June 27, 2018


On the one hand, we can’t imagine any of our readers falling for this social engineering trick to learn how this “82 year old woman now looks 58.”  “By simply rubbing this on your face, every single facial line and blemish will go over within hours.” Of course the link is malicious and designed to infect your computer…

However, what about this online review of Velairé Anti-aging Face Cream?  We recently heard from a woman who reported very deceptive terms for ordering free samples of this cream.  When we started digging online about this and other facial creams we discovered a rabbit hole so deep that we couldn’t possibly investigate all of it.  But we made a good effort to expose deceptive and unfair marketing and charges. Read about what we learned recently in our feature article Anti-Aging Face & Skin Creams.


IMPORTANT NOTE: Are you a Sprint customer?  If so, read about this scam reported to us recently from another Sprint user, especially if you have kids on your Sprint plan.




Phish NETS: Docusign Cordial Invitation

What makes this phish much more risky than most is that it was sent from a real businessman’s hacked email account.  Subject: “William [NAME REDACTED] has shared ‘Cordial Invitation’ with you.” Fortunately, the coding for this phish had some problems, making it suspicious.



YOUR MONEY: Oakley Sunglasses

We continue to get emails for name brand products at discounts of 80% – 90% off, and from oddball domain names such as this one, dmtey[.]com.  Like others we have reported, this domain was registered in China just a few months ago through a private proxy service.  The from email address is crap, like the domain name.  Our first thought is that it is a “knock off” site but real risks also come from handing over your credit card information to these people. Would you trust them with that information?  Not us. There is also more going on here anyway. We asked the Zulu URL Risk Analyzer to evaluate that link for this sale on sunglasses. It found the link to be 100% malicious!




TOP STORY: Manipulating Your Clicks to Install Malware

People keep a great deal of personal information on their computers AND use their computers to access a great deal of personal accounts!  Think about your own activities… Social media, banks, credit card companies, retirement and other financial accounts, medical records, services and commercial accounts like Uber, Amazon, Wayfair, etc…. And all of these can be monetized for someone else’s financial gain if their access fell into the wrong hands.  That’s what a lot of malware is designed to do, capture access to these accounts. And there are also the Internet criminals who simply want to hold your devices ransom by encrypting it with malware and then selling you the decryption key to gain access to it. Those decryption keys are costing $300 – $600 for personal computers and about $600 – $6000 for business computers.

A TDS reader recently sent us several different emails that were obviously malicious as revealed by looking at links revealed by mousing-over.  However, we were surprised to learn that they were all related and part of the same trick to motivate the recipient to install malware on his computer.   Take these first two emails, received on June 21 about five hours apart. They are similar and very suspicious, beginning with the subject line “Purchase verified.”  The first was sent from an email account in France (“.fr” = France).

The next day, the same fellow received an email from “Google Support” but using an email address of hawkins “@” lamaravilla[.]com.  “We have sent you a message: 2 broken emails was found” and “View emails”  Our first reaction was that this was a phishing email targeting Gmail account holders.  But we were wrong! Clearly, mousing-over the link for “view emails” reveals that it doesn’t point to Google.com or Gmail.

And then, two days later, the same guy gets this spoofed email pretending to be from FedEx about delivery problems.  Subject “Not possible to make delivery” sent from “Katherine” using an email address in Germany. (“.de” = 2-letter country code for Deutschland = Germany)  Based on the grammar error in the email, the sender’s first language is not likely English. And a mouse-over of “Limitation of Liability” easily reveals the fraud because it doesn’t point to Fedex.com.


When we investigated all four of these emails, surprisingly, we found that they were are related and had one thing in common.  They all led to redirected websites where the visitor was informed that his Adobe Flash Player software was out of date. He was asked to install updated software to continue.  On this screenshot you can see that the fake Fedex link doesn’t send the visitor to Adobe.com but to a website called forgot2buypremiumlistcontentsumup[.]bid.  This malicious website was registered in Panama on June 21, just 3 days before the email was sent.

These emails are just social engineering tricks meant to infect your computers with malware.  The creators of this crap are very persistent and are obviously using many websites and types of emails to achieve their criminal goals.  Never, ever install software on your computer because a web page or popup tells you to do that! If, for example, you think your Adobe software is out-of-date, visit Adobe.com and look there for the latest version.  However, Adobe’s software is also capable of letting you know when it is out of date and gives you the option to install a more up-to-date version!


FOR YOUR SAFETY: Scary Sextortion

One of our readers sent us this email and it is extremely frightening if it weren’t for just one small important fact…

We have heard from a few dozen men over the last year who have been extorted for money because of videos taken of them while they engaged in online sexual activity with women in other parts of the world (e.g. Philippines, Russia and Ukraine)  However, the man who sent us this email told us he wasn’t worried and knew it was a scam because he hadn’t visited any adult-content websites! Also, he received two of these emails just hours apart, from different email addresses and asking for different amounts of money.  This was a mass emailing trick hoping to find someone who had been on an adult website recently. To read more about the REAL and very scary sextortion attempts we’ve written about, visit our articles Sextortion Scam Via Facebook and Sextortion Scam By Textbot?


Until next week, surf safely!