March 20, 2019


Have you ever wondered what it costs to purchase fake “likes” or “followers” to make it look like social media content is more popular than it really is?  A business who gets our newsletter sent us this email they received through their website Contact Us form. We use this email to support our drumbeat pointing out how easy it is to deceive others online.  By the way, this email could, by itself be deceitful and NOT what it appears to be. The business was invited to click a link that points back to a website hosted in Turkey. That is suspicious for a company in the U.S.  However, $99 for 4000 Facebook followers? Sounds like a good deal to us!

Our Top Story from October 31, 2018 was about Fake Product Reviews and in our April 25, 2018 Top Story about Instagram scams, we included information about how easy it is to buy fake likes and followers.

In case you hadn’t noticed, it is tax season in the United States.  We urge our readers to be on high alert concerning “vishing” scams… “Voice phishing” phone calls by people claiming to be from the IRS or Department of Treasury.  The caller will present charges against you about your taxes and pressure you to pay up immediately or risk a hefty fine. Don’t fall for this malarky! The real IRS and Department of Treasury will never call you and make these threats!



Phish NETS: Reddit?

For another week, the world of phishing is exceptionally quiet and calm!  This is unprecedented! It is our second week in a row that none of our thousands of readers have sent us any phishing attacks samples.  Even’s Phishing discussion group shows barely any content at all over the last two weeks!

However, we did see this brilliant illustration of a “phishing attack” perpetrated against an toddler who THOUGHT he was getting pizza!  Enjoy this “bait and switch!”

GRAPHICS BELOW ARE PART OF OUR TOP STORY: The Last Laugh from The Laffer Center






YOUR MONEY:  Amazon Shopper Rewards

We’re so sorry to have to report it but once again Amazon users are being heavily targeted.  Here’s just such an attack whose design is new to us, though the content is very familiar. Also, it actually made us smile to see that the email came from “Gmayl[.]com” instead of  “Congrats! You’ve been selected to participate in a monthly $50 Amazon Shopper Promotion.”



A close look at the links in this email reveal that they point to the link-shortening service called (even though there is nothing tiny about this link!)  We used to unshorten that link. You’ll be redirected to a website that kinda, sorta sounds legitimate for a marketing service and called customer-poll[.]com.  However, before you think this is a marketing service hired by Amazon to conduct the survey, notice that Fortinet has identified malware waiting for you at the other end of that redirect.






TOP STORY: The Last Laugh from the Laffer Center

According to their Twitter account, the Laffer Center for Supply-Side Economics was founded in 2011 and is dedicated to preserving and promoting the core tenets of supply-side economics.  There were 8 tweets in 2012 and then the account has been silent. Last week the Laffer Center appears to have been resurrected. Some criminal gang is making a really bad joke on Netizens and wants you to think that “the laffer center” is responsible for this bad joke.

Websites are routinely hacked and misused in many ways such as phishing scams or the planting of landmines for unsuspecting netizens around the world to stumble upon.  Even when compared to this malicious routine, what we saw last week dwarfed the norm when our honeypot accounts were riddled with bullets that all had one thing in common… “The Laffer Center” but with a small and critically important twist.  The real Laffer Center’s website was originally registered as a DOT-org. “” We’ve been getting lots of emails associated with thelaffercenter[.]com and they are anything but funny.  Take this email pretending to be about NeoTube.  Lots of people complain about the pricing of cable TV and paying for lots of channels you never use (including us!)  But before you think to click and explore this deal, notice that the email came from the domain thelaffercenter[.]com.



All the links in this wolf-in-sheep’s clothing point to a website called mercadolicre[.]com (which sounds a lot like the legitimate domain and service called Mercado Libre —  Mercadolicre[.]com was registered last October 23, 2018 by a Panamanian proxy service and is being hosted in Mumbai, India.  It took no time at all for our security services to identify that this domain is a very deceptive website…



As if that wasn’t enough to be a source of dangerous emails, the criminals then decided to turn thelaffercenter[.]com into a landmine for our missteps and use email content that has proven to be very successful in the past to manipulate people’s clicking behavior….”shocking videos” and “public safety alerts.”

“SHOCKING VIDEO: 8-year-old girl discovers weird trick that earns $490,000+” and “Public Safety Alert in Your Area: You are receiving this email because there may be a risk of sex offender activity in your area.”




Both emails are EXTREMELY manipulative and EXTREMELY dangerous!  They were sent from thelaffercenter[.]com and have links that point back to the same domain.  Fortunately, the website has already been blacklisted by McAfee security services and Spamhaus due to the volume of spam associated with the site.  In the Phishing column of this newsletter, we’ve posted two more emails that came from thelaffercenter[.]com and have links pointing back to it.

What do we know about thelaffercenter[.]com versus  Though was registered more than 10 years ago, the domain is currently for sale and the organization no longer appears to be operating.  Unfortunately though, the website that existed on this legitimate site was allowed to lapse and security flaws were discovered by hackers in the Spring of 2018.  It has clearly been hacked and is being misused by someone who speaks Japanese. Have a look at what Google shows up about this site:



As for thelaffercenter[.]com, it was registered just 2 days before we began getting a flood of hand grenades in our inboxes.  It, too, was registered using a private proxy service located in Panama (a favorite service with criminals) and is being hosted on a web server in Amsterdam, Holland. Don’t let the last laugh be on you!  Be skeptical online and don’t click anything without looking carefully at the source of information and where those links point to!


FOR YOUR SAFETY: Kindly Download the Business Proposal

One of our business readers sent us this next malicious email.  They receive queries from all over the world but this one made them pause and they asked us about its authenticity.   It failed miserably. The download link for the business proposal points to a website called sharedrive[.]top.  McAfee Security service informs us that this location has been blacklisted.  Not only that, but that domain was registered just 5 days before this email was sent and that is NEVER a good sign!





Until next week, surf safely!