Please support our effort by making a small donation. Thank you!

x

May 27, 2015

THE WEEK IN REVIEW

1-Jennifer Anniston tells naked truth

 

 

We hope our readers have noticed that our newsletters are “family friendly” and missing all reporting of malicious emails that contain very sexual or extremely vulgar content that parents would likely consider as inappropriate for kids. We do this on purpose because we encourage schools to use our newsletters to teach their students. We also think that most folks realize those viagra spam, or spam about sexual pleasures are ALL malicious and meant to separate you from your hard-earned dollars for bogus products. However, to make the point that the topic of sex is often used to socially engineer clicking behavior by scammers, we show you this scam email of a nearly naked Jennifer Aniston. (It arrived with the blackout bars.) There are many red flags about this email that should warn anyone with half a brain:

  1. The very strange email address and domain of the sender: localimagine.com Of course, Google shows no such domain in use.
  2. The large block of white space underneath the button with the Twitter symbol that says “See the trending article now.” When you drag a mouse through it you’ll find it contains white text (against the white background) that is meant to trick anti-spam servers into thinking that this email is legitimate. The white text begins with “The mission s other nine nanosatellites are funded by…”
  3. Jennifer Aniston’s name is misspelled in the email as Jenniffer Anniston

Subject lines during the past week included:

$14.10/hr – Costco hiring for June

Auto insurance rates change. Check details.

Behind on student loans? You can get relief!

Bring love in your life

Earn $225+ daily

Home job placement assistance

Notice of payment

Payment copy

Pope Francis admits – I use this daily

Reverse memory loss

Search your ancestors & create a free family tree

Uber for iPhone repair

Why Obama is activating FEMA camps all over the country (scary!)

Wish you could make dinner 10x quicker

Wonderful if you love cooking

You can perform better in bed

You just need to confirm your billing address

 

 

 

 

 

Phish NETS: Please Review Your Wire Transfer Summary

The email below contains all the right phrases… “urgent update on your Card Account” “you’ve been pre-qualified” “finish processing your approval” But what is missing is any personal information to identify the recipient OR the account type. Yet people will still click that link.

This is one of the most generic phishing scams we’ve seen! The email comes from Customer_Service@secessary.com, which leads to a credit card application asking for gobbs of personal information. This strange website, which is not listed by Google, has been used before for this purpose in the past. When we conducted a search for straw44394.secessary.com Google showed us a link to a report on phishing scams from urlquery.net. Check it out!  Secessary was registered through a privacy proxy service in Panama and is being hosted in Missouri. According to a WHOIS, the domain was modified on the day this scam was released.  According to URLquery.net, secessary.com is somehow associated with a bogus phishing site called “FinanceReportsOnline.com.” (This website was registered in Canada and is being hosted in England but the site ownership is hidden behind a proxy service.)

 

2-Please review your wire transfer

 

Just to be certain that we weren’t the only ones to think that the link “SUBMIT TO FINISH PROCESS” was suspicious, we asked the Zulu URL Risk Analyzer to look at it. Not only did it find the link malicious, but Zulu found several malicious scripts through redirects just waiting at the secessary.com domain ready to do damage to anyone dumb enough to visit it.

Just delete!

 

3-phish nets 1

 

 

 

4-phish nets 2 

 

 

 

YOUR MONEY: Southwest Air and CVS Coupons

Here they go again, picking on Southwest Airlines and CVS. We’ve seen it before… $100 voucher, $50 coupons… Take our survey and get a coupon. These are as bogus as a $3 bill. And the scammers recycle the same tired graphics and email formats. The reason? …it must work.

Look at the Southwest Airlines promotion to receive a “$100-GiftCard” for filling out a survey. The promotion comes from the domain “rewards.airline-updatedflightbonus.us” and the link in the email leads to the domain “new1.airline-updatedflightbonus.us.” According to Google, the domain airline-updatedflightbonus.us doesn’t exist. According to a WHOIS, this domain was registered by a company called UpTimeWebHosting from Portland, OR on the same day that this scam was released. We’ve seen the name of this company associated with many other scam domains, often ending with “.us” Though the company sounds legitimate and provides a post office box and phone number on the WHOIS registration, we can’t find a single thing about Up Time Web Hosting in Portland or anywhere else in the world. We would love to know who picks up their mail at the PO Box and invite the local police to meet them!

 5-Youve earned a Soutwest Air 100 coupon

 

 

The sender’s email for the CVS survey scam has the added curiosity grabber of using the recipient’s own username. It comes from “CVS-(your username)@gogotu.com.” This trick of sticking the recipient’s username into the sender’s email is often used to generate curiosity. But the link for “START NOW!” actually points to a website named jlindstrom.net. Though this domain was registered in 2008, it expired on April 5 and is in a “redemption period” and yet that domain jlindstrom.net was modified the day before this CVS Coupon scam was released and no information is listed about the owner of the domain. Check out the WHOIS for it.

Just delete!

6-Claim your CVS coupon

 

 

 

 

 

 

 

 

 

 

 

TOP STORY: Yahoo Email Service is Awful

In January, 2014 we published an article titled “Why Yahoo is the Worst Email Service on the Planet!” and it is time we visited this topic again because we STILL believe this! It is our observation that Yahoo email accounts are hacked and misused more frequently than any other email service AND that Yahoo account holders are easy targets for scams and spam.

On May 10, we opened a Yahoo email account with a word as the username followed by 4 numbers. This username shouldn’t have been an easy name to guess, though not impossible and adding 4 digits should have made it even harder. But malicious emails arrived into our Yahoo email account 54 min after signing up for it. That’s less than an hour folks! To their credit, Yahoo did identify them as spam and move them to spam folder but it still forwarded all of them anyway to our forwarding address at The Daily Scam. Take a look at this screenshot of our Yahoo account’s spam folder to see what’s been targeting us. We promise our readers that we haven’t been looking for Viagra medication! (Nor did we ask for the sponsored link for women over 50. Or any women! We’re happily married!)

7-Yahoo mailbox

 

 

Here is a screenshot of the date/time we set up our account and added the forwarding address, as well as all the malicious scams that began to target our account. Notice that the most recent scam emails actually spoof the very legitimate websites usairways.com and merrymaids.com:

 8-Yahoo email forwarded

Take a look at those latest scams that targeted our Yahoo account using spoofed email addresses. Notice how remarkably similar they are, indicating that they are being sent from the same criminal gang. The “25 % Save – Click Here” link in the USAirways scam points to a website called kulimania.com and the MerryMaids.com scam link points to fotodisapone.com.

 

 9-Yahoo US Airways discount code

 

 

 

10-Yahoo Save money from MerryMaids-com

 

We were more interested in getting 22% off on the Merry Maids cleaning service but before clicking we decided to have the Zulu URL Risk Analyzer check out fotodisapone.com and to our surprise Zulu said…

 

11-Yahoo Save money from MerryMaids zulu score

 

 

Absolutely safe! What?! Could we be wrong about fotodisapone.com? It sure isn’t MerryMaids.com! Look carefully at the above Zulu analysis. Though Zulu rated the site as safe, it also found a redirect on the page that will auto-send the web visitor to another website called safesupplementdeal.com. So we asked Zulu to check the redirect site:

12-Yahoo Save money from MerryMaids redirect zulu score

 

100% Malicious and hosted in Russia! At least we know now who is trying to sell us all that Viagra! Delete, delete, delete! And if you have a Yahoo account, we advise getting rid of it!

FOR YOUR SAFETY: Attached Zip files Continue to Deliver Malware

We know, we know…. You’ve heard all this before. Yet we cannot emphasize enough how well these simple short emails are capable of tricking recipients into clicking and infecting their computers. These zip files are very dangerous. We feel that the more you see and recognize these scams, the safer you’ll be. So, at the risk of sounding like a broken record here are more malicious emails containing malware in the attached zip files:

13-Your requested report is attached

 

 

14-Statement of account Sept invoice

 

 

 

 

 

 

15-Internal only fileserver report

 

 

 

On the Lighter Side: Facebook “Oppertunity”

Finally this week we wanted to let everyone know that we have been offered an “oppertunity” to work for “facebook.” We’ve been offered a “six-figure salary” of $11,158.63 (or is it $5,635.74?).

And we absolutely love what’s written underneath our offer… “No struggle we understand what you want” and “don’t say you are sorry we know.” Look out Mark Zuckerberg, here we come!

16-Facebook oppertunity

 

 

 

 

And One Last Thing Before You Leave: Happy Graduation!

And that can only mean one thing. Yes. More scams. Can you believe it? Honor Society Scams. This one’s just too good to be true. We thought about leading with this story, but it takes a lot to beat Jennifer Aniston, even with blackout bars. So surf over to the main site and read all about it. Graduation Season is Time for Honor Society Scams.

Until next week, surf safely!