Please support our effort by making a small donation. Thank you!


November 18, 2015


We can tell that the holidays are soon to be upon us. We are seeing Thanksgiving, Xmas, Christmas, and Santa scam emails by the hundreds! All your favorite retailers and hoteliers seem to be giving away reward coupons, vouchers, $50 gift cards, and “appreciation codes” but none of it is true. They are all just wolves in sheep’s clothing. So keep a healthy dose of skepticism with you as you check email, look at social media posts and check smartphone texts. It’s going to be bumpy ride through new years day! Here are a couple of holiday samples to give you the idea…

1-CVS wants to give you Thanksgiving points 2-Shower your house with lights this Xmas


Sample Scam Subject Lines:

>>Could Obama’s Deadly Secret Destroy Hillary?

Attn: Don’t Let Your Amazon Points expire

Attn: Natural-Method for 20/20-Vision in only 19 days

CVS Customer Appreciation Holiday Reward expires soon

CVS Thank You X-Mas Voucher

Fox Report: Is Donald Trump headed for a heart attack?

Independent & Assisted Living Options—For Seniors

Marriott $50 Gift Give-Away

Marvin, Pella, JendWen Winter window deals

NOTICE: Your Criminal Record has been Searched on 14Nov2015

Re:Re:payment made

Re: Send your child an official package from Santa, 25% off today

Re: Update

Sample Scam Email Addresses:





Phish NETS: Your Password Will Expire Soon

Though we searched and searched we found only one lame phishing scam last week. And that’s a good thing!   The one we found was so poorly crafted that we can’t imagine anyone clicking the link in it.  The email was sent from an address in the United Kingdom (.uk country code) and the link points to a hacked website hosted in Morocco, as identified by the 2-letter country code “.ma.”

While we enjoy a respite from Paypal, Apple, bank and credit card phishing scams, we hope you’ll check out the links to these phishing scams reported from around the web:

Assorted Phishing Scams from the ITServices Department at University of Chicago

Chip-cards Spur New Phishing Scam from

Facebook Phishing Scam “Your Account Will Disable” from

Has JUST EAT been breached? Customers report phishing scams. From

There’s A New Apple ID Phishing Scam, But You Don’t Have to Fall For It from

Your Money: Discount Airfare, Online Background Checks and Your Credit Rating

Anyone who flies would love a real deal on the cost of an airline ticket but this email to “find cheap airline tickets now” isn’t what you think. The email was sent from on November 11 and the link leads to the same domain. According to a WHOIS lookup,  this domain was registered at 2:21 pm on November 11 with by someone named “D AMI” and using the email address  The email below was then sent a few hours later. As you might guess Google cannot find any website for

4-Discount airfare

Have you ever thought you might like to run a background check on someone? A boyfriend? Spouse? Business associate? Go find a legitimate service because this next email isn’t it. It was sent from Like the email before it, a WHOIS lookup  shows you that the domain was registered the same day the email came out. See a trend here? We are confident that 99% of emails sent within 48 hours of their domain being registered are scams. That’s not our only criteria for identifying scams but it is part of it. The link in the email leads to the website and the Zulu URL Risk Analyzer has identified it as malicious.  ‘nuf said.

A WHOIS tool is such a simple but important tool to begin to evaluate the legitimacy of a website and domain. This final scam email is just like the two above. The link from “View Your 2015 transunion – Equifax and experian scores” leads to the website As you have already guessed, the email was sent just 37 minutes after the domain was registered. Check out the WHOIS lookup!


TOP STORY: Surprise From

If you are like us when you saw you likely thought Cape Cod Magazine. But this is not the whole story. We don’t quite know what actually is, though the description would lead you to believe it is an online magazine about Cape Cod, Massachusetts. The real magazine is One of the riskiest types of emails people receive is a malicious email containing the name of someone they know so they are more likely to trust and click. Though it didn’t come from a known email address, the recipient of the email below knows “Michelle.” Michelle’s email was hacked and her address book was stolen and used to send out malicious emails with her name in them.



As for that link to the Cape Cod Magazine? We asked Google about the website and even it could see that the website had been hacked and was hosting malicious software:

8-CapeCodMag Google lookup

But it took some effort for the Zulu URL Risk analyzer to realise the risks of this website. First Zulu said that was harmless. You see we learned that the website will actually direct the visitor to the legitimate website But have a look at the Zulu score and you’ll notice that Zulu found a redirect hidden on the webpage that isn’t in your best interest…

9-CapeCodMag zulu 1

The redirect at also sends the visitor to a strange website called Zulu identified this strange website as malicious. Just delete! The take home advice here is simple…. If you receive odd emails from people you know containing little more than a link in them, don’t click. Ask your friend if she/he sent it. We’re certain the answer will be no.

Now delete!

10-CapeCodMag zulu 2


We have been seeing a sharp increase in short but effective emails containing malware as attached zip files or Word documents disguised as bogus eFax, delivery notices and invoices. Have a look at these two samples from the past week…

11-Invoice from Ken Bradford Courier Service


12-You have received a new fax

Or how about these lists of malicious emails that hit one email server. These malicious emails are designed to infect your computer with malware. Delete, delete, delete!

13-You have received a new fax list

14-List of malicious emails containing malware



How have you been? We’re being asked that a lot lately. It’s really nice to hear that someone cares. In fact we see that Corina cares. Elaine cares. Luann cares. And then there’s Hillary in Tokyo. It’s nice to feel wanted. And it’s such a wonderful coincidence that they all contacted us on the same day! What are the odds of that?

15-How have you been - I am Corina


16-How have you been - I am Elaine

17-How have you been - I am Luann

18-How are you - I am from Tokyo


Until next week, surf safely!