THE WEEK IN REVIEW
Last week we reported on the overwhelming volume of malicious spam emails related to unhealthy diets and being overweight. These social engineering tricks haven’t abated and now include subject lines that actually insult you… “Stop being so goddam overweight, you are a total loser.” All these emails have the same design, include a web beacon (identified by the red arrow in the 2nd email below) to track your interaction with them, and are malicious. Our personal favorite is “a letter from your close friend” who wishes to remain anonymous. How convenient.
Also, we don’t understand the complete fascination that people may have with Ellen DeGeneres but the scammers are using fake stories about her “quitting” TV to manipulate your clicking behavior. Ellen is not quitting and we’re certain the links in these emails are malicious. Have a look at this small sampling of the thousands of emails targeting people…
[hr_invisible]
Sample Scam Subject Lines: 19,000 people use EZ Battery Reconditioning [Celebrity News] Scarlett Johansson Shares Teeth Whitening Diabetes over – I just take this Hair loss reversed naturally Foggy memory? Always tired? Try this… #409 I still can’t believe how great this worked iPhone Photography –Knock Your SOCKS OFF! Neither Hillary Nor Trump Can Save the Economy from Meltdown Snap up this sensational welcome offer! There is no better time to register with our Palace than right now Time to move ahead Unlock Your Hidden Brain Power… #906 You’ll never need another pedicure, ever again!
Sample Scam Email Addresses 513351884 @ bdonline.com.br azooefea @ 1478189500.phonechathub.com bimba @ DoumeNit.com catholicization @ NoRetct.com chiffonnire @ MadmaHen.net cubmaster @ dayvebox.net datacase @ orangemail.co.bw denta_bright_pro @ brand.paini.us ecztv @ whm.assistline.com.tr heavy @ SoScmoke.net shalom @ stataxnt.net shiftiness @ GtoSinew.com understandableness @ KiwidCom.net
[hr]
[hr_invisible] We found no new phishing scams and nothing that directly phish’s for financial account information. The only phish we saw swimming in the sea of criminal intent are these two emails we’ve reported on before. And to be honest, we’re not 100% certain these are meant to phish. By the time we found these emails the sites didn’t seem to work in the way they were intended. The phony Facebook email points to a site in Russia (.ru = Russia) like all the other phony Facebook emails we’ve seen for many weeks. Though the fake Google email says “Gmail Team” it came from a domain in Germany. A mouse-over of the link “Learn More” in the email points to a WordPress website in Israel. The Zulu URL Risk Analyzer reports an 80% chance of malicious intent. Also, VirusTotal.com reports that 2 security services consider the domain to be hosting malware. You know what to do…. [hr_invisible] [hr_invisible] [hr_invisible] [hr_invisible]
Phish NETS: Sometimes the nets come up empty.
Any email from siepi @ GrinFfee.net has got to be suspicious! The subject line reads “The New Age of Movies and TV Starts Today, Save Thousands a year” While Neotube.tv seems to be a real consumer device, this email isn’t from it. Links in the email point to that odd domain grinffee.net. This domain was registered in April 19 to someone identified as “KatharinaJ Morgan” using an email address that comes from “sexlibrary.us.” Does this seem like anything remotely connected to the product you think you’re buying? Delete. There is no such thing as the “U.S. Solar Department.” Period! We found scam alerts about this official sounding name going back to 2014, which is about 9 years in Internet life! Visit the article at EcoXplorer.com. This pitch to save money on your energy bills is nothing more than a social engineering trick. Links point to the domain rogurery.net and it was registered by Miss “sexlibrary.us” herself, “KatharinaJ Morgan” on April 19. Apparently, Katharina had a busy day and registered a bunch of malicious domains that day. A big fat DEEEEELEEEETE! In an increasing climate of insecurity, uncertainty, and sweeping news reports of criminal behavior, more homeowners may consider a home security system than ever before. This may explain why we see an increasing number of scam emails pretending to be home security system deals such as this presumed ad for ADT. But it isn’t from ADT or SafeStreets USA, of course. But this email talks a great story of value and accompanying gift card. Donkey poo! The email came from, and links point back to the domain iligacan.com. Though it wasn’t registered to our new friend, Katharina, we did see that it was registered on April 19 to Timothy Khoury who also has an email address with the domain sexlibrary.us. (So far as we can tell, this is a “parked” domain that is currently not hosting a website.) [hr_invisible] [hr_invisible]
[hr_invisible]
YOUR MONEY: Tired of Paying for Entertainment, US Solar Department, and Your Home Security Info
YOU are so special that you deserve to be honored. It’s time that others recognize how amazing you are. Truly, we want you to join the ranks of the best, the most wonderful and recognized group of people to whom we can sell our junk! Your award is waiting… On May 9, four people at an organization received nearly identical emails from a domain called bestdealmakers-DOT-com. The subject lines read: “A business plaque was made for you to honor your recent achievements in Business” said one email to a school teacher, citing the Social Organization of the American Business Elite. In 1979, the American Sociological Association published an article by Michael Useem in their Review journal that contains the first instance we can find of the name “Social Organization of the American Business Elite.” Though his article has been cited hundreds of times, we cannot find the existance of any such group today. Realistically it doesn’t matter. If you put your critical eye on this vanity email, we’re sure you’ll spot several red flags to suggest the entire thing is cow manure… [hr_invisible] Red flags include… And if you did your “due diligence” and Google’d the domain the email came from, you’ll discover at the top of Google’s list of returns are links and references to fake email generator sites and other spam. This vanity pitch is so far from the truth that we can’t verify a single thing about it. And sadly, many people will fall for it. “Vanity scams” and pitches are effective and have been a staple of the criminal fraud arsenal since before the Internet. Read our feature article about this type of scam and then send us YOUR thoughts to IamSpecial@TheDailyScam.com, because we know how special each and every one of us is! And for $99.95 we’ll tell you that in writing! Recognizing Vanity Scams: http://thedailyscam.com/articles/recognizing-vanity-scams/ [hr_invisible]
[hr_invisible]
TOP STORY: Your Award is Waiting
[hr]
FOR YOUR SAFETY: April Invoice and Part Time Work
Imagine getting an email that quotes YOUR EMAIL you sent on May 4! You supposedly sent an email to Steve Smith saying “Did you send me the april invoice?” The email actually came from an address in Turkey (.tr = 2-letter country code) and the link for the supposed invoice leads to a hacked website in Columbia. We looked up Steve’s email address and found this scam warning from Georgia College We don’t even have to check… That link is 10000% malicious. We’ld bet on it!
[hr_invisible]
Looking for some part-time work? Think this could be legit? “Lawrence Murphy” doesn’t even try to hide where the link leads to so could it be legit? He says that details are on his website. Don’t do it! We pointed the Zulu URL Risk Analyzer at that link and the results below say it all.
[hr_invisible]
[hr_invisible]
[hr_invisible]
ON THE LIGHTER SIDE: From James Comey – Your Reparations
The day before James Comey was fired he sent us an email letting us know that we have money coming to us to from a compensation fund to pay for the many times we have been unscrupulously swindled! Finally, compensation for being scammed! It’s about time. We just have to contact the very legitimate email address moneygramoffice84 @ yahoo.com. Gee, we hope his firing doesn’t delay our payment.
[hr_invisible]
From: www.@oboe.ocn.ne.jp
Time: 2017-05-08 01:11:46
Subject: WESTERN UNION/ MONEY GRAM
WESTERN UNION/ MONEY GRAM
Dear Beneficiary,
After proper and several investigations and research at Western Union and Money Gram Office, we found out that your name in Western Union database among those that have sent money through Western Union and this proves that you have truly been swindled by those unscrupulous persons by sending money to them through Western Union/Money Gram in the course of getting one fund or the other that is not real.
In this regard a meeting was held between the Board of Directors of WESTERN UNION, MONEY GRAM, the FBI alongside with the Minister of Finance, As a consequence of our investigation it was agreed that the sum of $1.9 Million United States Dollars should be transferred to you out from the funds that The United States Department of the Treasury has set aside as compensation payment for scam victims.This case would be handled and supervised by the FBI. We have submitted your details to them so that your funds can be transferred to you. Contact the money gram head office through these listed information below:
Contact Person: Jeremiah Bokhan
Address: Money Gram Post Office,
Email: moneygramoffice84@yahoo.com
Phone:+1725 465-1777
Fax:+229 99465302
Yours sincerely,
James B,Comey.
—
Until next week, surf safely!