May 17, 2017

THE WEEK IN REVIEW

Last week we reported on the overwhelming volume of malicious spam emails related to unhealthy diets and being overweight.  These social engineering tricks haven’t abated and now include subject lines that actually insult you… “Stop being so goddam overweight, you are a total loser.”  All these emails have the same design, include a web beacon (identified by the red arrow in the 2nd email below) to track your interaction with them, and are malicious.  Our personal favorite is “a letter from your close friend” who wishes to remain anonymous. How convenient.

 

[hr_invisible]

[hr_invisible]

Also, we don’t understand the complete fascination that people may have with Ellen DeGeneres but the scammers are using fake stories about her “quitting” TV to manipulate your clicking behavior.  Ellen is not quitting and we’re certain the links in these emails are malicious.  Have a look at this small sampling of the thousands of emails targeting people…

 

 

[hr_invisible]

Sample Scam Subject Lines:

19,000 people use EZ Battery Reconditioning

[Celebrity News] Scarlett Johansson Shares Teeth Whitening

Diabetes over – I just take this

Hair loss reversed naturally

Foggy memory? Always tired? Try this… #409

I still can’t believe how great this worked

iPhone Photography –Knock Your SOCKS OFF!

Neither Hillary Nor Trump Can Save the Economy from Meltdown

Snap up this sensational welcome offer!

There is no better time to register with our Palace than right now

Time to move ahead

Unlock Your Hidden Brain Power… #906

You’ll never need another pedicure, ever again!

 

 

 

Sample Scam Email Addresses

513351884 @ bdonline.com.br

azooefea @ 1478189500.phonechathub.com

bimba @ DoumeNit.com

catholicization @ NoRetct.com

chiffonnire @ MadmaHen.net

cubmaster @ dayvebox.net

datacase @ orangemail.co.bw

denta_bright_pro @ brand.paini.us

ecztv @ whm.assistline.com.tr

heavy @ SoScmoke.net

shalom @ stataxnt.net

shiftiness @ GtoSinew.com

understandableness @ KiwidCom.net

 

[hr]

 

 

 

[hr_invisible]

Phish NETS:  Sometimes the nets come up empty.

We found no new phishing scams and nothing that directly phish’s for financial account information.  The only phish we saw swimming in the sea of criminal intent are these two emails we’ve reported on before.  And to be honest, we’re not 100% certain these are meant to phish.  By the time we found these emails the sites didn’t seem to work in the way they were intended.  The phony Facebook email points to a site in Russia (.ru = Russia) like all the other phony Facebook emails we’ve seen for many weeks.  Though the fake Google email says “Gmail Team” it came from a domain in Germany.  A mouse-over of the link “Learn More” in the email points to a WordPress website in Israel.  The Zulu URL Risk Analyzer reports an 80% chance of malicious intent.  Also, VirusTotal.com reports that 2 security services consider the domain to be hosting malware.

You know what to do….

 

[hr_invisible]

[hr_invisible]

 

 

[hr_invisible]

 

[hr_invisible]

[hr_invisible]

YOUR MONEY:  Tired of Paying for Entertainment, US Solar Department, and Your Home Security Info

Any email from siepi @ GrinFfee.net has got to be suspicious!  The subject line reads “The New Age of Movies and TV Starts Today, Save Thousands a year”  While Neotube.tv seems to be a real consumer device, this email isn’t from it.   Links in the email point to that odd domain grinffee.net.  This domain was registered in April 19 to someone identified as KatharinaJ Morgan using an email address that comes from “sexlibrary.us.”  Does this seem like anything remotely connected to the product you think you’re buying?

Delete.

[hr_invisible]

There is no such thing as the “U.S. Solar Department.”  Period!  We found scam alerts about this official sounding name going back to 2014, which is about 9 years in Internet life!  Visit the article at EcoXplorer.com. This pitch to save money on your energy bills is nothing more than a social engineering trick.  Links point to the domain rogurery.net and it was registered by Miss “sexlibrary.us” herself, “KatharinaJ Morgan” on April 19.  Apparently, Katharina had a busy day and registered a bunch of malicious domains that day.

A big fat DEEEEELEEEETE!

 

[hr_invisible]

In an increasing climate of insecurity, uncertainty, and sweeping news reports of criminal behavior, more homeowners may consider a home security system than ever before.  This may explain why we see an increasing number of scam emails pretending to be home security system deals such as this presumed ad for ADT.  But it isn’t from ADT or SafeStreets USA, of course.   But this email talks a great story of value and accompanying gift card.  Donkey poo!  The email came from, and links point back to the domain iligacan.com. Though it wasn’t registered to our new friend, Katharina, we did see that it was registered on April 19 to Timothy Khoury who also has an email address with the domain sexlibrary.us.  (So far as we can tell, this is a “parked” domain that is currently not hosting a website.)

[hr_invisible]

[hr_invisible]

[hr_invisible]

TOP STORY: Your Award is Waiting

YOU are so special that you deserve to be honored. It’s time that others recognize how amazing you are.  Truly, we want you to join the ranks of the best, the most wonderful and recognized group of people to whom we can sell our junk!  Your award is waiting…

On May 9, four people at an organization received nearly identical emails from a domain called bestdealmakers-DOT-com.  The subject lines read:

  • From the Offices of The Social Organization of the American Business Elite
  • Your award is waiting
  • A once in a lifetime invitation
  • Your colleagues believe you are one of the best

“A business plaque was made for you to honor your recent achievements in Business” said one email to a school teacher, citing the Social Organization of the American Business Elite.  In 1979, the American Sociological Association published an article by Michael Useem in their Review journal that contains the first instance we can find of the name “Social Organization of the American Business Elite.”   Though his article has been cited hundreds of times, we cannot find the existance of any such group today.  Realistically it doesn’t matter.  If you put your critical eye on this vanity email, we’re sure you’ll spot several red flags to suggest the entire thing is cow manure…

[hr_invisible]

Red flags include…

  1. Email was sent from the domain bestdealmakersonline-DOT-com, not the organization the email claims to represent. This domain was registered the day the email was sent (We are shocked!) by a James Wilson from Georgia and is being hosted in London, England.  James is a busy fellow.  He has nearly 3000 domains registered in his name!
  2. Somebody needs to work on their language skills! “We are delighted to inform you of this word, which will hopefully be the first of many…”
  3. “With our greatest regards, [first_name_mixed] [last_names]” Oops!  Someone’s field insert codes didn’t work as they were supposed to work.
  4. When we dragged our mouse through the large grey area below the white text box, we found lots of spammy text meant to fool anti-spam servers. Here’s what this text begins with… “Heres what we can all learn from these incredible food winners Like many entrepreneurs Laura Behrens Wu started a business to solve a problem she herself facedjust not right away. When attending Wharton towards the end of my first semester there a professor of mine pulled me aside and asked ‘Omar what are you doing here’ I replied in confusion’ What do you mean I’m here to get an MBA.’ He pressed me and asked ‘ But why do you think you need an MBA’ I was completely puzzled at this point and had no other option other than to come clean and say ‘I want to be a great entrepreneur and I thought I have to go get an MBA to be one.’ He shook his head in disappointment and said ’You don’t get an MBA to be a great entrepreneur. You get an MBA to get a middle management job at Goldman Sachs or Morgan Stanley with zero experience”  This text is a mix of text taken from several published articles across the Internet.

And if you did your “due diligence” and Google’d the domain the email came from, you’ll discover at the top of Google’s list of returns are links and references to fake email generator sites and other spam.  This vanity pitch is so far from the truth that we can’t verify a single thing about it.  And sadly, many people will fall for it.  “Vanity scams” and pitches are effective and have been a staple of the criminal fraud arsenal since before the Internet.  Read our feature article about this type of scam and then send us YOUR thoughts to IamSpecial@TheDailyScam.com, because we know how special each and every one of us is!  And for $99.95 we’ll tell you that in writing!

Recognizing Vanity Scams: http://thedailyscam.com/articles/recognizing-vanity-scams/

[hr_invisible]

[hr]

FOR YOUR SAFETY:  April Invoice and Part Time Work

Imagine getting an email that quotes YOUR EMAIL you sent on May 4!  You supposedly sent an email to Steve Smith saying “Did you send me the april invoice?”  The email actually came from an address in Turkey (.tr = 2-letter country code) and the link for the supposed invoice leads to a hacked website in Columbia.  We looked up Steve’s email address and found this scam warning from Georgia College  We don’t even have to check… That link is 10000% malicious.  We’ld bet on it!

 

 

 

 

 

 

 

[hr_invisible]

Looking for some part-time work?  Think this could be legit?  “Lawrence Murphy” doesn’t even try to hide where the link leads to so could it be legit?  He says that details are on his website.  Don’t do it!  We pointed the Zulu URL Risk Analyzer at that link and the results below say it all.

[hr_invisible]

 

 

[hr_invisible]

[hr_invisible]

 

ON THE LIGHTER SIDE:  From James Comey – Your Reparations

The day before James Comey was fired he sent us an email letting us know that we have money coming to us to from a compensation fund to pay for the many times we have been unscrupulously swindled!  Finally, compensation for being scammed!  It’s about time.  We just have to contact the very legitimate email address moneygramoffice84 @ yahoo.com.  Gee, we hope his firing doesn’t delay our payment.

[hr_invisible]

From: www.@oboe.ocn.ne.jp
Time:  2017-05-08 01:11:46
Subject: WESTERN UNION/ MONEY GRAM

WESTERN UNION/ MONEY GRAM

Dear Beneficiary,

After proper and several investigations and research at Western Union and Money Gram Office, we found out that your name in Western Union database among those that have sent money through Western Union and this proves that you have truly been swindled by those unscrupulous persons by sending money to them through Western Union/Money Gram in the course of getting one fund or the other that is not real.

In this regard a meeting was held between the Board of Directors of WESTERN UNION, MONEY GRAM, the FBI alongside with the Minister of Finance, As a consequence of our investigation it was agreed that the sum of $1.9 Million  United States Dollars should be transferred to you out from the funds that The United States Department of the Treasury has set aside as compensation payment for scam victims.This case would be handled and supervised by the FBI. We have submitted your details to them so that your funds can be transferred to you. Contact the money gram head office through these listed information below:

Contact Person: Jeremiah Bokhan
Address: Money Gram Post Office,
Email: moneygramoffice84@yahoo.com
Phone:+1725 465-1777
Fax:+229 99465302

Yours sincerely,
James B,Comey.

Until next week, surf safely!