Please support our effort by making a small donation. Thank you!


October 14, 2015


This is going to sound a bit strange but we think that the graphic designers working for the top criminal scammers are all on vacation. Or got fired. (Do criminal gangs fire people or kill them?) During the past week the number of scams using professional-quality graphics decreased significantly and we saw a big jump in text-based scams. You’ll notice this in many of the scams below.

Read our latest feature article… Craigslist Apartment Scams!

Two more things worth noting…

Last week we showed you a scam email disguised to look like it came from Sam’s Club. We saw another identical email scam this past week but we loved the bogus domain name the scammers created! “” That’s so sweet….and deadly!

1-Sams Club Thank you

In the “For Your Safety” column of our September 30 newsletter we reported on fake invitations for women to join the legitimate publication and organization called “Women of Distinction.” While these malicious invitations have continued into the fall, we have seen an increase in them in mid-October. Please alert your friends!

2-Personal invite to Women of Distinction

Sample Scam Email Addresses

Defeat Type 2 Diabetes Naturally with THIS…

Fall LIQUIDATION: Apple iPad-Air 2 64GB Wi-Fi, $28.83, Thru 10/10/2015

Fantasy Football for Real Money

Fwd: I saw this on ABC-News last night

Hi look at my naked photos!

Hotel Deals Coast to Coast

How Term Life Protects Your Loved Ones

Professional Women’s Magazine

Re: 45 and single? Find your match today

Re: Learn how to keep your family safe

URGENT: Start making millions from Secret-Bank-Accounts

Sample Scam Email Subject Lines





Phish NETS: USAA Account is a major financial service company offering everything from checking accounts and credit cards to auto insurance and mutual funds. And this next email ain’t from despite seeing the “from” address as In fact, if you Google this email address (instead of you’ll find many links that have identified this “from” address associated with phishing emails.

Fortunately a mouse-over of the link that follows “Click here” reveals that it points to the domain even though the text in the email reads  A WHOIS lookup shows that this strange domain was registered with the day the scam email went out.

Also notice the minor grammatical errors in the text… “We have temporarily suspend your account…” This email is entirely fraudulent and points to a phishing page meant to capture your login credentials.


Here’s a new type of phishing email that we’ve never seen before. “The New Swiss Bank Account for Everyone is Finally Here.” “An entirely new way to bank is exploding around the world.” Imagine all of the personal information these criminals will want to collect from you to set up this bank account! Understandably, the Zulu URL Risk Analyzer scored the link as 100% MALICIOUS!



Your Money: CVS Voucher, Amazon Rewards, Kmart Promotional Credits and Trivago!

We saw sooooo many of these nearly identical reward scams during the past week. No pictures of smiling families. No colorful graphics. No company logos. Just plain text. Did the graphic designers all go on vacation? Are they still alive or did the crime bosses kill them off because they demanded more money? We’ll never know but we’re certain there is a story to be told behind this sudden change in design! In the end it doesn’t matter. All of these are malicious!

Delete! Delete! Delete!

5-CVS Voucher giveaway

6-Amazon Reward

7-Amazon promotional credit

8-KMart Promotional credit

There were, as expected, a few exceptions that weren’t just old re-used graphic scams like the “Exclusive Halloween Discounts” email below. One of the best and most unique was this scam email disguised as a Trivago travel ad. Notice that the mouse-over also shows that the link leads to a strange domain called Hmmmm…. “Dot-wang” was the global top level domain (gTLD) also seen in the Swiss bank account scam above. Coincidence? Hmmmm….


Please be on the lookout for scams disguised to be special sales, discounts and opportunities for the upcoming Halloween season such as the two below. The first is for “Exclusive Halloween Discounts” but the “2015 CYBERBLOWOUT” graphic is identical to other emails we reported on in September.   We also saw many scam emails for Halloween pet costumes and loved every one of them! Even though they all contained malicious links meant to infect computers. Cute, but deadly.


10-Halloween discounts11-Amazing costumes for your pet


TOP STORY: Cargosmart Sea Waybill Notification

There is a very good reason why we chose to make this scam email our top story of the week. It is so convincing, and has such broad use, that it is extremely effective and dangerous! We’ll admit at first glance we thought it was legitimate because it was sent to an organization that periodically receives overseas deliveries.

Cargosmart is a legitimate overseas shipper and the email sender domain is owned by Blomningdale Communications, a voice, data and video provider in Michigan. Also, the various links such as “Accept” for the Waybill draft point to, Orient Overseas Container Line. Everything about this email seems legitimate and appropriate when expecting a shipment from someone overseas. There is just one small problem… The attached zip file at the bottom of the email contains malicious software designed to infect computers.

Now let’s look more closely at the email. What are the “red flags” that should raise our suspicions? The sender’s email address name is peculiar as “sidearmwy12.” But most importantly is not what’s there but what’s missing…. Look carefully at the email and you’ll see that there isn’t a single piece of information that identifies the recipient or what the recipient ordered. Sometimes we think that companies who are frequently targeted should create a set of conditions about emails, faxes and other electronic communications to better safeguard themselves. First and foremost, if a communication doesn’t contain any identifying information, it should automatically be treated as suspicious. Now delete!

By the way, a Google search reveals that others are talking about this type of scam across the Internet. Check out:



FOR YOUR SAFETY: Artists Required, Australian Business License, HelpDesk Migration to Exchange

We have never seen anything like this next email before. Looking for artists to join a website called Isn’t it an odd sounding domain?   And unlike most scam domains, it was registered back in January of 2015 as opposed to the day the email was sent. Quite frankly, we weren’t sure what to make of it unti the Zulu URL Risk Analyzer gave it a malicious score of 94 out of 100 possible points.



Here’s another one we haven’t seen before but it is likely targeting Ozzies from down undah. Crikey mate, that attached zip file is chockers with malware! That’s a fair dinkum scam, that is.

Finally in this week’s For Your Safety column we bring you a little message from the technology Help Desk. They are “currently Migrating your outlook account to Microsoft Exchange 2015.” If you read the rest of that email, it barely makes sense. Another indication that English is not likely the first language of these scammers. It almost makes you want to call and thank your 6th grade English teacher! By the way, is a free website builder service. Check out what had to say about the full domain and subdomain offered for the link

Then Delete!

16-Helpdesk virustotal score

ON THE LIGHTER SIDE: A Good and Honest Man

Do you know a good and honest man with serious intentions? We were so impressed with Dzhulija’s search for romance. It’s sounds so sincere and she sounds so lovely, doesn’t she? Please help us find her the love of her life!

I want to find a soul mate

Until next week. Surf safely!