Please support our effort by making a small donation. Thank you!

x

November 16, 2014

Once again there have been too many different scams to count so here is a sampling of what we saw during the past week before we share a select few…

  • ADP past due invoice
  • Affordable life insurance rates
  • Claim your Amazon gift card
  • Cocoa eliminates memory loss
  • Bizarre trick to restore mental health
  • Cure for diabetes
  • Earn more money from home than a doctor
  • Genie zip bra specials
  • Grow taller in adulthood
  • Guaranteed lotto win system
  • iCloud account locked
  • Kohl’s Gift card
  • Kohl’s Thanksgiving gift
  • Medicare open enrollment plans
  • Meet singles in your area on Match.com
  • Meet and date Russian women
  • Solar install quotes
  • Stop snoring tonight                
  • Take Macey’s survey for rewards
  • Review your auto insurance policy
  • VA loan benefits
  • Work at home to make over $90K
  • Worse food for weight gain
  • Your credit score has been lowered                

Many of these scams have the same basic design and feel to them, as if they were created using the same template over and over, but with different content. In fact, we feel that at least 75% of the scams we see follow one of two basic templates/patterns in their creation. It makes us think that one, or possibly two, criminal organizations are responsible for the bulk of these scams. Where is our FBI in all of this? The Daily Scam tried to report a scam in progress a few weeks ago that we thought the FBI would be happy to take over and lure the perpetrator(s) into a trap. Their response? “File a complaint online.” (We did.)

Deal Ends Today! Michael Kors Bags

This time we lead with a text scam. More and more of TDS visitors are reporting texts like this one. At first glance they appear to be spam ads. However, they are much worse and you should NEVER click the links contained in these random texts.

1-Cheap-Michael-Kors-Shop text

First of all, notice that the sender of the text seems to be a strange email address from Yahoo.cn (.cn is the country code for China. Check out our video about identifying scams with country codes! A WHOIS lookup of the domain in the link shows that it was registered by a company in Beijing, China and is hosted on a server in Las Vegas, Nevada. If that isn’t suspicious enough, we asked the Zulu URL risk analyzer to check out the website provided in the text. Here are the results:

2-Cheap-Michael-Kors-Shop zulu score

Notice the many malicious javascripts and links? We strongly suspect that this text, once clicked, would result in malware installation onto a victims cell phone. This can’t be good! (By the way, the android smartphone is the most hacked and vulnerable smartphone!)

Please Review your Auto Insurance Payment

There are many email scams that have this same look and feel to them as the one below, but with different content. For example we see emails just like this but about VA loan benefits and Medicare open enrollment requests. Most seem to come from domains ending in “.us” which is the country code for the United States. A WHOIS lookup of unincorps.us shows that it was registered at enom.com to someone with the email address simpleinfo2121@gmail.com. We have seen MANY scam domains registered by someone using this email address. And enom.com seems to turn a blind eye to scammers willing to pay for their services. In fact, complaints about Enom.com’s willingness to host websites that harm people goes back at least couple two years. Check out this post from SueSpammers.net

3-Unincorps-us Review Your auto insur policy

And in case you thought we were being a little overly sensitive and maybe, just maybe, Unincorps.us really did want to discuss auto insurance rates with us, check out the Zulu URL risk analysis of the link in our email:

4-Unincorps-us zulu score

What’s Up Sarah?

This email seems so benign. It is actually very scary because it identified the recipient by first name and is written very casually as if the sender knows the recipient. (Yes, the email recipient’s name is Sarah.)

5-whats up sarah - bitly link

This shortened URL to a bit.ly address is very dangerous. Shortened links hide where they point to on the Internet. It’s impossible to tell where you’ll end up unless you can use an “unshortening service” such as Unshorten.it. (Read our article on the risks of shortened URLs and how to minimize that risk!) Unshorten.it shows that this link leads to a site called “automobilecode.com” but that’s not the whole story! (Notice the “web of trust” score for automobilecode.com in the image below.

6-Unshortened bitly link

Look at what the Zulu URL risk analyzer told us below. But don’t be misled by the benign score of 21. Zulu is not perfect, though very good. Look at the redirections… “too many redirections” to follow. If you don’t know, a ‘redirect’ means that the website you visit will automatically send you somewhere else or cause a popup that takes you somewhere else. Zulu listed the first five redirections. Of these five, the first address also comes up in a Zulu search as benign. So do the next three but they are found to be websites hosted in Russia, which makes them much more suspicious. But Zulu score the fifth redirect as malicious! Check out the number of malicious scripts and iframes Zulu found hidden in the code just waiting to reek havoc on a visitor. So….How’s Sarah at this point? Not too good, we would say. Best delete at the start.

8-bitly redirect to mal site

9-bitly redirect malicious zulu score


Finally, we wanted to leave you with a few very good reasons why it is important to keep a healthy dose of skepticism when communicating online. In case you aren’t sure, each of these is a scam or contains a malicious link.

10-EZ Pass fine due   11-Never pay auto repair bills again  12-Protect your child from sex offenders

Surf safely!