is awkward. Which credit card? Ending in what four last digits? And what of that link in the email pointing to the domain sliver-cat.de? Do you recognize the 2-letter country code? .de = Deutschland. This link points to a server in Germany.

Just delete.

 

11-Thank you for your order

 

 

Your UPS order may need urgent attention but this ain’t from UPS! A mouse-over reveals the link points to a strange domain called awekedomainstudio.com and that large grey box at the bottom of the email contains random grey text that doesn’t show up until you drag through it to highlight it.

Just delete!

 

12-Your UPS order needs urgent attention


 

 

 

 

 

 

ON THE LIGHTER SIDE:

Our readers know that we continue to look for one real nugget of truth in the deceptive sea of the Internet and this time we think we’ve got it! Yep. We mean it. Mark our words…. Next week you’ll be telling all your friends about us and our sure-fire method of winning lottery after lottery after lottery. And after we’ve made our first million (or two) we’ll be sure to post the secret so our readers can benefit too!

Until next week, surf safely!

 

13-Couple wins lottery 3x in a month