Please support our effort by making a small donation. Thank you!

x

May 20, 2015

THE WEEK IN REVIEW

The scammers continue to rehash the same junk they’ve been sending out for years and we’ve seen it all before like these three emails:

Final Notice –view your quote before it expires

Get your free trial of baby products

This Shocking Government Secret Revealed!

This Shocking Government Secret Revealed!

 

Subject lines during the past week included:

Auto repairs are expensive. NEVER pay for one again!

Eating this KILLS diabetes! (in 7 days or less)

Enhance your memory with one simple trick

Find any lost items in seconds with your smartphone

Free Baby Diapers and Wipes Delivered to Your Door

Fruit shake is the number 1 enemy of obesity

Get solar panels for $0 down

I think you’ll like this

Join the elite group and be recognized globally

Last chance to renew membership

LAST CHANCE: You now have-$155 in Walmart-Rewards: Redeem-Today

Latest Obama tax (that will fire you up)

Qualify for a VA Mortgage

Search career opportunities

Search your ancestors and create a free family tree

This video is a MUST WATCH

What she did will amaze you!

Year End Truck Model Sales Event!

 

 

 

 

 

Phish NETS: Fake Google Docs Links

We often wonder what makes the scammers spend weeks targeting a particular bank or web login and then switch to another? One week it’s American Express or Paypal, another week it’s Wells Fargo or Dropbox. This past week it was Google phishing. Check out these two emails below with the generic subject lines meant to engage your curiosity… “Very important” and “Re: Confidential document.”

Both emails ask you to visit your Google Docs account to view a secure newsletter or very important document. However, a mouse-over of the links in both emails reveal that they do not lead to Google. The first email contains a link that leads to a Polish website named “studiokowalik.com” and the second email contains links to a shady-sounding website called buytradegold.net. A Google search for buytradegold.net shows absolutely nothing at all and a WHOIS lookup of this website shows that the ownership of this domain is hidden by a privacy protection service.

What makes these emails most dangerous is that they were both sent from legitimate, but hacked Gmail account holders. People are less likely to mouse-over and check the safety of links if an email comes from trusted friends or family.

4-view newsletter in your Google docs

 

 

 

 

5-Your confidential Google doc

 

 

 

 

 

 

 

YOUR MONEY: Dot-Science Scam Domains

In this week’s “Your Money” we wanted to show you three samples of commonly marketed products via email. However, these three emails are all fakes and likely lead to malware-laden websites. Notice that mousing-over reveals that all three contain links to the newly released global top-level-domain (gTLD) called “.science.” The “Dot-science” top-level-domain was released by ICANNs in November of 2014. The initial gTLDs that everyone is familiar with are .com, .gov, .edu, .org and .mil. Like so many other newly released gTLDs, the only people who seem to be registering websites with them are scammers. Check out this long list on the ICANNs website showing the release date of many new gTLDs.

Legitimate companies often send out promotional emails and may sometimes use marketing companies to promote their products and therefore send emails from unfamiliar email addresses. These marketing companies can make it difficult to identify the scammers from legitimate companies (including plain old spammers). The Daily Scam ALWAYS recommends checking links by mousing over to see where they point BEFORE clicking. However, if you see peculiar global top-level domain like dot-science, dot-work, dot-cricket, dot-click, or dot-website don’t click. Just delete!

The New York Times special email offer: $5 for 12 Weeks

 6-NY Times 12 weeks for 5dollars

 

 

Diversify your portfolio with GWG L-Bonds paying monthly rates from 4.25 to 9 percent. View Prospectus.

 

 

 

 

 

 

 

 

 

BLOWOUT SALE on All Left Over 2015 Vehicles –Get the Lowest Price Now

8-Blow out sale of 2015 vehicles

Excel_is_Evil

 

 

 

 

TOP STORY: When is an Excel Spreadsheet More than an Excel Spreadsheet?

The focus of this week’s top story is a single small email that packs a wallop! The subject line, though simple, would likely trick most businesses into opening it… “ATTN: Outstanding Invoices – [A7EDBA] [April|May].” However, the sender “Lou Parks” doesn’t seem to match the name of the email address Georgette.931@gem-cr.com. This mis-match should be the first red-flag that something isn’t right.

According to both Google and a WHOIS lookup of the sender’s domain, the domain gem-cr.com is a clinical research firm in Quebec, Canada. A second red-flag is that there is limited information in the email and the English is awkward. And nothing in the email identifies the recipient or the reason for the invoices.

However the danger is buried in the Excel spreadsheet that is attached to the email. We at The Daily Scam are not experts in the various coding languages used to build web pages but we know enough to recognize many threats. Most of us are familiar with Excel spreadsheets and would expect a document containing numbers. However, we “peaked” into the attached spreadsheet without opening the file and found this Excel file actually contains very suspicious web coding including calls out to websites and a javascript. According to Google, javascript is an object-oriented computer programming language commonly used to create interactive effects within web browsers. We also found a type of code specifically for cyrillic characters which are letters used in Eastern Europe such as Russia.

 

 

 

When we downloaded the spreadsheet our anti-virus software immediately warned us that it contained a hidden Trojan called DocDl-MV. This is bad stuff that can lead to a seriously nasty computer infection. And all from a simple small Excel spreadsheet. Moral of this story? Don’t download any suspicious file, no matter how confident you are that it could not possibly be malicious. And if you do download a file and your anti-virus software doesn’t identify it as malicious, consider using an online service to check on the file yourself before opening it. A good service is VirusTotal.com

 

 

 

 

 

FOR YOUR SAFETY: Womens National Network

There are several worthwhile professional national networks for women but this isn’t one of them! This email is a clever trick targeting professional women. It appears to be an invitation saying things like “your exclusive power network is here” and “we noticed all your hard work, therefore, we have approved your application to join us at the Womens National Network.” However, the sub-domain (distant) and domain is VERY peculiar… distant.nessineize.com. According to the Zulu URL Risk Analyzer, this domain is rated 100% malicious!

Also, notice the white highlighted spam text at the bottom of the email meant to get the email through antispam filters.

Delete, delete, delete!

11-Join Womens National Network

We received an advance-fee scam this past week that is so ridiculous that we actually felt badly for the African scammer who created it. We say African scammer because this scam is identical to the many Nigerian 419 scams that have been circulating for years and because the email contains a phrase that is common to many people from Africa “My dear, How are you today…” This is VERY strange for a professional email to begin this way. Can you imagine the new FBI Director starting an email with this? Also notice the misspellings and poor grammar. “Obatined your datas” “my tenure represent peace…” “we interception informations of…” –If you want a good laugh, read on!

 

 

From: SENDER6666@earthlink.net

Subject: We Obatined your datas and we are keeping file and records!!!

 

Federal Bureau of Investigation (FBI)

Anti-Terrorist and Monitory Crime Division.

935 Pennsylvania Avenue, NW Washington,

D.C. 20535-0001, Tele/ fax (23934361)

Terrorist Screening, checkmating Money laundry,

Trafficking, Bank Fraud and Scam

 

Security Interception of Unsolicited Business Transaction.

 

My dear, How are you today, This is James Brien. Comey Jr, the new FBI director nominated to replace the previous director Robert S. Mueller due to internal logical protocols guiding international and local transactions, my tenure represent peace, equity and justice and rule of law shall prevail, my duty is to ensure global maximum security and to protect fundamental human rights. FBI has increased their priorities to confiscation of terrorist funds movement across the globe.

Fbi in alliance with NIGERIA PRESIDENCY AND ECONOMICAL FINANCIAL CRIME COMMISSION (EFCC) had worked very hard towards the eradication of internet Scam and tracking down of many fraudsters and scam Artists in NIGERIA, REPUBLIC OF BENIN, TOGO, GHANA CAMEROON , CENTRAL AFRICAN REPUBLIC, CHAD AND SENEGAL LONDON ETC whom are now in our custody.

During our scrutiny of Banks and financial institutions across this countries, we interception information’s of (US$4,700,000,00) Four Million, Seven Hundred Thousand United State Dollars only manifested in your name as the beneficiary, we have every evidence to prosecute this case which we are presently monitory movement of funds from different countries based on the security Intel exposing links of terrorism sponsorship.

FBI global security wire tape has confirmed that this US$4,700,000,00 million dollars have been severally attempted to be release in your name through different methods like Automated card payment system method (ATM), Consignment Diplomatic Delivery, Bank Wire Transfer etc, but every attempts by your partners to move this funds according to your instructions have been futile and frustrated by the FBI global security hard disc which is been control by world bank international security server , the amount in your name have been abandoned under government security vault which is against international law of money laundry, terrorism and trafficking.

i met this your payment file at the security strong room attached with every other transactions relevant documents but without the International Fund Release Clearance Certificate which kept your fund unpaid.

Our security Intel have confirmed your email address on the payment manifest booklet, I have clinically crosschecked the manifest and discovered that several business transactions have been also linked to your email address, you have consented by either sending money to them or aid the transactions by providing your information’s for the movement of the funds through several means, your email address is on the hard disc.

Security Order: the amount registered in your name is US$4,700,000,00 dollars which you must secure the International Fund Release Clearance Certificate documents through Nigeria (IMF ) International Monitoring Funds(eric_walker090@aol.co.uk) as stated below and send the copy to us immediately for instant release of this your withheld fund according to international government protocols or I will submit your file to Fbi-Independent Corrupt Practices Commission (ICPC) for legal prosecution within 24 hours of this notice if you refuse or delay to procure this needed certificate that has caused the long withheld of your fund according to FBI security description. so you are advised to reach:

International Monitoring Funds Department {IMF}

2/4 Customs Street, P.O. Box 2457,

Marina Lagos.

Attn: Dr. Eric Walker

(The Director, Foreign Debt payment Certificate issuance Dept)

E-mail: eric_walker090@aol.co.uk

Tel: +2348148721550.

Contact the country IMF Chairman office immediately with your information’s once you receive this message so as to enables you secure the International Fund release Clearance Certificate with the US$490 official Fee if you don’t want legal prosecution at the international court of justices, this message super-cedes every other FBI message you have received in the past with this registered serial number TSGFB/09-PL.3R45.

Waiting for the International Fund Release Clearance Certificate copy so that your funds will be released instantly according to fbi on US government international security law, you should either follow the instructions or accept court prosecution, don’t allow ignorance to affects your sense of reasoning.

You should put behind your past dealings with crooks from different country now that I have contacted you, you have only three working days to obtain the International Fund Release Clearance Certificate and quickly submit the copy to us immediately if you don’t want to blame yourself for ignoring security instructions, you will be issued an official receipt once you observe the Certificate official Fee from Nigeria International Monitoring Funds.

Regards,

James B. Comey, Jr.

New Director FBI

 

C-C -. Homeland Security Council

C-C -. CIA

C-C -. International Police

Attorney General Holder Swears In James B. Comey as FBI Director

Until next week, surf safely!