Please support our effort by making a small donation. Thank you!

x

November 18, 2015

THE WEEK IN REVIEW

We can tell that the holidays are soon to be upon us. We are seeing Thanksgiving, Xmas, Christmas, and Santa scam emails by the hundreds! All your favorite retailers and hoteliers seem to be giving away reward coupons, vouchers, $50 gift cards, and “appreciation codes” but none of it is true. They are all just wolves in sheep’s clothing. So keep a healthy dose of skepticism with you as you check email, look at social media posts and check smartphone texts. It’s going to be bumpy ride through new years day! Here are a couple of holiday samples to give you the idea…

1-CVS wants to give you Thanksgiving points 2-Shower your house with lights this Xmas

 

Sample Scam Subject Lines:

>>Could Obama’s Deadly Secret Destroy Hillary?

Attn: Don’t Let Your Amazon Points expire

Attn: Natural-Method for 20/20-Vision in only 19 days

CVS Customer Appreciation Holiday Reward expires soon

CVS Thank You X-Mas Voucher

Fox Report: Is Donald Trump headed for a heart attack?

Independent & Assisted Living Options—For Seniors

Marriott $50 Gift Give-Away

Marvin, Pella, JendWen Winter window deals

NOTICE: Your Criminal Record has been Searched on 14Nov2015

Re:Re:payment made

Re: Send your child an official package from Santa, 25% off today

Re: Update

Sample Scam Email Addresses:

CloudComputing@f0fp.top

HawaiiVacationDeals@trivlaimed.xyz

LowCostMovers@0mla.top

LungCancerPrevention@endination.top

Marriott_Customer_Service@ipiii.xyz

MedicareOpenEnrollment@readnow.extensionnewupdatedinfo.eu

pethealthinsurance@follide.top

RothIRAProviders@thisdollah.download

solarPanelDeals@bouldermash.xyz

StudentLoansConsolidated@weshtomper.xyz

ThanksgivingRecipes@giftidea.seethenewholidaytips.eu

TreatOveractiveBladder@reviouszulu.download

WebHostingSearch@msv7.top

 

 

 

 

Phish NETS: Your Password Will Expire Soon

Though we searched and searched we found only one lame phishing scam last week. And that’s a good thing!   The one we found was so poorly crafted that we can’t imagine anyone clicking the link in it.  The email was sent from an address in the United Kingdom (.uk country code) and the link points to a hacked website hosted in Morocco, as identified by the 2-letter country code “.ma.”

While we enjoy a respite from Paypal, Apple, bank and credit card phishing scams, we hope you’ll check out the links to these phishing scams reported from around the web:

Assorted Phishing Scams from the ITServices Department at University of Chicago

https://itservices.uchicago.edu/page/latest-email-scams

Chip-cards Spur New Phishing Scam from KnoxNews.com

http://www.knoxnews.com/news/watchful-eye/chipcards-spur-new-phishing-scam_57922566

Facebook Phishing Scam “Your Account Will Disable” from Hoax-Slayer.com

http://www.hoax-slayer.net/your-account-will-disable-facebook-phishing-scam/

Has JUST EAT been breached? Customers report phishing scams. From ITProPortal.com

http://www.itproportal.com/2015/11/10/just-eat-breached-customers-being-phished/

There’s A New Apple ID Phishing Scam, But You Don’t Have to Fall For It from MacObserver.com

http://www.macobserver.com/tmo/article/theres-a-new-apple-id-phishing-scam-but-you-dont-have-to-fall-for-it

Your Money: Discount Airfare, Online Background Checks and Your Credit Rating

Anyone who flies would love a real deal on the cost of an airline ticket but this email to “find cheap airline tickets now” isn’t what you think. The email was sent from Ticketing@diaghile.com on November 11 and the link leads to the same domain. According to a WHOIS lookup,  this domain was registered at 2:21 pm on November 11 with Enom.com by someone named “D AMI” and using the email address offers4donald@gmail.com.  The email below was then sent a few hours later. As you might guess Google cannot find any website for diaghile.com.

4-Discount airfare

Have you ever thought you might like to run a background check on someone? A boyfriend? Spouse? Business associate? Go find a legitimate service because this next email isn’t it. It was sent from PrivateEyeService@ipks3.top. Like the email before it, a WHOIS lookup  shows you that the domain ipks3.top was registered the same day the email came out. See a trend here? We are confident that 99% of emails sent within 48 hours of their domain being registered are scams. That’s not our only criteria for identifying scams but it is part of it. The link in the email leads to the website giclicks.com and the Zulu URL Risk Analyzer has identified it as malicious.  ‘nuf said.

A WHOIS tool is such a simple but important tool to begin to evaluate the legitimacy of a website and domain. This final scam email is just like the two above. The link from “View Your 2015 transunion – Equifax and experian scores” leads to the website chaeos.top. As you have already guessed, the email was sent just 37 minutes after the domain was registered. Check out the WHOIS lookup!

 

TOP STORY: Surprise From CapCodMag.com

If you are like us when you saw CapeCodMag.com you likely thought Cape Cod Magazine. But this is not the whole story. We don’t quite know what CapeCodMag.com actually is, though the description would lead you to believe it is an online magazine about Cape Cod, Massachusetts. The real magazine is CapeCodMagazine.com. One of the riskiest types of emails people receive is a malicious email containing the name of someone they know so they are more likely to trust and click. Though it didn’t come from a known email address, the recipient of the email below knows “Michelle.” Michelle’s email was hacked and her address book was stolen and used to send out malicious emails with her name in them.

 

 

As for that link to the Cape Cod Magazine? We asked Google about the website and even it could see that the website had been hacked and was hosting malicious software:

8-CapeCodMag Google lookup

But it took some effort for the Zulu URL Risk analyzer to realise the risks of this website. First Zulu said that CapeCodMag.com was harmless. You see we learned that the website CapeCodMag.com will actually direct the visitor to the legitimate website CapeCodMagazine.com. But have a look at the Zulu score and you’ll notice that Zulu found a redirect hidden on the webpage that isn’t in your best interest…

9-CapeCodMag zulu 1

The redirect at capecodmag.com also sends the visitor to a strange website called bl4evo.net. Zulu identified this strange website as malicious. Just delete! The take home advice here is simple…. If you receive odd emails from people you know containing little more than a link in them, don’t click. Ask your friend if she/he sent it. We’re certain the answer will be no.

Now delete!

10-CapeCodMag zulu 2

FOR YOUR SAFETY:

We have been seeing a sharp increase in short but effective emails containing malware as attached zip files or Word documents disguised as bogus eFax, delivery notices and invoices. Have a look at these two samples from the past week…

11-Invoice from Ken Bradford Courier Service

 

12-You have received a new fax

Or how about these lists of malicious emails that hit one email server. These malicious emails are designed to infect your computer with malware. Delete, delete, delete!

13-You have received a new fax list

14-List of malicious emails containing malware

 

ON THE LIGHTER SIDE: How Have You Been

How have you been? We’re being asked that a lot lately. It’s really nice to hear that someone cares. In fact we see that Corina cares. Elaine cares. Luann cares. And then there’s Hillary in Tokyo. It’s nice to feel wanted. And it’s such a wonderful coincidence that they all contacted us on the same day! What are the odds of that?

15-How have you been - I am Corina

 

16-How have you been - I am Elaine

17-How have you been - I am Luann

18-How are you - I am from Tokyo

 

Until next week, surf safely!