November 7, 2018


THEY’RE BAAACK! During the past week there were times when our collective phones were ringing off the hook! (You might have to explain that expression to Gen Zers.)  This followed a slow period during the previous few weeks where we were interrupted by only a few scam and spam calls per week. For example, last Thursday and Friday we got calls from Iowa, Florida, Massachusetts, New York, and West Virginia.  Of course none of them left a message and we didn’t answer. In fact, we STRONGLY recommend that you never answer calls from numbers you don’t recognize (and that you install a quality app to help identify scam/spam callers such as NoMoRobo.)  Here are just a few of the numbers that called us and what Internet searches informed us about these number:

319-462-1049: Suspected spam telemarketer and/or scam survey or both! (From

631-466-3003: Scam call about health care insurance; lots of complaints in the last few days; (From HIGH risk reported on

850-555-0194: MALICIOUS caller using a fake number (; Also reported on NoMoRoBo.)

304-881-0093: Scam or debt collector or both; User on Whitepages reports “…initially offered a rewards card if I gave them my VISA/MASTERCARD number for a shipping fee…” Also reported on

312-800-0506: HIGH RISK!  Period.

While we are confident that our long time readers know how to handle these unwanted calls, we’re more concerned about the elderly, the highest targeted demographic in the United States.  Please share our Top Story with them from July 18, 2018 titled “Phone Call Fatigue.”

Also worth noting, scams disguised as reward surveys are still being sent in large numbers to target Americans.  Here are screenshots of four of them,including two disguised as a “Bank of America survey.” These BOA scam survey emails point to different websites than the BOA scam survey we wrote about two weeks ago.  (The links in the CVS survey point to a website that was registered at the end of August.)





Two footnotes…. Supporting the idea that “online privacy is an oxymoron,” it was reported recently that security flaws exist in all browsers that allow nefarious parties to pull up your browser search history.  Oh joy.  Secondly, we made a collection of the Nigerian 419 advance-fee scam emails we received during the last month.

It’s a fun read! Enjoy!



Phish NETS: Apple Store and Wells Fargo Bank

“There was a problem account information!” says an email from  sosro1[.]com. is an Indonesian beverage company.  However, sosro1 doesn’t seem to exist.  The link for “Log In to Account” points to a web page on the free service HootSuite.  At least one service reported to that the link is malicious!


We’ve seen similar emails like this targeting Wells Fargo users.  This one clearly didn’t come from The link for “Tax Documents” pointed to the link shortening service and that link points to a well documented phishing site!






YOUR MONEY:  Beware Christmas Season and Concealed Carry Permit

We’re shocked that we have to raise awareness about malicious emails disguised as Christmas promotions already!  But two things happened reminding us that traditions of the past no longer apply to the present. We are of an age that we remember when marketers held off until the day after Thanksgiving to begin promoting Christmas products.  That “tradition” changed many years ago. However, on November 2 while watching television, we saw an ad for a sale on artificial Christmas trees (OK, we’ll fess up and say that LifeTime network probably has really low advertising standards to accompany their cheesy movies but where else can you turn to for a decent feel-good movie nowadays?)  Also, a TDS reader sent us this email with broken graphics and the subject line “” and FROM “Letters.From.Santa.”


All links pointed to Google Ad Services in this malicious Grinch in sheep’s clothing.  We’ve seen the misuse of Google Ad Services in the past, so this isn’t unusual. The link will then forward you to a hacked website for a youth sports service called teamsnap[.]com.  “Do something this holiday your child will never forget”… infect your computer!



Sometimes the criminals who try to harm us via the Internet have a sense of humor.  In this divisive political season, we think we found just such an instance. Take a close look at this email that appears to have been sent by to invite recipients to “get qualified now for free.”  That is to say “get qualified to receive the new concealed carry permit!”  Does anyone REALLY believe a concealed handgun permit promotion is something that would come from, the official website of the Democratic National Committee?  Just to be sure, we used Google’s “site” command to search their entire website to see if they had any information about this permit.   We got bubkas! Nothing at all.  Also, notice that the FROM address has “USCO” in front of it, which stands for the US Concealed Online website.  Except that their website is usconcealedonline[.]com and has nothing to do with the DNC.  And that unsubscribe address in Costa Mesa, CA has nothing to do with either organization. (Also, there is no town called Garner, VA as shown in the fake permit, but we expected that information to be fake.) This email is malicious clickbait made to look like it came from the DNC.  It probably came from Russia, but that’s just a wild guess! 😉




TOP STORY:  Trump’s Medicare Plan

Now this is a true oxymoron!  When has Donald Trump ever spoken about an improved medicare plan, whether his name is associated with it or not? According to Wikipedia, Donald Trump has made a total of 62 “thank you” tours, post inauguration rallies and midterm election rallies since being elected in 2016 and through November 5, 2018.  All of them are documented on the Wikipedia site.   While we cannot claim to have watched his speeches at all of these, we have read and seen summaries of the issues he addresses at many of these rallies.  Promoting a “Trump Medicare Plan” is not one of these issues. In fact, according to, the recent billion dollar Republican tax cut will mean that Medicare (and social security) will run out of money sooner rather than later.  Also, Trump’s top Medicare official, Ms. Seema Verma, slammed the idea of “Medicare for all” in the summer of 2018, according to  (To his credit, Trump has said multiple times that he wants to reduce the cost of pharmaceutical drugs.) So what’s going on with this promotional email that wants you to believe it came from the website Trump-Medicare-Plans[.]com?  That’s the point.  It didn’t come from that website, even though the graphics in the email and the website it points to look like the same graphics found on Trump-Medicare-Plans[.]com.  All links point to the website medicare-rtm[.]us.



This other website was registered to someone identified as “marion stivers” from Maryland on October 17, 2018.  It has already been taken down but we found that it contained a redirect to another website called Compsabid002[.]com.  We have twice reported on this malicious website in the last nine weeks. (September 5, 2018 newsletter and August 29, 2018)  Compsabid002[.]com is a VERY malicious website and was registered on July 30. It is being hosted in Holland.



If you visit that redirected link, here’s what greets you from Holland.  It appears identical to the real website Trump-Medicare-Plans[.]com but it is a malicious mimic!  Once again, a healthy dose of skepticism can go a long way to ensure your safety.



FOR YOUR SAFETY: Breaking News… Goodbye to Vanna White

Ahhhh, Vanna White.  Hostess of Wheel of Fortune since 1982.  If you believe this clickbait, then you’ll think that she is either stepping down from that role, has died, or got fired by NBC.  Two small letters of the alphabet should inform you that this email is HIGHLY suspicious and shouldn’t be clicked. Can you locate the two letters?


Both the FROM address and website to which all links in this email point contain “.uk”.  Dot “uk” is the 2-letter country code for United Kingdom. Isn’t it a bit odd that an email about an American actress and long-time game show hostess should come from, and links point to, a website in the UK?  The links point to servelte[.]org[.]uk.  This website was registered in the UK on August 8, 2018 and is actually being hosted on a server in Nuremberg, Germany.  Stay skeptical!


Until next week, surf safely!