Please support our effort by making a small donation. Thank you!


October 28, 2015


Readers may recall from last week that we wondered what happened to all the graphic artists used by the criminal gangs to create the majority of their malicious emails. No need to wonder any more… They are back and doing a great job! We hope they had a nice week off. Check out these two lovely scam examples of their graphic work. Affordable pet insurance and juicy steaks available by online order…

1-Affordable pet health insurance2-Order delicious juicy steaks online


Sample Scam Email Addresses

2 Days –Left… Only $5!!!!

Affordable Pet Health Insurance

Cut your; Electric bill in half!!!!

Design a Professional Website, For a Business

Fight-Hair Loss

Important Information about Your Card Membership Details

Jailed For Discovering Hearing Loss Remedy

Learn More, About Lower Car-Payments


Personalized Christmas Letter from Santa to Your Child

Priest discovers free electricity Secret

Send A Fax, From Your Email

Watch – Your Childs & confidence Rise..

Sample Scam Email Subject Lines

Alliance-security-(YOUR EMAIL)





Phish NETS: Actually Paypol & Paeyipal and Bank of America!

PayPal has been a major phishing target for criminals since the online bank was created. One of the first and most successful scam phishing domains set up by criminals in 2002 was the domain It was such a simple and brilliant trick because it was difficult to tell the difference between an i and l in early web browers. Many recipients thought they were clicking We recently saw two similar Paypal phishing scams this week. Mousing over the links revealed that they both lead to shortened URLs created at (A URL is simply a link. If you don’t understand what shortened URLs are and why they are risky, read our article Risks of Shortened URLs) The first email came from while the second came from an address in Indonesia (Country code is .id). If you read each carefully you’ll notice odd grammar and capitalization, an indication that these were not created by native English speakers.

3-Paypol phish

4-Paeyipal phish 1

Criminals typically use URL shortening services to hide where a link points to. Unless you know how to unshorten it, it’s impossible to know where you land across the Internet until it happens. And that might be too late if malware is waiting for you. We used to see where these links would lead us and you can see below that it isn’t Paypal! (Another good tool to lengthen shortened URLs is We discovered that directs the user to a website called, while sends the visitor to

5-Paypol url unshortened

6-Paeyipal url unshortened is the website for Daylight Microfinance Bank in Lagos, Nigeria. Their website has been hacked and is being used to host the Paypal phishing scam. was registered on October 10 through the registrar and the website title given to Enom was “Send Money, Pay Online or Set Up a Merchant Account – PayPaI.” Enom is either completely incompetent or they simply don’t care if we get scammed. Either way, Enom makes money too. The Daily Scam has often found scam domains registered through Enom.

After making sure that malware was not waiting to infect our computer, we visited the link in the first email stating “unfortunately, your online access has been blocked.” Here is the phishing site we were sent to at the server. Looks legit but is a complete scam.

Just delete!

7-Paypol phish site

This past week we also saw this Bank of America phishing attack with the subject line “Irregular account activity !” Notice that the “from” email address was spoofed to look like In this case, the email came with an attached web file (html file) that opens your web browser and makes it look like you are logging into Bank of America. This form simply sends all your personal login details to the criminals.

Just delete!

8-Bank of America irregular activity detected

Home Solar Panels, Hybrid Cars & Sears Window Installation

Though these three emails all look like great deals for environmentally conscious, “green minded” individuals, they are all lies meant to trick the recipient into clicking a malicious link.

The email pushing home solar panels came from a domain called which was registered less than a week before this scam was delivered. According to a WHOIS lookup, the website was registered to a “Manny Ramirez” in Boston and is being hosted on a webserver in Hovedstaden, Denmark. (Also, notice the random text at the bottom of the email meant to fool antispam servers.)

9-Home Solar Panels

“Drive farther on less fuel with a hybrid.” So says the email from Sounds great to us! Except that it is also a lie. The domain was registered on October 23, the day the email was sent and Google cannot find any website at this domain. We found more than 12 inches of orange blank space underneath the “unsubscribe” box at the bottom of the graphic. We dragged our cursor through it and discovered hundreds of orange words/phrases/sentences meant to fool antispam servers.

Just delete.

10-Fuel efficient hybrid car


This last bogus email wants you to believe that you’ve scheduled a discounted window installation through Sears Home Services. However, the email is a scam and, according to a WHOIS lookup, the domain was registered by someone named “Rioplatense Rioplatense” from Baltimore, MD but the website (which doesn’t exist) is being hosted in Panama. We found the person’s name so interesting that we Googled it and learned that rioplatense is actually a dialect of Spanish spoken in certain regions of Argentina and Uruguay. And it appears that Mr. or Ms. Rioplatense has at least 4,538 other domains registered in his/her name. Can you guess who the Registrar service is? Yup. Enom again. We’re beginning to wonder if Enom registers any legitimate domains at all.


11-Sears special window installation


TOP STORY: FanBox Account Alert

This week’s top story begins with an extremely unusual email because the email legitimately comes from and contains links that lead to The $64,000 question is what is and why should our readers be concerned? FanBox was launched in 2007 and is a subsidiary of a company called that has been around since 2002. The “dot-ac” indicates that the domain was registered in the Ascension Islands. Wikipedia does a nice explanation of and FanBox, citing multiple instances of very shady business practices, some of which led to hefty fines against the company. Check out this short 2009 video from Channel 6 News in San Diego about FanBox and read some of the comments below the video.

12-Fanbox - protect your account


If you do a Google search of FanBox you’ll find many complaints against them. They have very questionable business practices and seem to put out spam like the email above to entice new users. The Better Business Bureau, which had rated FanBox with an “F” rating now rates it as “A” and this seems rather strange. You can read both glowing and vitriolic comments against FanBox on the BBB website.  However, if you click the complaints tab at the BBB, you’ll see there are 157 complaints against the company and as recently as October 20. The Rip Off Report also has many complaints filed against FanBox.  Check out the number of articles Google found in the last month alone claiming that FanBox is a scam.

With certainty we can only say that the recipient of the email above did not have a FanBox account and certainly never earned $1,862.39. This company’s business practices seem so shady, and there are so many people complaining about them, that we are calling FanBox a scam.

Best to stay away.

13-Fanbox spam scam


FOR YOUR SAFETY: Your iPhone Has Shipped, Attached Purchase Order & FedEx Shipment

Imagine getting an email from, a legitimate Canadian online electronics retailer, telling you that your new iPhone 6 has shipped. All links in the email lead back to and it appears to have been sent from However, it’s all a lie. Look carefully at the line in the email below that states “For complete shipment details, please open and review the attached document.” GOTCHA! The attached Word document has a malware script embedded in it that will be the beginning of a major headache for unsuspecting victims.

Now delete.

14-Apple iPhone has shipped from Rogers

Like the iPhone shipment scam above, this email asking you to “Please see attached purchase order” is just another scam to engineer your behavior to open an infected Word file. Both email addresses in these emails are expertly spoofed to look like they have come from the real companies but they did not.


15-Please see attached purchase order


Finally, “your package has arrived!” You remember, don’t you? It was… Uh. It was that… Uh. What package? See the attached Word document? Need we say more? Now what are the odds that all three of these very different scam emails came from the same criminal gang? We’re taking bets they did.


16-Shipment completed for FedEx parcel


We like to think of ourselves as smaht and hahd-working Bostonians deserving of a good job that pays a good wage. So we were really happy to see this offer from Rodney Glen to do marketing research for Nike. We are so excited we’re even gonna wear the Nike gear while doing the work!

17-Nike looking to hire

That’s how dedicated we are!

Until then, surf safely!