March 14, 2018

THE WEEK IN REVIEW

Search engine poisoning.  It isn’t pretty and can be deadly depending on the poison being applied.  Though it sounds like we could be talking about the Russian spy and his daughter who were poisoned in the UK last week with an alleged Russian nerve agent, we’re not.  This type of poison shatters our trust in search engines to deliver the information we’ve asked for because we believe search engines have our best interests in mind when they return links in response to our search request.  Firstly, we shouldn’t be so naïve.  Depending on what you search for, Google is often paid to put responses on the first page of returned links in front of your eyes. Not necessarily because they are the best links to match your search.

But paying to put links in front of our eyes isn’t our point here. After all, money makes the world go around. Our point is that Google, and other search engines, can be poisoned.  This means they can be manipulated by external forces to pull up links that shouldn’t be there or are not legitimate, such as fake Amazon customer service numbers.  We’ve been writing about this scam since the summer of 2017 and it’s still going strong.  Look what Google returned as the second link a few weeks ago when we searched for “amazon prime customer service telephone number.”  That phone number beginning with 844 is a scam number that will cost you dearly should you call them for help.  We’ve posted 100 fake phone numbers that have poisoned Google in our article about this fraud. If you want to learn how to identify real from fraudulent phone numbers, read our article.

 

Doug from TDS recently invited a group of Middle School students to use the website called “Have I Been Pawned?” to learn if the email address and password of any immediate family member has been identified as stolen.  Surprise!  About half of all the students found one or both of their parents had an email account and password stolen, some as recently as August, 2017.  Visit https://haveibeenpwned.com/ and find out for yourself.  If you appear on their lists, ask yourself if you’ve changed your password since the date posted.  AND do you use that password in any other accounts? It may be time to change that password for ALL ACCOUNTS in which you use it!  And while you are at it, find out how strong that password is by testing it at How Secure Is My Password.”

Think you can tell a fraudulent consumer support website from a real one?  How about a fake Hulu website?  Check out our latest feature article… Deceptive Consumer Services!

[hr_invisible]


[hr_invisible]

Phish NETS: Apple YouTube Subscription Confirmation and PayPal Payment Sent

This next email certainly didn’t come from Apple’s app store but it wants you to think it did.  “Your Subscription Confirmation” was sent from myhelpacc-DOT-com.  This bogus domain was registered on February 15 through a private proxy service in Canada.  This phish is another social engineering trick.  You’re told that you’ve just made a purchase!  That’s likely to get a knee-jerk click-response but clicking that link to cancel the YouTube Red Subscription will send you to a phishing site intent on capturing your Apple login credentials.

Deeeleeete!

[hr_invisible]

This next phish was screenshot on a phone and sent to us from a TDS reader.  We couldn’t determine exactly where that link “Cancel Now” will send you but our reader doesn’t have a PayPal account and knew it was a phish.    Got a suspicious email or text?  Send it to spoofs@thedailyscam.com!

[hr_invisible]

[hr_invisible]

YOUR MONEY: Invoice Notifications, and Try Your Rosetta Stone Demo for F.r.e.e.

In today’s digital age it’s quite common to get invoices via email.  But below are bills you shouldn’t click and pay!  A sharp Office Manager knew this online invoice wasn’t what it appeared to be and sent it to us.  Though it says “OnlineInvoices Inc” after from, the domain seen after the “@” symbol is for a medical equipment company, not onlineinvoices.com.   Look closely at the email… Who was it sent to?  What business? And what was the $1,270 for?  This email could be sent to anyone!  Mousing-over the link for “Pay Your Invoice Here” shows that it points to a web site called danstruckerblend-DOT-com.  We asked VirusTotal.com to investigate that link.  Look below what waits for you when you arrive…

[hr_invisible]

Rosetta Stone is an educational company making software to help people learn another language.  And though this email says that it is from a “Rosetta Stone Affiliate” it is a lie.  The oddball domain after the “@” symbol should be a warning to all that it is malicious.  However, we can make it even easier for readers to identify this wolf in sheep’s clothing before you open it.  Look at the subject line… “Online Special: Try Your Rosetta Stone Demo For F.r.e.e.”  We have seen hundreds of malicious emails that try to fool ant-spam servers who are designed to be suspicious of things marked “free.”  Criminals try to avoid this scrutiny by breaking up the word “free” such as f.r.e.e.  So, the next time you spot a subject line offering anything for f.r.e.e.

Reach for the delete key!

[hr_invisible]

[hr_invisible]

TOP STORY: When Skype Accounts Get Hacked

Skype is an outstanding service that allows one to video chat with people all over the world.  We use it often to stay in touch with friends and family.  But what might happen if someone’s Skype account gets hacked and why would a hacker bother?  So they can say hello?  The answer should be obvious.  A hacked Skype account becomes another landmine placed at your feet.  Stepping on it can lead to a malware computer infection.

Doug at TDS has lots of contacts in his Skype account.  From a friend’s account last week he found a link that was sent through the Skype text window.  He immediately recognized a shortened link created through Google’s shortening service and, very likely, malicious.

Using Unshorten.It we’ve determined that this short link will redirect him to a website named “your best profit” DOT-com.  Hmmmm…. Was his friend trying to tell him about an investment opportunity?

VirusTotal.com found one AV service identifying this website as “suspicious.”  The Zulu URL Risk Analyzer didn’t find the website malicious, but with a score of 35, it wasn’t completely innocent either.  Zulu also found that the website is being hosted in Luxembourg, that small European country sandwiched between Belgium, France and Germany.

[hr_invisible]

Our curiosity was piqued!  We sent our best scout, Screenshot Machine, to take a look.  What it found confirms that this is not in our best interests.  “Now Live: Free Millionaire Blueprint Make $1,843,207.48 in 90 Days!  Be sure your volume is up.  Click play now to watch the video!”

Any time some anonymous website in a foreign country claims to make you a millionaire, common sense tells us to walk away.  Additionally, we’ve also seen sites like these used as another social engineering trick to have you install malware on your computer so you can “watch the video.”  By the way, that domain, your-best-profit-DOT-com?  It was registered by “Eleonora” from Mexico City, Mexico on February 22, 2018 just days before Doug received the shortened link.  Does any of this inspire confidence to sign up for whatever-this-is?  The lesson here is simple, Skype can be weaponized and used against you too.  We’ve informed our friend about his hacked Skype account.

[hr_invisible]

[hr]

FOR YOUR SAFETY: ACH Form, I Found Someone You Have to Meet, and You Are A Finalist!

According to Wikipedia, “Automated Clearing House (ACH) is an electronic network for financial transactions in the United States. ACH processes large volumes of credit and debit transactions in batches. ACH credit transfers include direct deposit, payroll and vendor payments.”  Now imagine getting the email below.  Do you recognize the country that appears in the link you are asked to click?  “.mx” is the 2-letter country code for Mexico.  The person who sent us this email informed us that “[REDACTED] Associates” is a firm they have done business with for years.  This “Associates” firm has had their name used dozens of times to send emails with malicious links.  And their domain is not “adamsthermal-DOT-com.”  The Zulu URL Risk Analyzer rates the link in this email as 75% malicious.  We can do better… 100% malicious

We like meeting new people!  We’ve “met” people from all over the world via our blog, The Daily Scam.  From Australia, to Africa to Europe!  It’s always interesting and we routinely learn new things from our readers.  And so, we were delighted to get this email from Sheila.  Or is it from Annita?  Not sure.  “I found someone that lives in your area YOU HAVE TO MEET.”  Wow!  That sounds like a strong recommendation!  Plus, we didn’t have plans for the weekend so it worked out!  We asked “mom” (the Zulu URL Risk Analyzer) if we could go out on a date with this mystery person but mom said no.  Malicious!  What a surprise.

[hr_invisible]

Didn’t you know?  YOU ARE A FINALIST!  Yup.  One of a select few! “Confirmation Needed: $500 Winner Every Day!” says an email from evrydy-DOT-com. Of course, you can see where this is going but we have to go there anyway…

The link for “Claim your entry now” points to the crap domain harii-DOT-win.   Our “mom” (Zulu URL Risk Analyzer) told us there’s nothing wrong here and we can go out and play.  But even Mom can’t know everything!  She did inform us that “Harii” made plans for us to meet another website that appears to be “shawcking!” But Virustotal.com doesn’t like it, so we’ll just stay home and watch TV.

[hr_invisible]

[hr_invisible]

[hr_invisible]


Until next week, surf safely!