May 16, 2018

THE WEEK IN REVIEW

Were it really possible, we would love to interview people who respond to emails generated by website comment spam like this one.  Comment spam is created when spammer bots visit websites and fill in their forms to automatically submit a comment to the site owner.  The following comment spam hit a non-profit organization’s website and they shared it with us. What human being responds to carp like this?  Anyone?

It came from a Yandex.com email address, that service based in Russia and Eastern Europe. “Buy viagria in Romania.”  Assuming for a moment that the reader is genuinely interested in viagra, what idiot would purchase it from a Romanian website?  A simple WHOIS lookup also reveals that this domain was registered at the end of March, less than 2 months ago, and is hosted on a server in Russia.  Is there any part of this picture that should give one the confidence to share credit card details with them for a drug to put in your body and expect it to prolong sexual pleasures?  If there is some guy who believes this, we want to sell him the Brooklyn Bridge and we’ve got the deed to prove we own it!

[hr_invisible]


[hr_invisible]

Phish NETS: Your Bill From Sprint and Click to Update Email

“Dear Customer, Your regular wireless bill on your account is now ready. Total balance due: $232.97” Except this bill didn’t come from Sprint.com.  It came from Sprint “@” sdcfl[.]com (Southern Development and Construction company in Florida).  The fraud is also easily revealed by mousing-over “Here” to see that the link points to a website called rampagenutrition[.]com.  What is even more startling about this phish is that the phone number provided is also a scam number.  The email invites you to call 800.SPRINT.1 and that translates to 800-777-4681.  We easily found dozens of complaints online about this number, going back several years.  Read some of the latest complaints and people’s experiences with this number at WhyCall.me

 

This next phish from a UK email address is pretty lame and we can’t imagine anyone falling for it.  “Server message” contains lots of English errors. The link connected to “Click to update” points to a domain name registered on March 29 in the Czech Republic and hosted in Kiev, Ukraine.

Deeeleeeete!

 

[hr_invisible]

[hr_invisible]

YOUR MONEY: Michael Kors Spring Sale and Stealth SmartCam

“Hours left! Extra 80% Off Spring Clearance”  for Michael Kors products in the middle of Spring?  If it sounds too good to be true…  We found that “Rhea Small Backpack” on a dozen websites, including the real Michael Kors site, for $126 to $298.  This email came from “Candice” at the domain xeijo[.]com.  This domain was registered  just a few weeks ago  on April 17 to someone from China.  All links in the email point to another domain pushop[.]top.  “Pu shop?” It, too, was registered recently (December 27, 2017) by someone else from China.  This spring sale website presents three possibilities…. Legitimate sale, a sale of knock-off products, or a malicious website.  Feel like playing Russian roulette with your credit card and clicks?

Here is another example of Internet criminals stealing the graphics and information of a legitimate company to use as click bait.  The “Stealth SmartCam” product in this ad is real but that 40% off price is just social engineering of your clicking behavior. The email came from the domain fit2u[.]stream and all the links point back to it.  It was registered on April 24 by someone named “raju kasde” from Indore, India.  What also strikes us as odd about Raju’s information is that he, like sooo  many of these malicious scams, listed an email address with Yandex.com. Step away from this landmine.  Interested in a stealth smartcam? Visit the real site: https://www.stealthsmartcam.com/

 

[hr_invisible]

[hr_invisible]

TOP STORY: Expedia Shenanigans?

Sooner or later, you are likely to consider using Expedia for your travel needs.  We’ve certainly used it ocassionally over the years. However, recent experiences with Expedia.com have us believing that Expedia regularly employs psychologically manipulative and questionable practices to pressure visitors into making purchases.  We are not calling Expedia a scam site, but some of their practices feel no different than scam practices designed to manipulate our behavior.   Here’s one example… Recently, Doug at TDS used Expedia to look for a hotel in Arlington, VA.  We couldn’t help but notice (by design) that the room for this Hyatt listed on Expedia was in “high demand” and only 2 rooms left at the discounted price, AND that “15 people booked this property in the last 48 hours.”

Doug chose this hotel and clicked “Reserve” to select a room at this hotel.  As he began to fill in the requested information he noticed two more things.   He was told that “11 other people viewing this property right now” and he noticed that the dicounted price of $141 had vanished.  The price was listed at $149.

The $8 savings was not a deal breaker but he wondered what had happened to the discount offer, so he called Expedia.  It didn’t go well!  By the end of the call we vowed to the Expedia agent never to use Expedia again!  Despite our repeated effort to email the agent a screenshot of the Expedia ad showing that this hotel’s price for the night in question had been reduced by $8, he repeatedly informed us that prices can change at any time and that the $141 price for our room was not available any more.  The advertising lie, along with “2 rooms left,” “15 people viewing this property in the last 48 hours” and “11 people viewing this property right now” felt terribly manipulative. This didn’t pass our “smell test.” We wondered how common these tactics were and so we selected a different Arlington Hotel and a room.  We were informed “we have 3 rooms left” at the reduced price of $127, down from $135. After choosing this reduced price room we were informed that “18 other people viewing this property right now” and “only 3 left of this room type on Expedia.”

[hr_invisible]

Suddenly these coincidental competitive circumstances didn’t feel so coincidental.  We began to search for hotel rooms at random cities across the United States for a one night’s stay, about a month in advance.  At this Montgomery, Alabama hotel, not only were we were told that “7 people booked this property in the last 48 hours” but we were also informed that this destination was a “popular location” and the property was already 50% booked for the night we were interested in.

[hr_invisible]

Similarly, other Montgomery, Alabama properties included statements like “10 people booked this property in the last 48 hours,” “In high demand! We have 1 left at…” and “Most popular! 15 people booked this property in the last 48 hours.”   In every city we looked, we continued to see statements that felt like pressure tactics to book a hotel room now. For example, in Rochester, NY where the first 4 hotels listed said…

11 people booked this property in the last 48 hours 13 people booked this property in the last 48 hours 7 people booked this property in the last 48 hours In high demand!  We have 1 left at $169 In high demand! We have 1 left at $93 6 people booked this property in the last 48 hours

We selected a Rochester hotel and once again, Expedia said the “Most recent booking for this property: less than 14 hours ago.”  All of this felt like total BS manipulation!  Would we see these same manipulative statements if we were to visit the city rated as the worst in the United States in 2017?  According to this October article in USA Today, Detroit, Michigan was rated as the worst American city to live in. Median home value was $42,600.  The poverty rate was found to be 39.8%, and the percentage of adults with a bachelor’s degree was 14.2%.  How high could the demand be for hotel rooms? Again, we asked Expedia to find us a hotel room a month in advance and looked at the most recommended hotel.  Expedia told us…

13 people booked this property in the last 48 hours

36 people are shopping for Detroit properties on Expedia right now

And we were informed of a “Daily Deal”  in which a time clock started to count down from 16 hours:

What about a small city?  According to SuburbanStats.org, the population of Auburn, Alabama was a little more than 53,000 in 2017.  The first hotel listed by Expedia in Auburn stated that:

“6 people booked this property in the last 48 hours”

“30% booked! Auburn is a popular location on your dates.”

Though we can’t possibly know for certain how many people booked a property or used the Expedia site to look at a hotel, we can tell you that all of this feels artificially manipulative.  There are many other travel websites that don’t feel as manipulative as Expedia and, from now on, we’ll be using those other sites.

[hr]

FOR YOUR SAFETY: Invoice From Associates, LLC and Good Morning Doug

A business sent us this next email, telling us that they have been getting lots of malicious emails in the name of  [NAME REDACTED] Associates, for some time now. Apparently, Associates LLC had had an email account hacked and the criminals stole their contact list which was now being used to lob hand grenades at the list addresses.  Notice that this hand grenade was actually sent from an address in Pakistan. (“.pk” = 2-letter country code for Pakistan) The undisguised link points to malware hosted on a server in Germany.

Ouch.

[hr_invisible]

Do YOU receive emails like this one sent to Doug at TDS?  “Good morning Doug” followed ONLY by a shortened link. Doug knows Meghan and knows she didn’t send it.  Like the account at Associates above, her email was hacked and the criminals are targeting all her contacts.  We unshortened the link to see that it points to a hacked website in the UK meant to inflict harm.

Another big, fat delete.

[hr_invisible]


Until next week, surf safely!