THE WEEK IN REVIEW
In last week’s newsletter we mentioned scam postings on Facebook as well as scam emails targeting those with health problems. These threats have not abated. Check out this one below about finding relief from acid reflux, or these two “sponsored ads” that recently appeared on Facebook. “Sylvester Gets Arrested!” and “Sean Penn goes to jail.” We are led to believe that the former is from an article at espn.go.com and the latter is for an article on the huffingtonpost.com. However neither is true. We used the “site:” command on Google to conduct a search of both domains and these articles. Can you guess what we found? A big fat nothing. Sylvester’s arrest photo is likely from a 2007 arrest that did take place in Australia (though we cannot confirm that) and the Sean Penn link leads to a sketchy website called lodgeweekly.com that was registered at the end of December and the registrants information is hidden behind a proxy service. We don’t know exactly what these scams are about but both “ads” are lies and mislead the public with their links. **sigh** It’s so easy to deceive others online.
Speaking of deception, we couldn’t resist showing you how many women out there seem to be looking for men! Or at least that’s what this list of emails wants you to believe. Are men really that gullible? (Ladies, please don’t answer that!)
Sample Scam Subject Lines: Accepted: Your Salary Advance ADHD—Diagnosis and Treatments… Alert: Your Business Account Info #5115500 Best Swing for Older Golfers Book the Best-Alaskan Cruises… Google sent you $4300 Install this to cut power bill in half Last Chance: Sam’s Club $50 voucher Last Chance: Save $90 on 12 delicious bottles of wine Re: Save 50% off remaining 2015 Honda’s inventory Step-by-Step Simple Woodworking-Projects Stop wasting money on your phone service Trump’s Simple Plan to Better Every American Warning: reduce your chance of a heart-attack by 90%
Sample Scam Email Addresses: Amazon-Reward@jngvc.heavek.top CarInsuranceFinder@evidentine.download Cary.Nelson.MD@jkkmn.kieggs.top CBN@cbnbank.ph.tn Costa-RicaResorts@capitulance.download Diabetes.Video@pcbvg.nobodyu.top DepressionSymptoms@acqueve.download Golf.Digest@xsfrs.staffft.top Private.Jet.Rentals.Specials@opawq.copperl.top No-Fail-Woodworking@hfiprh.policya.top po@eyeonsystems.com UrgentHealthNews@opsif.rtinsel.top WineHomeDelivery@xdee.bfshout.top
Most email users don’t know that there is a kind of massive underground email system that uses generic email software provided by web hosting companies known as webmail. These are not the Gmail, Yahoo, or Hotmail of email. But they are no less important. We at The Daily Scam use this software to connect to our readers who personally contact us. This generic email system explains what this first phish is all about…. The email claims to come from blackboard.edu, referring to an online educational service called Blackboard that is used by many universities. However, there is no such domain. All dot-edu domains are administered by Educause and their WHOIS reports no such domain. (Try looking it up yourself.) A simple mouse-over of the link reveals that it points to a hacked WordPress website of the domain trulyundeniable.com. Virustotal.com informs us that this hacked domain has been hosting malware/phishing attacks for several days now. (By the way, we loved the way the scammers spelled “cooperation.”)
“Your Apple ID is pending deletion” says an email from applenecessities.com! The phishers don’t even make the effort to hide their scam domain in the links: applesecuritynotice.org and applesupport4853.org. The first bogus domain was registered with a proxy privacy service in Australia and is being hosted in Munich, Germany and a WHOIS tells us that the second domain is not even registered. (How is this possible?) Delete!
Last week we reported on many phishing attacks targeting Apple GSX account users. These attacks have continued. Delete!
Phish NETS: Webmail and Apple Accounts (Again!)
Also last week we showed you a well-crafted scam email about used car prices. The same scammers have moved on to new car price scams this week with a ridiculous domain called neucarr.date. By now our readers know the drill so well they can recite it… And now we all say…. Deeeeeleeeete!
Looking for a home security system? Don’t click on anything in this email. The strange domain umbralam.download was registered using Alpnames to someone with the email address sheisamonsterlalala@mail.com on the day before the email was sent. Doesn’t that email address inspire confidence in home security? Yeah, we thought the same.
Looking for discounted leather apparel? You might like the email below but you’ll find no deals at the end of these links. Viewclick.top was registered, once again using Alpnames.com, to an organization called Digital Technical. We identified Digital Technical as a non-existent entity in last week’s newsletter. They are associated with over 200 domains and our strong guess is that every one of the domains is used in a scam and registered through Alpnames.com. Just delete and move on.
Your Money: Compare New Car Prices, Home Security, and Leather Jacket Sales
Absolutely shocking! No, we mean it! The most scammy word we see used over and over that guarantees something is a scam is the word shocking. In fact, we can’t really think of a single instance where we’ve seen the word legitimately used in any type of ad, email or online solicitation. Have a look at this list of email subject lines from one honeypot email server over the last few days:
Our own knee-jerk response is to reach for the delete key every time we see the word “shocking” appear in a subject line or message. But we forced ourselves not to delete this time and offer our readers a few of these shocking gems. Enjoy.
So, a little advice…. The next time an ad, email, or social media post tells you that they have something shocking to show you or banned, a scandal, life-changing, proof, or 100% effective… just reach for the delete key, or ignore it and smile because you just dodged a bullet.
TOP STORY: The Best Scam Word is… Shocking!
FOR YOUR SAFETY: Court Notice, Insurance Documents and Invoice for Your Purchase
Once again we ask our readers…. Would you have clicked on the emails below out of curiosity? “You have to appear in the Court on the February 27. Please, prepare all the documents relating to the case…” and “The Court Notice is attached to this email.” Of course that court notice contains nasty malware in the zip file. The same is true for the Word document in the “Invoice” email below. “Dear valued customer, we are very grateful for your purchase.”
The email about Insurance Documents #414-55089586-414 contains a malicious link hidden by a shortened URL. The link for “click here to view” points to the domain 1642539.pw (The first portion nstawpxrtk is just a subdomain.) Dot-pw is actually the 2-letter country code for Palau in Micronesia. However, in 2013 Symantec published a report identifying .pw as a major source of malicious email and spam. Read their report. A WHOIS lookup of 1642539.pw shows that it was registered on February 24 by someone named Amina Strom from Landsbro, Sweden.
Just delete.
ON THE LIGHTER SIDE:
Our readers know we always like a good deal! That’s why we were so excited to get these laundry detergent coupons by email from AVP Digital Media! Our wives will be so pleased!
Until next week, surf safely!