October 31, 2018

[hr_invisible]

Phish NETS: Chase ATM Card, Citizens Bank, Navy Federal Credit Union, and Internal Email Problems

A TDS reader sent us this phish, which appeared to come from their own email address, though FROM says “Chase Online Support Team 1 Client Care.”  The awkward English in this email tells you everything you need to know… “Your ATM/Debit card need to update & verify for your protection .” That and the fact that a mouse-over of “Update your info” points to a shortened link at x.co.

Delete!

Another TDS reader sent us this Citizens Bank security alert but didn’t include a screenshot while mousing over the link for Sign-in.  Even though the email was spoofed to appear as though it comes from the real Citizens Bank, we’re certain it did not!  You’ll know this yourself if you read the first two lines of the email!

Awkward English, incorrect grammar, poor spelling and punctuation are often the first sign of trouble that an email is not what it claims to be.  How many errors can you count in this email that appears to be from the Navy Federal Credit Union? We count four. Plus the fact that the email came from, and links point back to a website in Venezuela called Grupoautomar[.]com[.]ve.  (“.ve” is the 2-letter country code for Venezuela)

Finally, we leave you with this hilarious phishing attempt that makes no bones about what they want from you!  The bottom of the email contained an ALL CAPS COMMAND that is surely meant to intimidate.

[hr_invisible]

[hr_invisible]

YOUR MONEY:  Get 5 Dr. Seuss Books for $5.95 + A Free Activity Book! And Amazon Reward

EarlyMoments.com is a very legitimate business where you can purchase wonderful children’s books at discount prices.  But this next email didn’t come from EarlyMoments.com, despite the name that appears in the FROM address.  This email came FROM a one-day old domain called raghnil[.]us.  According to a WHOIS look up, raghnil[.]us was registered on October 26 by someone named “David Jones” from Worcester, MA but the website is being hosted on a server in Istanbul, Turkey.  And that’s not the whole story…

We asked the Zulu URL Risk Analyzer to evaluate that link back to raghnil[.]us and it showed us that there is an 80% chance it is malicious.  The website will also redirect you to another website called urcenlab[.]com which it found to be 85% likely malicious.  We interpret all this to mean that there is a 165% chance that you won’t like what will happen to your computer if you clicked that link.

Delete.

Amazon is used as clickbait so often by Internet criminals that we’ve lost count of the number of times we’ve written about malicious emails disguised as Amazon something-or-others.  Here’s another one to throw on this turd pile. Though FROM says “Amazon Voucher” you’ll see that the email was sent from the domain groundperch[.]com.  It appears to be a marketing survey, for which you’ll be rewarded if you choose to take the survey.  We found a commonly used “dark pattern” on the top page of that survey at groundperch[.]com that is often used by legitimate marketers to manipulate people’s behavior. There are “CURRENTLY: 21 visitors on this page” but there are only “12 REWARDS LEFT.”   What do you think those numbers are meant to do? Is this just an annoying, but legitimate marketing email?

We have confirmed that others think this is a scam.  The tip doesn’t come from that oddball domain groundperch[.]com but from the tiny address at the bottom of the email.  The address listed is “616 Corporate Way Ste.2-9092, Valley Cottage, NY 10989.”  Using Google to search for that address, the first link Google returned is to an article from September, 2016 about Amazon scams on a blog called Scams Named and Shamed.  The scam posted in this blog article refers to the same 616 Corporate Way address as the email above.  Readers might say that perhaps this other blogger got it wrong! Afterall, sometimes marketing emails can feel scam-like but that doesn’t make them a scam, right?

In this era of epidemic Internet deception we believe it is important to pay attention to Google’s search results and consider it a form of “crowd reporting.”  When we Googled that address in Valley Cottage, NY we found that nine of the top 10 links returned by Google described scams associated with this address, including one website in French.  The only link that did not mention a scam, was the second link which was for the Better Business Bureau. The BBB.org gave this business an “F” rating and also said that there is no such address.  How do you feel about taking that marketing survey now?

[hr_invisible]

[hr_invisible]

TOP STORY:  Fake Product Reviews

According to a June, 2018 NPR/Marist Poll, nearly two-thirds of Americans say that they have purchased something from Amazon.com.  If you are amongst those two-thirds, or simply an online shopper from anywhere in the world, would it surprise you to hear that there are sophisticated and coordinated efforts made to game the product review system that we use to help us evaluate a product or the company that sells it?  Or that sellers offer rewards to those who post a poor review of their items, IF the person takes down or changes his or her poor review? Check out this October 19 ABC News article titled “Amazon Reviews: Inside the Murky World of Pay-to-Play.”

Recent reports from The Washington Post say that a majority of reviews of certain products “have been found to violate Amazon’s terms” for their posted reviews. (ABC News: “New Concerns About Fake Reviews on Amazon” / Washington Post: “How Merchants Use Facebook to Flood Amazon with Fake Reviews”)  In other words, the reviews are from people who have been paid to say positive things about the product!  This is just another way of saying that the reviews are fake. Four products mentioned specifically as having a HIGH PERCENTAGE of paid reviews are bluetooth headphones, speakers, diet pills, and testosterone boosters.  From our perspective, “diet pills” and “testosterone boosters” both feel synonymous with fake anything, but we’ve never tried them so we can’t speak from experience. It is important to mention that evidence of fake reviews has ONLY been found for a tiny percentage of products available through Amazon.  However, the issue is that customer reviews can’t always be trusted.

Apparently, fake product reviews has become enough of a concern that tools have been developed as a countermeasure. ReviewMeta.com is one website that attempts to analyze millions of reviews on Amazon.com and assess how many can be trusted for the products found there.  It’s important to point out what they say about their analysis and results…

Clicking the “I understand and agree” button, we then pasted the Amazon link for a Bose quiet comfort wireless headphones we found on Amazon accompanied by a decent 4.3 review rating from nearly 1500 reviews.  Though the adjusted review from ReviewMeta did not change (remained 4.3), we were quite surprised to see ReviewMeta warning us that 36% of those reviews were identified as possibly “Unnatural.”

ReviewMeta.com also has a tab for Best/Worst Amazon reviews.  When we visited it a few days ago, we found this bike lock from Sportastisch (A German company that makes bike products.) that FAILED ReviewMeta’s standards because 78% of all 141 reviews were deemed to be “Unnatural.”  The adjusted product rating fell from 4.5 to 3.5.

We wondered just how easy it really is to post fake reviews.  Using Google, it took us only seconds to find an app listed on Shopify called “Customer Reviews Rating Stars,” by a developer in the UK.   It claims that you can instantly add, manipulate and control hundreds of reviews to your website products in a matter of minutes.   This app had a 4.9 customer rating from 22 reviews itself!  However, we don’t believe most of them because they say things like “i like it so much,thanks you,” “too good for my site. i had been searching,” and “supper app thank……………..”  Caveat emptor!