Please support our effort by making a small donation. Thank you!

x

October 7, 2015

THE WEEK IN REVIEW

Last week we noted that there had been a significant drop in spam and scams. Sadly, that drop was shortlived. It’s business as usual and the scammers have resurrected so many of their standard scams. But we found some real gems this past week that actually made us laugh. Did you know that Dave Letterman is coming back to late night?! Or that Taco Bell is offering all-you-can-eat tacos?! So grab a taco, turn on late-night tv and read on…

Sample Scam Email Addresses

101Inks.com saves You Money on printer Ink!

ATTN: CVS Voucher Give-Away, No. 16441877

Delivery notifitcation, ID 000901737

Don’t Show this – to your wife

Harvard; And Herpes!!

Invitation – please verify your WDM profile!

Is your Hair – brush full; Of lOst Hair???

Learn Facts… About FHA Loans

Looking for a Debt Consolidation program?

New penny – stock Picks!!

Shipping delivery problem #00000311191

This brain eating bacteria causes –Alzheimer’s

Will you die from a heart attack

Sample Scam Email Subject Lines

Amazon-Shopper-Services@rewardsgainneed.date

CableProvider@brainystress.com

DeepSea@deepseawater.club

DogandCatCoupons@fencement.download

DrugAddictionTreatment@oceaninetic.download

GovtDrugScandal@smithcarecitizenblog.date

Macintosh_Fall_Liquidation@figuresmutfg.win

Macys_Bonus_Points@onesmacysbonuspointdoes.win

NewPolicyUpdates@policyinfo.findyourlatestpolicytips.top

PrintableCatCoupons@skywested.download

RentAYacht@jtj.download

SeniorLiving@classicfood.xyz

Southwest.Program.Bonus@behindmvbzx.date

 

 

 

 

Phish NETS: American Express & Apple Accounts

The phishing email below disguised to look like a “Card Information Email” from American Express appears to come from the address AmericanExpress@aecom.com. But who is aecom.com? We’re meant to think that it represents American Express Company but AECOM.COM is actually a global engineering company headquartered in Los Angeles, not American Express. If you look more closely at the phishing email you’ll see several red flags that mark it as a dangerous trick:

  1. The language used in the email is awkward and grammatically incorrect. “These recent improvements serve to better curb irregular activity that may arise from fraudulent usage of card and also maintain our standardized cardmember satisfactory.” (We can hear our ninth grade English teacher chastising them for long run-on sentences too!)
  2. The card is for “Account Starting: 37X-X.” It should read “Account Ending” plus YOUR last 4-digits. ALL American Express cards begin with 37 or 34.
  3. The attached file for you to open is an “html” web file. This is a very dangerous file to open from someone who wishes to do you harm or defraud you! We’ve written about the risk of various file types many times. Read our article titled Filenames Will Set You Free.

A mouse-over of all the links in the email lead back to legitimate American Express webpages. But this email is another wolf in sheep’s clothing…

Delete!

This next phishing email is equally filled with red flags that should make you suspicious that it may be fraudulent. It appears to be sent from info@nicolettebella.com. Nicolette Bella appears to be a makeup artist in London, according to Google, with a very active Instagram account. Sound like Apple.com to you yet? A mouse-over of the link “Verify now >” points to this very clever link www.apple.id.gbapp.email/apple/.   This link is designed to look like it belongs to apple.com but that is false. The domain hidden in this link is actually gbapp.email. A WHOIS lookup of this domain shows that it was registered on October 2, the day this phishing scam was sent and ownership is hidden behind a privacy protection foundation located in the Netherlands.

Delete!

2-PHISH-your Apple ID was used

 

Your Money: eHarmony, Taco Bell, Sam’s Club & Mystery Shopping Job

Apparently eHarmony has partnered with Oak Creek Houses to offer a free trial so you can find someone special in your area. That’s pretty funny considering Oak Creek Houses is a modular home builder in Oak Creek, Texas. Their website has been hacked and is being misused to host malicious software, not someone special.

Delete!

3-Free trial this weekend to eHarmony

What could be better than ALL YOU CAN EAT TACOS at Taco Bell? (No snide remarks please.) We loved this offer! “gets yours now.” “Our drive through window is open all day.” Of course the offer didn’t come from tacobell.com. It came from taco@fanphoone.com, whomever that is. We can find no website for fanphoone.com through Google but a WHOIS lookup tells us that it was registered from ENOM.com to a company called MB Webdesigns in Knoxville, TX on the day this scam email arrived. Hmmm….. We think the words that appear at the bottom of this offer say it all… “All you gotta do is end it.” Click that link and there will be no end to your troubles!

Delete!

If you think the Sam’s Club scam email below bears some resemblence to the Taco Bell scam above you’re not alone. We looked up ownership of the strange domain drnatcre.com and guess what we found? It was registered with ENOM.com by MB Webdesigns in Knoxville, TX on the same day the scam email was sent. Need we say more? Delete! (By the way, MB Webdesigns has registered 639 domains. We can’t find any business named MB Web or MB Webdesigns anywhere in Tennessee using Google. Wouldn’t a web design business have a web site?? And the address listed for MB Webdesigns in the WHOIS registration points to a condo in Knoxville. )

5-Sam's Club store pickup

Finally in this weeks Your Money section we leave you with this wonderful invitation to submit your CV and become a paid Mystery Shopper! The only mystery here is how badly will you get hurt once these criminals have your personal information and have fooled you into thinking you are their newest employee. Can you figure out which country “Allan FitzGerald’s” email came from? His email address is support@mairie-la-machine.fr. Notice the 2-letter country code? The email came from France. Read the email carefully and notice that you’ll be shopping at Western Union and Walmart. This scam has been well documented on the Internet. Here are several links that describe it…

https://www.westernunion.com/us/en/fraudawareness/fraud-types.html

(scroll down to Mystery Shopping)

http://scamvictimsunited.com/secret_shopper.htm

https://www.secretshopper.com/info/shoppers/scamalert.asp

6-Mystery shopping provider job

 

 

TOP STORY: Love & Sex with Strangers

The lure of love and sex has long been used by criminals for financial gain, even before the Internet. Every year there are online pornography websites that will quietly and secretly install malware into a visitor’s computer while they oggle pictures. The first step for these criminals is to lure people to their malicious sites. The first scam email below came from Lonely-Wives-Available@shownlonelypersonalaffair.win. Apparently there are 5 wives in our area looking for love. Oh my gosh! What if one of them is one of our wives?! (By the way, you’ll also see in the malicious score of 88/100 from the Zulu URL Risk Analyzer below that this website was registered in the United Kingdom.)

7-Lonely wives looking for affair

8-Lonely wives zulu score

 

And then we saw this email for a “live chat… with Russian Beauties” and were surprised to find that we can “meet the man you have been waiting for!” Scam or not, we have to give these criminals credit for crossing gender stereotypes and putting out this email to find a loving man, rather than a loving woman. Delete! (Notice the strange domain name used in this scam – stateduring.xyz – and the hidden white text at the bottom of the email which is meant to fool antispam servers.)

9-Live chat with Russian beauties

 


This last malicious email wants you to believe that “a sexy single in your neighborhood wants to hook up.” It pretends to be for an adult dating site called hookup.com. Though there is such a website, the email didn’t come from hookup.com and a mouse-over of the link reveals that it points to a suspicious shortened URL at tiny.cc. (For our readers who are unfamiliar with mouse-over skills, we urge you to visit our video to learn how to mouse-over links. This skill is the MOST important skill one can have to reduce risks on the Internet. Visit http://thedailyscam.com/mouse-over-skills/ )  Our longtime readers have heard us caution people in past newsletters about shortened URLs. They are often used by criminals because people don’t realize that each shortened URL is a redirect to somewhere else on the Internet. We used “Unshorten.it” to learn that this link doesn’t send you to hookup.com but to a domain called optout-bhzp.net. We suspect that optout.bhzp.net has been hacked and malicious software is waiting for you at the end of the redirected link.

Delete, delete!

So, to the point in this week’s Top Story… The next time you get a flirtacious email, invitation to hook up, or join some racy singles, think twice. There is a very good likelyhood it’s just a scammer’s trick to get you to click a malicious link.

10-Sexy single wants to hook up with you

FOR YOUR SAFETY: Signed Documents, Resumes & Tax Refund

Though we have reported on these very convincing short emails in the past, it is important that we do so again. The emails below are still flooding inboxes and they are very good at engineering recipients to click a link or download an attached file. Look at a moment in time in one email server as these malicious emails targeted about a dozen different users on September 28 over the course of 2 minutes.

 


Virtually every attached zip file in these emails contain very dangerous malware. Ask yourself if you would have clicked on the attached file out of curiosity if any of these had landed in your inbox.

12-Problems with parcel delivery to you

13-Signed documents you requested

14-Tax refund payment received

15-Signed documents zip file attached

ON THE LIGHTER SIDE: Dave Letterman is Back

We LOVED Letterman and were so disappointed when he signed off of late night TV. Imagine how psyched we were to get this notice that Dave is back! That’s right! Top Ten, here we go!

16-David Letterman is back

 

Until next week. Surf safely!