THE WEEK IN REVIEW
In recent weeks The Daily Scam has informed readers to expect an increase in scams related to tax season. Here are two more samples from the previous week: Tax Refunds for Car Donations and File Your Taxes Online.
Also, last week’s top story was about the word shocking and how likely it is that you are reading a scam if the word is used in a post, tweet, email or text. We should add another word of caution whenever you see a post, tweet, email, or text containing unbelievable news, such as this recent email. Resist the urge, take a breath and don’t click. More often than not, it is a lie at best, or malicious at worst. “Paul McCartney no longer has Alzheimer’s.”
Sample Scam Subject Lines: 12 time lotto winner explains his biggest secret ATTENTION PLEASE GET BACK TO ME Delay with Your Order #321F49E0, Invoice #72376418 FWD: Sears will replace your roof within budget GNC: Product of the Year 2016 How to Slow Down the Symptoms of Aging (video) My fat sister looks better than you Ocean freight from China One more Reason to Binge Watch with DISH Transaction and Payment Confirmation Why Donald Trump Thinks Your Stupid Wireless security cameras Women’s..Pluz-Size..Clothing Your Secret Code
Sample Scam Email Addresses: abcshitnews@fitdiet.click amazingpatiofurniture@homepatio.date amazon-reward@iotry.generalbonuscards.top besthybridcars@hybriidcar.pro Blood.Sugar.News@philosophicalnessin.download Costa-RicaResorts@servential.download CruiseTheWorld@sawer.recary.top discountairfare@airtikett.date edu@degrees.co.vu Fox-Weekly-Update@uhdfr.rbigger.xyz PrintPetCoupons@conquestic.download StandingDeskBenefits@rogiver.pro ToursofIreland@irelandvist.pro wirelesssafetycameras@watchcamera.pro
Scammers continue their scampaign against Apple users. We can only speculate why Apple account holders are the preferred whipping boy of the Phishers. But we are certain about one thing, the criminals doing this are motivated by money… plain and simple. For whatever reason, they must earn more money by targeting Apple account holders than other account holders. Most financial services these days offer increased security as either 2-step verification for users or a user-selected graphic to remind the account holder that the website they are about to log into is legitimate, or both. Apple doesn’t offer either feature. (To learn more about 2-step verification and how to turn it on, visit this article at Gizmodo.) Fortunately, all of the phishing scams we have seen are easily revealed by mousing-over the link to reveal the fraud OR adhering to the policy never to click on an attached file such as html, shtml, or htm file to download. To better understand the risks of file types attached to emails, read our article Filenames Will Set You Free. The link in this phish points to the website mosabeh-stones.com. The website is for a stone cutter in Hebron, Israel whose website was hacked. Just delete!
Phish NETS: My Apple
We are seeing many brand new graphics and scam ideas from the same criminal gang. It makes us wonder if they hired someone new or simply decided that it was time to revamp a lot of the “tried and true” scams because fewer people were clicking on them. And though we believe this criminal gang is located outside of the United States, we often think that they must have Americans working for them because there is a great deal of sophistication in both the topic selection for the scam and the timing to deliver the scam. But before you give them too much credit, keep in mind that they also push out a lot of ridiculous garbage that can only fool the most gullible and uneducated. These next four scams are more nuanced…
2. Single Parent Dating Services sent from SingleParent
Yes, the scam above was registered using Alpnames by Sheisamonsterlalala@mail.com. Bottom line? We are confident that all of these scams come from the same criminal group because they share too many things in common including the timing of their release, template design/layout, coding, use of the dot-pro top-level domain and registration information. And now let us all say… Deeeeleeete!
Your Money: Adoption Resources, Single Parent Dating Service, Shop Women’s Wear, and International Tour Packages
DatingOnline@tamasif.pro The domain tamasif.pro was also registered on the day the email was sent, March 3 by someone using the email address sheisamonsterlalala@mail.com. We reported on this bogus registrant in last week’s newsletter. By the way… That lovely photograph of the family of four was taken from ShutterStock.com and has been used in dozens of marketing emails. Check it out on TinEye.com.
@instinctno.pro Care to take a random guess who registered the domain instinctno.pro? You’ve got two good choices and we’ll give you a hint… BOO!
They’re baaack! Months ago during the Christmas holiday season we were all flooded with $50 promotion scams but they dried up not longer after New Year’s had passed. Now they are back with a vengeance and many of them claim to be rewards or vouchers celebrating Spring! Lucky us. Let’s start with these three identical, and obvious, scams that appear to be from Amazon, Sam’s Club and Costco for $50…
And then we have this re-issued scam email used hundreds of times in 2015 that has a new year stamp on it and identified as a “Costco appreciation voucher.” “Congratulations! You are participating to win a $50 COSTCO Gift-Card or equivalent Visa Gift-Card.” The domain excusea.top was registered by someone named Richard Clark from Chatellerault, France on March 4. As if there were any question about the legitimacy of this website, Google cannot find any such domain in use.
Finally, here is an email that wants you to believe you have received a Kohl’s $50 2016 gift reward. But like the other emails, it’s as bogus as a $3 bill. Just delete and be happy you’ve dodged a bullet.
TOP STORY: $50 Spring Rewards Scams
FOR YOUR SAFETY: Update Windows, Walmart Voucher Code, Detailed Bank Invoice, CVS Extra Care Rewards Program
TDS has recently been seeing a wider variety of short emails carrying malicious files in many different formats. Malicious code, meant to do you harm, can be hidden inside Word and Excel documents, pdf files, and many more file types. Here are a few examples…
And in case you had any doubt about that attached Excel xls file called “Hillsong-71083” look at what Sophos told us about the file:
We also saw something new and very dangerous this past week because we believe there is a significant risk the email can successfully engineer a recipient to click. Would you have clicked the link? It appears to be about CVS ExtraCare Rewards but it was sent from Yael@patttobirkse.click. “Important message for CVS card holder #14275. Your CVS-Extra-Care Savings and Rewards Card Has Just Been Updated.” The link Go Here to Confirm… points to a shortened link from the service OW.ly. We unshortened the link using Unshorten.it and discovered that it points to a file located on the odd website called “prize-o-rama.0379.pics.” We can’t say for certain what the scam is here but we’re 100% certain that it is malicious!
DEEEELEEETE!
ON THE LIGHTER SIDE: Your Profile on Facebook
How can we resist such a lovely offer from a woman named “FAVOR?” Her sincerity and interest in us clearly demonstrate good intentions and good taste! We are, after all, good people too! We’ll let you know next week how our new friendship goes. Until then…
Surf safely!