June 6, 2018


In last week’s Your Money column we showed a fake email pretending to be from a legitimate loan service.  The “from” address actually said it came from “WiliamsSonoma@…” followed by a domain name so long that it exceeded the viewable field in the email.  The criminals sending these malicious emails continue to use this trick (See the MacDonald’s gift card below.). Check out the “from” address in this email pretending to represent Federal Auto Warranty with savings up to 60% off.  It’s just click bait. Once again, these criminals are misusing the Google API system to redirect visitors to a malicious website.  Don’t click just because you see Google listed in the link address!


Did you hear about this fake news story that targeted Starbucks last week on Facebook?  It sounds like something the alt-right might do in response to Starbuck’s announcement that it would close all stores across the country for racial-bias training as a result of the arrest of two African Americans at a Starbucks in April.  From our perspective, there are two important lessons in this fake news piece…

  1. Facebook still has little or no control over the fake news that targets its users, despite their recent apologies and increased effort to prevent posts like this.
  2. Don’t believe everything you read online.  In fact, keeping a healthy dose of skepticism is critically important in today’s politically charged time no matter what your views are.


Check out our latest feature article I Love You, Send Me Money!” and learn about Kayla’s dating experiences meeting men on Plenty of Fish.



Phish NETS: BB&T Bank, USAA Bank, and Apple GSX Login

If Phishers were all as lame as those who created this week’s phish, we would have nothing to worry about at all!  Check out this week’s phish to have a good laugh. Enjoy…

This email “from”  BB&T Bank doesn’t contain any graphic representing the bank.  It doesn’t hide the link the criminals created using the shortening service ow.ly.  And, it says it was sent to Undisclosed-Recipients from an address at Cox.net.  Nonetheless, we did our due diligence and followed that link to a website in the UK (see Unshorten.it results below)  The webpage waiting for you on that UK site looks exactly like a real BB&T login. At least they got that part right.



We feel sorry for people who use USAA Bank.  They have been getting hammered lately with phishing attacks more than any other service we have tracked, including Apple Computer account holders!  At least this phish was sooooo lame that none of the graphics worked properly. Also, the text is full of errors and the link obviously doesn’t point to USAA Bank.  It points to TheWhiskyBarkl[.]com, a hacked website from Toronto, Canada.  We visited the link, expecting to see a phishing login for USAA Bank and were very surprised what we found instead. The hacker is clearly very proud of his or her work!


Finally, we offer this outstandingly bad phishing effort to capture the login information for Apple tech support folks who use an Apple service called GSX.  This was most likely created by a newbie amateur from Russia. A WHOIS lookup of the domain wdslapi[.]com shows that it was registered by a privacy proxy service located in Moscow, Russia on May 30th.

Comrade, deeeleeeeete!



YOUR MONEY: Claim Your MacDonald’s Gift Card, Savings on Dish TV Packages!

This MacDonald’s Gift Card is phony-baloney and made by the same criminal gang who are abusing the Google APIs and sending email from an account labelled “WilliamsSonoma@…”  ‘nuf said.


Most people we know who have Comcast TV or Verizon TV complain about these service providers.  We do! That might explain why criminals are pushing click-bait disguised to look like discounts and special packages from Dish TV.  Check out these two we received within hours of each other. The first offers “up to 20% off Dish’s best package. Plus get a $50 prepaid card when you sign up for Dish.”  Except that this email didn’t come from Dish and the links don’t point back to Dish. This email links back to the domain cretkwell[.]trade.  According to the Zulu URL Risk Analyzer, that domain is 100% malicious and is on several Internet blacklists.




And then there was this email with the subject line “Protect your wallet with $360 savings on TV.”  Though it also looks like a Dish promotion it’s just another landmine waiting for your click. This email came from the crap domain fofrafflmd[.]date, and contains links that point back to it.  There are no links to Dish or any legitimate marketing service.  This crap domain was registered in January, 2018.




TOP STORY: Microsoft Office and Your Privacy

Technically, this week’s Top Story is not a scam at all.  However, it is about exceptionally sleazy and sneaky practices that were just implemented by Microsoft against Apple computer users of its Office products. (We suspect that these same practices will hit Windows users of Office products soon, if they haven’t already.) Users of Microsoft Office have always had various preferences to adjust, or turn on/off in the Office suite of products.  One of those preferences has been to allow Microsoft to collect data from your use of Office, presumably so they can better understand the problems that arise during use and try to fix them in future versions.  Here is a screenshot of the “Feedback” preferences one sees from an Apple version of Office 14. The critically important thing to see is that YOU HAVE A CHOICE whether or not your computer sends data to Microsoft.  Though Microsoft says that you can participate in their “Customer Experience Improvement Program” anonymously, it’s important to point out that nothing is truly anonymous online unless you work for the CIA, Mossad or MI5.  Data has to come from some IP address (ie. your IP on the date/time you send it) and can always be traced unless you go to great effort to obfuscate it.


As best as we can tell, you have always had a choice whether or not to send data from your computer to Microsoft up through Office version 16.12.  However, that just changed recently with the small update to Office version 16.13. In Office 16, the option to share data with Microsoft can be found in the “Security & Privacy” preference.  Here’s a screenshot of this preference in version 16.13:


There are two critically important things to note in this new preference for Office 16.13.  The first is that you can no longer say NO to sending your data to Microsoft from your computer.  Secondly, the default setting is to send FULL DIAGNOSTIC DATA to Microsoft. Do you think most people even notice this setting?  We don’t think so. Besides the fact that you no longer have a choice whether or not your computer sends data to Microsoft, what’s the real issue here?  Isn’t it in our best interest for Microsoft to improve the products we use? Plus, it appears that we won’t be sending Microsoft any personal information UNLESS we check the checkbox under “Privacy” to allow that, right?

Not so fast!  First of all, we have to point out how disturbing it is to see that you COULD send personal information to Microsoft under the pretense of making improvements to Office.  But others are suggesting that this could be happening anyway.  For example, Sam Herschbein is a IT support specialist.  He recently posted the following on a MacEnterprise listserv about privacy concerns with Office 16.13.  We have reposted it here with his permission:

On Tuesday, May 29, Mr. Herschbein writes: “With the Office 16.13 & 16.13.1 updates Microsoft removed the ability to turn off sending diagnostics. There are now only two options:    * Send basic diagnostic data    * Send full diagnostic data According to Microsoft when “Send full diagnostic data” is enabled the memory containing the document’s content “may” be uploaded to Microsoft. Uploading client confidential information to Microsoft is not HIPAA (USA’s Health Insurance Portability and Accountability Act) compliant. IMHO for HIPAA compliance every user MUST have “Send basic diagnostic data” set for every installed Office app. Microsoft decided to default the new setting to Full, not Basic. Microsoft also made this a separate setting for each Office app.  To manually fix this requires logging into each user, launching 4 or 5 Office apps, and changing the preference in each.”

Big companies like Facebook, Snapchat, Apple, Microsoft and others have a history of playing loose with people’s privacy and data. We last wrote about this topic in our article “You Think Your Life Is Private?” in January, 2017.  This time, the fact that you have no ability to turn off the sending of data to Microsoft, AND that you cannot see what data is sent from your computer makes us feel that our collective privacy will be abused.  We are well beyond the illusion that there is any personal privacy on the Internet. But this is so distasteful because it concerns the privacy of data on our own computers. We hope consumers speak loudly by refusing to move beyond Office 16.12.  Or better yet, stop using Office at all until Microsoft hears our anger with them.

If you use Microsoft Office (Mac or PC), we strongly suggest you check your version number AND your preferences about privacy and security.  And then complain to Microsoft.Here is a link to a discussion on the Microsoft Discussion Forum about this issue.


FOR YOUR SAFETY: Critical Alert for Your Profile

This email was sent to us by a TDS reader.  First we thought it was some type of phishing scam.  But we were wrong. The subject line is “Critical alert for your profile” and says “sign-in attempt was blocked for your profile.”  The link invitation to “CHECK ACTIVITY” points to a server in Brazil. (“.br” = 2-letter country code for Brazil) It turns out this was a trick to take the user to a phony pharmacy site selling lots of viagra, cialis and other pills.  We put this in “For Your Safety” because we can’t imagine how anyone would believe in the safety or efficacy of these pills sold this way.


Until next week, surf safely!