THE WEEK IN REVIEW
In case you hadn’t noticed, it is tax season. We know this for certain because there has been a noticeable uptick in the number of phony IRS phone calls targeting Americans. And, despite recent snow storms, April is approaching. Here’s an example that one of our readers received twice on March 22…
IRS Fraud audio clip
Forbes Magazine posted a nice summary article recently describing a dozen tax scams listed by the IRS. It’s a worthwhile read. Visit: IRS Warns On ‘Dirty Dozen’ Tax Scams
In a recent newsletter we told readers that spammers try to avoid the scrutiny of anti-spam servers by breaking up the word “free” in a subject line, by separating each of the letters with periods. We saw spam last week that used this same technique for the word “offer.” The email sender’s address began with: DroneO.f.f.e.r. Perhaps we should generalize and suggest to readers that they can just delete any email that contains a word in the subject line with letters separated by periods, like this: D.e.l.e.t.e!
Also, just last week our Top Story concerned website domain names meant to deceive Americans. We pointed out that many of these had been traced to criminals in Iran. Just a few days ago the FBI announced the indictment of nine Iranians who have been charged in a massive hacking campaign on behalf of the Iranian government. You can read the article about it on the FBI’s own website, titled State Sponsored Cybertheft.
Are you looking for deals online to buy a new or used laptop? Read our latest feature article “Would you buy a computer from them?“ After reading it, we think you’ll want to stay AWAY from these sites!
[hr_invisible]
[hr_invisible] Surprisingly, we found no phish during the past week. However, with tax season upon us and April 15 just a few weeks away, we thought our readers would benefit from recent Internet articles about taxes and phishing scams. Enjoy! From CPA Practice Advisor: Tax Pros Being Hit with New Phishing Scam, Putting Client Data at Risk From CNBC: Popular tax software may expose users to phishing attacks From Forbes: IRS Reports ‘Steep Upswing’ In Taxpayer Data Thefts From Tax Preparer Offices From Security Boulevard: Tax Phishing Scams Are Back: Here Are 3 to Watch Out For [hr_invisible]
Phish NETS: Resources to Avoid Tax-related Phish
Flight simulator programs are popular and have become very realistic, as the subject line in this next email suggests. However, everything in this email was stolen from the legitimate business, ProFlightSimulator. The email below didn’t come from the real business and all the links point back to a crap domain sevnia-DOT-bid. According to a WHOIS lookup, sevnia-DOT-bid was registered through a private proxy service in Panama just a week before this email was sent. That gets a fast, flying delete from us! Do you dream of one day owning a luxury, fancy car? According to this email, you can “get the car you’ve been dreaming about” through a Choice Car Loan. But this email doesn’t represent Choice Car Loans, or any legitimate auto loan company. A WHOIS look up says it all. The domain byuii-DOT-faith was registered on the same day and time that the email was sent by someone claiming to be “Luis Welter” from Oklahoma City. We find it interesting that Luis listed an email address with the Russian email service called Yandex. By the way, Luis says he lives on Ruckman Road in Oklahoma City but Google maps can’t find any road by that name anywhere in Oklahoma. Note the telltale white text in the white space below the email, trying to fool anti-spam servers. Also, the Zulu URL Risk Analyzer informs us that the domain is 100% malicious! Have you missed Obamacare Health Plans? Not according to this phony-baloney email from ObamacareHealthPlans “@” bcjsaa-DOT-trade. And just like the above scam, the domain bcjsaa-DOT-trade was registered by “John Allen” who claims to be from a street in Fayetteville, North Carolina that doesn’t exist, according to Google Maps. Dear John also listed an email with Yandex. A big, fat delete! [hr_invisible]
[hr_invisible]
YOUR MONEY: Realistic Flight Simulator, Get the Car You’ve Been Dreaming About, and Obamacare Open Enrollment
Both scammers and telemarketers are using increasingly sophisticated technology in the form of chatbots and “conversational agents” to engage with consumers. Tens of millions of Americans are getting these sophisticated calls or text interactions and it is sometimes hard to know who is legitimate and who is a fraudster. Dan Shewan of The Wordstream Blog wrote an excellent article in October, 2017 detailing this type of technology and how it is being used. You can read his article “10 of the Most Innovative Chatbots on the Web.” Doug at TDS recently experienced this first hand. And it took him nearly 30 seconds to realize the caller was a robot call. Listen to his recorded casual conversation with “Elizabeth from the Resort Rewards Center.” Qualify for resort stay in Florida audio clip
“Elizabeth” sounds soooo realistic! Did you notice how her directed conversational style leads him into predictable responses? This makes it possible for “Elizabeth” to continue their conversation so easily. There are hundreds of complaints on the FTC.gov’s website about “Elizabeth from the Resort Rewards Center.” Read the FCC article and comments posted there. Judging by the complaints posted by others, this call is a scam. The chatbot call spoofs real people’s phone numbers and many have complained that they get multiple calls coming from different local phone numbers. In 2017, many news and consumer sites were warning Americans to beware of both chatbot and real human callers who were recording the conversation. The purpose of these scam callers was to record the person as he or she simply said “yes” to a question, thereby providing a “voice signature.” Along with their name and other stolen information, that “yes” response was enough to authorize fraudulent charges against them. Here are a couple of articles about this manipulation: From ABC News: FCC Warns Consumers About New “Yes” Phone Scam From LA Times: Whatever you do, don’t say yes when this chatbot asks, ‘Can you hear me?’ There is a Robocall Index, created and maintained by a company called YouMail. According to the index, as of March 25, 2018: The Robocall Index makes it possible to enter your own area code. We entered our local area code and discovered that at least six of the top ten robocallers were scams. (A few of the top ten could not be determined as legitimate or scams.). YouMail.com also keeps a phone directory where you can submit scam and spam robocalls to their growing directory. (Visit https://directory.youmail.com/ ) When we checked their directory, we found lots of scam and spam calls, including “Elizabeth from the Resort Rewards Center” posted on 3/24/18 9:49 PM. The YouMail call directory lists the top scam calls as well. During our visit on March 25, the list included: So, the next time you get a call from an unrecognized number and answer it, don’t say “yes.” Instead, ask a question and see what kind of response you get. Or better yet, just hang up. USA Today has posted an article titled “How to stop these annoying, endless robocalls to your smartphone.” However, if you really want to stop robocalls AND waste their time, costing them money, get the app RoboKiller. [hr_invisible]
[hr_invisible]
TOP STORY: Think You’re Talking to a Real Person?
[hr]
FOR YOUR SAFETY: Greetings and Deadly Beauties
Greetings, says an email containing nothing more than a shortened bit.ly link. Our experience tells us that this short link will send us directly to a malware infection. In this case, Unshorten.it told us the link will send us to a hacked website in Argentina.
[hr_invisible]
Since early January we’ve seen a significant uptick in malicious emails disguised as emails representing dating websites. These tend to be extremely malicious and we advise all our readers to delete any similar emails they receive. Here are a half-dozen that came to us in the last week. Notice the crap domain names that follow the “@” symbol!
Beautiful Asian <BeautifulAsian @ bdee-DOT-trade>
Beautiful Asian <BeautifulAsian @ fhzss-DOT-trade>
Datehotrussian[.]com <Datehotrussian[.]com @ favcc-DOT-trade>
Date Hot Russian <DateHotRussian @ carremote-DOT-club>
Exotic Girl Friends <ExoticGirlFriends @ htmac-DOT-club>
Romance Tale <RomanceTale @ ewqsaaw-DOT-top>
[hr_invisible]
Until next week, surf safely!