Please support our effort by making a small donation. Thank you!

x

June 2, 2015

THE WEEK IN REVIEW

This past week, The Daily Scam began to see a few newly designed and tweaked scams that were rehashed from old scams. Read the stories below to see what’s been cooking online. To warm you up, here are some of the subject lines we’ve seen in scam emails, followed by other scammer’s email addresses:

Subject lines:

Cracked phone screen? Same day repair. Your place.

Disturbing video depicting the fall of the U.S.

Family counseling. Drug Rehabilitation help!

Important revelations about your life

Learn more about a reverse mortgage

Putin forewarns: Obama will not finish his second term

Re your student loan pmts

Request received –lender approved

Serious results from one simple trick

Your future is revealed

Your home loan savings guide

Uber for iPhone repair

Email addresses:

American_Preppers_Network@notabrink.com

BankgroundCheck@falto.science

business@bookfoea.com

business@worinest.com

Dr._Skinny_Jeans@muderateli.com

EducationOnline@presiege.eu

Ethan-Hamilton@lunar-sleep-info.com

HolidayGiftBasketDiscounts@peytown.science

MBAdegreeguide@videntine.science
Mesothelioma_Symptoms@opingst.science

PaidSurveys@emeaker.eu

theeconomist@ejti.science

UltrasoundTechnicianProgams@chanish.science

Wireless_Internet@thyroided.com

 

 

 

 

 

Phish NETS: Read Brian Kreb’s Blog about Phishers and a New Facebook Phishing Threat

We don’t mean to wimp out on this week’s Phish Nets but Brian Krebs is a brilliant cyber-security author we follow. Last year he published the book “Spam Nation,” a worthwhile read if you are geeks like us.

Brian just published an article on his blog titled “Phishing Gang is Audacious Manipulator” and we recommend it so much that we invite you to click through to Brian’s site and read it. Also read the comments that appear at the bottom of his post.

Well done Brian!

And while we’re on the subject of recommending some good reads around the web, check out this recent post about a phishing scam on Facebook recently meant to capture user’s login IDs and passwords. “The scam involves replies made to users’ posts informing them that their accounts may have to be suspended due to reports of abuse. The only way to prevent the suspension, according to the scam messages, is to enter your login credentials and update your payment information in Facebook’s system.” For more info, visit: http://bgr.com/2015/05/26/facebook-recovery-message-scam-phishing-warning/

 

 

 

YOUR MONEY: Donate Used Cars and Bloomberg BusinessWeek Subscription

The punks that target us demonstrate over and over that they don’t care who they hurt or how much. Take the next scam as an example. Many non-profits are finding the value in encouraging folks to donate a used car and take a tax write off. Online criminal gangs are now copying this model as well but you won’t get a tax write off! Check out this recent email:

1-Donate used cars to charity

The “Donate used—Cars to Charity” email was sent from a very strange domain named “godthority.science.” According to a WHOIS lookup, this domain was registered the day before this scam came out and registered to a company called “KX-Media Solutions” by someone named Karl Ramdy. Google can’t find any such company.  Also notice the spammer tricks in the above email…

  1. Text at the bottom of the email meant to trick an anti-spam filter.
  2. Text at the top of the email that should say “Can’t view the commercial ad” but instead is obfuscated to read “cant view the c0mmercial A.D.”

Or how about this email to purchase a subscription to the well known magazine Bloomberg Businessweek:

2-Bloomberg Businessweek 12 issues for 12 dollars

 

 

 

 

 

 

 

A mouse-over reveals that the advertisement leads to another odd website called “burbada.science” that was registered the week before on May 20th. Do you notice any similarities between both of these scam ads? We believe they were designed by the same criminal gang. Look at the first two lines of text in each scam email. The similarity is no coincidence. Nor is the fact that they are using dot-science domains for their scam.

Just delete! delete! delete!

 

 

 

 

TOP STORY: Power-Innovator.org and Richard Goran

We wish we had a dollar for every time we said how easy it is to decieve others online. Anyone can say anything on the Internet and create phony credentials and professional-looking websites. Such was the case with the most recent feature article on our website titled “Graduation Season is Time for Honor Society Scams.”

This week’s top story concerns a mix of too-good-to-be-true claims and Amazon scams. We saw many scam emails during the past week like these two…

3-Your Amazon order needs your attention

 

 

 

 

 

 

4-Your Amazon order wont be shipped

These emails were also created by the same individual(s). The colored rectangle at the bottom of the email actually contains random text of the same exact color as the rectangle and is therefore invisible unless you drag through it (as we did in the 2nd email.)

 

At first we thought that these emails might be Amazon phishing scams meant to capture login details, or perhaps links to malware designed to infect computers. However, neither seems to be the case. We were intrigued by the reference in email #1 (and other emails) to the “Home energy saver device” and did some digging. We found that the links in these scam emails send the recipient to a website called Power-Innovator.org. (WE DON’T RECOMMEND VISITING THIS SITE because it may infect the visitor’s computer with malware.)

It turns out that Power-Innovator.org is a very professionally created website by a “Dr. Richard Goran” who alleges that he has invented a remarkable energy-saving device that can lower your electric bills. Check out this very slick press release about his “invention” on the site abnewswire.com –NOT to be confused with abcNewswire.com. Or this YouTube video in which someone demonstrates his amazing discovery. Apparently, for $49 a web visitor can purchase Dr. Goran’s secret “power innovator” device so that he or she can also lower electric bills. So… Is it real? Check out what these folks have to say about Power-Innovator.org and “Dr. Richard Goran.”

Scam Alert: Beware the “Power Innovator” Free Energy Ruse from the San Diego Consumer Action Network.

Power Innovator Program Scam Review from Open4Energy.com, a website devoted to provide information to consumers and small businesses on energy consumption and renewable energy generation.

By the way, the San Diego Consumer Action Network claims that “Dr. Richard Goran” doesn’t exist. Yet, if you search for his invention and his name, you’ll find many websites oohing and ahhing about this invention, while others commend how well “he” has promoted his scam. By the way, do you wonder who owns the website “Power-Innovator.org?” No one can find out because the domain was registered through WHOIS Guard privacy protection service in Panama. Sound trustworthy to you? Yah, we didn’t think so either. Just delete and pay your electric bill like everyone else. Like we said, anyone can claim anything on the Internet. And if you believe “Dr. Goran,” then you’ll likely believe the spoof website called Save the Tree Octopus” too.

FOR YOUR SAFETY: Are Your Kids Safe? / Complete Deposit Today … and more

Scammers have often preyed upon parents’ concerns about their children by manipulating them to click so this headline is nothing unexpected. “35.8% of sexual assaults occur between the ages of 12 and 17… Are your kids safe?” This email has all the signs of spammer tricks including the random text at the bottom and the opening line “If you can’t examine our A.d. from unloaded images.” A WHOIS lookup shows that the strange domain “civisus.science” is owned by a Todd P. Koster. but we can’t find any information about this person or his phone number listed on the WHOIS. We asked the Zulu URL Risk Analyzer to check out the link in this email and it replied that there was 0% risk that it was malicious. But wait! Zulu said that the web page contained a redirect sending a visitor to a another web page buried on a website called rd1.rpredir04.com. We asked Zulu to look at repredir04.com and again Zulu reported that the web page was harmless. But wait! Guess what Zulu found? You guessed it! There was another script redirecting us to a website called enzjptkr.com. And what did Zulu think about this third website? 100% malicious!

 

5-Are your kids safe

 

 

 

 

 

 

 
 

And then there is this… “Attention required to complete your deposit today” sent from Message_Response@weighborhood.com.   Not “neighborhood.com.” It is remarkable how little information is contained in this email. What card? From what business? What’s my name? But a line like “please review information below to ensure accuracy” may be just enough to entice someone to click. The links are, of course, malicious. Want a better understanding of malicious redirects buried in links or websites? Read our article “How to spot a redirect.”

 6-Attention required to complete deposit today

 

 

 

 

 

 

And finally, there’s this one… “Please access your money in the TOS system” and “you are invited to claim your pending commission payment.” Though the domain “myuniquekingdom.com” looks like it might be legitimate we assure it is not. Look below at the Zulu URL Risk Analyzer’s score for this link.

 

7-Claim your commission payment

 

 

 

 

 

 

 

8-Claim your commission payment Zulu score

 

 

 

Delete. Delete. Delete.

 

On the Lighter Side: To be 30 again…

We’re older than 30. A lot older. But we wish we were 30 again. There must be something special about being 30 because we’ve seen a bunch of 30-year-old women like these two telling us they want to meet us. Should we be honest with Alena and tell her we’re north of 50? Between the two, our vote goes out for Alena. We think Svetlana might be a little light in the head. She said she would send us a pic of her in her next email but her first email came with her pic. She gave us hope that she’s interested in an older man but then she confused us when she said “do not answer me… if you got letter by accident.” Didn’t she know who she was sending it to?!

Until next week, surf safely!

 9-I am 30 years old

 

 

 

 

 

10-I am a 30 year old