Please support our effort by making a small donation. Thank you!


September 16, 2015


“Last night i received a text message from a girl who said she was someone who i was talking to a few weeks ago from a site and was just finally texting me. So i answered back saying hi…”



Surprise! The past week was a bit quieter than most. We would like to think that the scammers were busy getting their kids back to school. More likely, however, is the fact that last week was a big vacation week and many malware-infected computers around the United States were shut down and unable to spew out spam and malicious emails for long periods of time. (Botnets push out most spam/scams in the world. Check out our definitions page to understand what a spambot is.)  In either case, we’re grateful!

By the way, McAfee Labs recently came out with their 2nd quarterly Threats Report for 2015.  Check out these two graphs showing the volume of web threats in general and phishing scams they detected. Keep in mind that they measure their data in the half-million and five-million increments!

1-McAfee Labs phishing threats

 2-McAfee Labs web threat data


Sample Scam Email Addresses


Cut costs on car insurance

Eliminate having to Wear – glasses

Expert plumbers for any plumbing need
Find an app Developer near you…

I’m sick of hearing your BS!

Invoice Hermann Conn

New Fax – 800273336

Payment Invoice

Pills for Health

RE: Donated to you

Suspicious-texts.. in His phone? Find the phone # instantly

Take advantage of roofing specials in Your city

Women’s Leadership: Step up and lead – Develop your leadership style

Sample Scam Email Subject Lines






Phish NETS: Dropbox

We’re honestly not 100% sure if this is a phishing scam or simply another malicious trick to infect your computer, or likely both! Fortunately, the scam is easily revealed by mousing-over the link to show that it doesn’t lead to It leads to, a website we have seen misused before. Would you have been curious enough by the subject line “Rolando Oneil shared MonthlyStatement_SEP_15.pdf with you” to open it? Would you have clicked on the link? To confirm the malicious intent, we checked out that link at and look below to see what it confirmed.

Just delete!

3-Rolando used Dropbox to share a file

4-Rolando used Dropbox virus score




YOUR MONEY: Amazon Prime, Costco and Timeshare Offer

It is typical scam behavior to send out a bogus offer that expires either the day it is sent or a few days later. Check out “Amazon Prime Customer Appreciation Voucher expires 9.10.15” below. The email went out on September 9 at 6:13 pm. It’s as bogus as a $3 bill. Or how about the Costo Gift Card notification below. It is also expiring in a few days. “Your $250 gift card is expiring soon.” Of course, neither email comes from or

Delete, delete!

5-Amazon prime customer appreciation voucher 


6-Your 250 Costco giftcard expiring

We admire the clever tricks used in this next scam about buying “your” timeshare. “Offer #714193919 made Thursday to purchase your timeshare.” The bait… offer more money than what something is worth. While timeshare owners are wondering how much the offer is for, you might miss the fact that the email doesn’t come from (a real Wyndham website) and it doesn’t contain any information that identifies the recipient or location of the timeshare. Look closely at the from address. Can you spot the scammer’s trick? By the way, as we started to read the black text hidden in the black box at the bottom of this scam email (and meant to fool antispam servers) we thought it sounded familiar so we Googled the first line. It comes from Chapter 2 of Jack London’s The Call of the Wild! At least our scammers have some good taste in literature!

7-Offer made Thurs to purchase your timeshare




TOP STORY: Wolf in sheep’s Clothing?

This week’s top story was a surprise to us and began when we discovered a single small email with malicious intent that attracted our curiosity…

8-top story 1-tips4spyware


Though the email came from an address in Spain (, where “.es” is the 2-letter country code for España) it contained the real email address of a realtor from a local realty firm. Obviously the realtor’s email had been hacked and email addresses were stolen. Those stolen addresses are now being targeted by malicious emails. However, what really caught our attention was the irony of hacking into and hiding malicious files on a website called We wanted to inform the website owner’s that their website was hacked and hosting malicious software so we used a WHOIS to look up their details  after finding no contact information by doing a Google search for their email or phone number.

It turns out that the domain is owned by HICHINA ZHICHENG TECHNOLOGY LTD. In Beijing, China and hosted by Alibaba. Some of the ownership info is hiddent by a proxy service. This is not what we expected for a website that seems very American and intent on helping netizens avoid or clean up spyware infections. This bit of information led us to run a Google search of the company HICHINA ZHICHENG TECHNOLOGY LTD and we saw many negative links from people to avoid this company including this thread from Scamwarners:

We also found this Beijing company mentioned in a long thread of messages from a 2014 discussion about scams titled “If it sounds too good to be true” on Brian Kreb’s website.  For those who don’t know him, Brian is a highly respected reporter about online crime. We recommend his blog enthusiastically!

We used the Zulu URL Risk Analyzer and to check out but the results were negative or marginal so we decided to visit the website. A visit to immediately forwarded us to a very scammy website and the message “Congratulations! You are Todays Lucky Visitor” with multiple windows opening in the background. A WHOIS lookup of shows that ownership is hidden by a Proxy Service and it was registered this past April. The whole thing smells! We cleared our web brower’s cache just to be sure and ran a virus check.

9-top story 3-you are lucky winner

According to, has been used at least twice to host phishing scams.  Given what we have seen and learned about the domain and its owner in Beijing, China we consider this website HIGHLY suspicious and would never recommend taking any advice it provides. And NEVER download the tools it offers to clean out spyware from your PCs. Caveat emptor!

FOR YOUR SAFETY: Contract Edits, Fax, Payment Invoice, Fedex, “This Site May Be Hacked.”

The many small malicious emails continue to fill inboxes. Each contains either a link to malware or malware attached in the form of a zip file, jar file, infected Word or Excel document, etc. (A jar file is a group of aggregated javascript files and can be extremely dangerous!) Here are four recent examples…

11-Edits of contract




 12-New fax



13-Payment invoice attached for reservation



14-Fedex-we could not deliver your item




It is important to note that Google will sometimes inform a user that a website “may have been hacked.” It has been our experience that “may” means this website HAS BEEN hacked and is hosting malicious software! STAY AWAY! We wish Google made this warning more visible, or at least showed it in red. Here are a couple of recent examples…

15-Voteforgarcia-com hacked







16-Wordanst on Google shows hacked


ON THE LIGHTER SIDE: I have a video you must watch right now but please be warned, it contains graphic content.

Uh, well…. Yes. It is a graphic after all so it contains graphic content. Did they mean graphic violent content? We get that kind of content just looking at the evening news. But hell, we’re simply excited about learning some defensive moves so we can walk confidently down any big city back alley! Until next week, surf safely!

Until next week. Surf safely!

17-A video you must watch right now