Please support our effort by making a small donation. Thank you!

x

October 21, 2015

THE WEEK IN REVIEW

Dear readers, we wish you could see what we see day in and day out. Criminal gangs push out the same old scams over and over and we wonder why people fall for their junk. But they do. Sometimes we wonder where their creative spirit is. Sometimes it’s unusual for us to find something new and interesting but we have! Drones anyone? More Halloween savings? How about updating your auto insurance and auto warranty? But first, check out these images of a small sampling of the same old scam lines…

 1-Scam email list 1 2-Scam email list 2             

 

 

 

Phish NETS: American Express Zombie (You Can’t Kill This!)

We’re sad to say it but we’ve seen this before. We reported on this phish in our June 24 newsletter and the same criminals are at it again. This American Express phishing scam contains an html web document. If you were to open the attached file (which we DO NOT recommend) you’ll see that it is designed to appear as though you’re visiting an American Express web page. The email pitch isn’t great and also contains a grammatical error. (Can you spot it?)

The attached html file AmericanExpress.html is extremely dangerous if you wish to protect your identity and account information. Check out the type of information these criminals hoped to trick you into revealing. It’s scary to think of this in the wrong hands…

The reason we know that we’ve seen this exact scam before is because we looked “under the hood” at the code used to create this scam. The bogus image of the American Express card with “7997” inside the circle is being sent from a hacked website in Portugal called jpmmotos.pt which we reported on back in June. All of that precious information these criminals gather on you will be sent to a file buried in a webserver at Lycraze.com. Lycraze.com is an online clothing store based in India. Apparently it is also a dangerous place to visit. Check out what Google says about Lycraze.com.

And then delete.

5-Amex phish data send site

 

Your Money: Personal Drones, Walmart Halloween Savings, Activate Your Core

Drones have been all over the news and prices have come way down. So a scam on this subject was inevitable. The email was sent from DroneQuadCopters@
historedparally.download
. As we have come to expect, the scam domain historedparally.download was registered on the date the scam email came out, October 16.

How about this next email thanking you for being a Walmart customer and inviting you to save on Halloween essentials. The link is peculiar and points to a domain called kongdiary.com. Though this domain was registered back in 2009 this website is dangerous to visit. Don’t believe us? Check out the score from the Zulu URL Risk Analyzer below!

Our last scam in this weeks Your Money section is the perfect example of a weight loss / exercise scam, but this one with a twist. Recipients are invited to learn about this “23-sec trick” to flatten your belly. The only trick here is the malicious software waiting for the victim when he clicks the link to marketfreak.co. Can you figure out what country this strange website is hosted in? Dot-co (.co) is the 2-letter country code for Columbia. Learn more about identifying country codes by visiting our video about country-code scams.

9-Activate your core

 

TOP STORY: Auto Warranty and Insurance

This weeks Top Story caught our attention because both of the following emails targeted the same individual two days apart and concerned his car. Both scam emails targeted the recipient by masquerading first as auto warranty renewal information and then as an auto insurance quote. We expected to easily tie these two scams together but they were registered by different people at very different times. The domain recastles.pw was registered three days earlier through NameCheap.com by someone claiming to be from California. The 2-letter country code shows that it was registered in Palau, an archipelago of 500 islands in the Pacific ocean. Other the other hand, resourday.us domain was registered first in November, 2014 but then updated the day before this scam email was sent. It was registered through Enom.com by another name claiming to be from California.

Take a look and let us know what you think… Were these scams created by the same criminal?

11-Autowarranty information

 

10-Autoinsurance information

 

Despite the effort made to distance these two scam emails from one another we’re convinced that they were created by the same criminal. Look carefully at each and notice the liberal use of dashes in odd places, especially the zip code that appears at the bottom of both emails. Coincidence? We doubt it.

The more important question here is why would a criminal gang twice target someone with related scams about his car? We wonder if the target recently looked for information about auto insurance or warranty on a particular website. Did he request information from a site that criminals were monitoring? Was his data hacked? Of course we’ll never know but we don’t believe in coincidences. Do you?

FOR YOUR SAFETY: System Virus Alert, American Airlines, Shocking Image Exposed

Recently we were contacted by someone informing us that she had visited a website called trafficbauss-dot-com. DO NOT visit this site! The site had been hacked and infected with a redirect that immediately sent her to another website called systemvirusalert.info. Check out the pop-up that tried to convince her she had a problem and needed to call a Windows Service Center. It’s pretty laughable! Especially when you consider that she was on a Mac. Apparently lots of people have reported on this scam pop up and this scammers phone number 844-813-8227, such as these two websites:

http://www.callercomplaints.com/SearchResult.aspx?Phone=844-813-8227

https://discussions.apple.com/thread/6823875


Below is another very dangerous email pretending to be about an America Airlines ticket. (Notice it wasn’t AmericaN Airlines). The attached zip file contains nasty malware and the email was actually sent from an address in Brazil. Notice the 2-letter country code in the from address?

13-American Airlines E-ticket information

Every week scammers try to get people’s attention and engineer a click by revealing or exposing something shocking. We think it’s their favorite word! Shocking image! Shocking video! Shocking new drug! Shocking story! In this scam email we especially loved the line “PS. If you reply to this email two days from now telling me they are all gone and asking how to get one – don’t be mad when I tell you,.. you’ll have to wait til next year!” We’ll pass.

Delete!

14-Shocking image exposed

ON THE LIGHTER SIDE: Fairytale Vacation to Ireland

We need a vacation. Badly! And this email came just in the nick of time. You see we’ve never been to the island of leprechauns but we sure would like to visit. We’ll send you a postcard next week!

Until then, surf safely!

15-Fairytale vacation to Ireland