Please support our effort by making a small donation. Thank you!

x

September 18, 2019

THE WEEK IN REVIEW

Every week we continue to hear from people who either receive a call from someone (often described as having an Indian accent) claiming to represent Amazon and calling about a charge against the person’s account, or from people who searched for an Amazon customer service phone number in Google and stumbled upon a fraudulent phone number.  This lead us to explore one phone number that was reported as fraudulent: 800-300-9009. When we searched for that number, we found it listed on a website called 800tollfreenumber.netSTAY AWAY FROM THIS WEBSITE!  We’ve also found a fraudulent phone number for Oracle on this website.  Though this website was registered in March, 2018, it is very suspicious because it doesn’t appear to be registered by any verifiable business.

 

 

If someone told you that you were suddenly the person who made the 5 BILLIONTH search for something on the Internet and had won a prize for this remarkable distinction, we’re sure you would light up, smile and exclaim “golly gee!”  Right? That’s what we did in early September after winning this amazing distinction ourselves and then writing about it in our blog published on September 4, 2019.  You’ll never, ever guess what happened to us just two weeks later!  We won that prize again! What are the odds?! This time our notification came from a different website than the original site “bigabum15[.]live.”  We were directed to the prize website at  simplerdr12[.]life.  That exciting prize fulfilling domain was registered just a few days before we made our 5 billionth click!… again! We must be the luckiest guys on the planet!

Maybe we should buy a lottery ticket.

 


Phish NETS: JP Chase Morgan Bank

Fortunately, one of our longtime readers has a critical eye for details.  She received this “Account Notification email from “Chase Online” but saw that the domain it actually came from was not chase.com, it was chasen[.]com.  Chasen[.]com was a business that registered this domain back in 1995 and was then bought out sometime in the early 2000’s.  Oh, and our reader said she doesn’t have a Chase Bank card or account!

The link to “Login to Clear History” actually points to another Chase-mimicing website called “chasci[.]com.”  It was registered through a private proxy service on September 7, the day before this email was received. This is definitely NOT chase.com but if you’ll look below, the screenshot we made of chasci[.]com sure looks like it is Chase Bank’s website!

YOUR MONEY:  Most Dogs Have Oral Disease and Free Offer from eHarmony

This next malicious clickbait reminds us of the Dr. Seuss phrase “oh, the places you’ll go!”  It begins with the subject line “Clear your dog’s teeth right down to the gumline” and seems to come from “DogDentist” @ dogdentiss[.]best.  “80% of Dogs Have Oral Disease – Your Dog Might Be One of Them!”  Many people have dogs and we imagine that they might want to click that link to learn more about helping their four-legged family member.  But HOLD ON HERE! According to a WHOIS lookup of the domain dogdentiss[.]best, this domain was registered on the very same day that this email was sent!

That’s NEVER a good sign!

The security service at Sucuri.net tells us that this best doggy domain is blacklisted and a high risk.  One of the things it discovered is that visitors will be sent to another website called conceala[.]us.  When we asked Sucuri to look at conceala[.]us it told us that “Web authorities are blocking traffic because your website is unsafe for visitors. 

But there’s also more trouble ahead…

The Zulu URL Risk Analyzer warns us that conceala[.]us also contains two shortened bit.ly links that are hiding some form of communication with other websites.   We unshortened those bit.ly links using Unshorten.it and discovered that they are communicating with a website in India called apexpoint[.]co[.]in.  Any search for information about Apexpoint seems to turn up lots of links about spam and scams, including links to us!  We wrote about Apexpoint back in June, 2017!  It appears to us that dog lovers are in for quite a ride with a criminal gang in India.

Bad dog!

This next email may look in every way like it represents eHarmony but it doesn’t!  It came from news “@” youth-and-science[.]fun, not exactly close to eharmony.com.  Additionally, the Zulu URL Risk Analyzer shows us that visitors will be redirected to another website called yilopeet[.]com where you’ll find a free sign up offer that invites you to create an account or log in using your Facebook page.

Sounds like phishing to us!

TOP STORY: Stranger in a Strange Land

Robert Heinlein’s 1968 science fiction novel takes on new meaning if you consider life through the Internet today.  We recently had an opportunity to speak to about 50 tweens and young teens, age 12-13 years old. When we asked them if they had ever been contacted by complete strangers via computer, gaming console, or smartphone, the overwhelming majority said yes.  We found this a bit disturbing for several reasons…

  • Why would a complete stranger reach out to a child? Did the stranger knowingly contact a child?  Sadly, we think that the most likely reasons strangers contact anyone are reasons that are not in the best interest of children. (We are excluding reasons associated with professionals or online businesses from this reasoning.)
  • Generally speaking, 12-13 year olds don’t typically have the judgement or experience to deal with many of life’s challenging social circumstances. This point is exacerbated by the “disinhibition” associated with electronic communications such as social media, texting and email. Pour into this mix the fact that the frontal lobe of a child’s brain is poorly developed and thus they act primarily on impulse, means that the behavior of children may be manipulated more easily than adults. (self-reflection, deductive reasoning, and self-control are primarily processed by the frontal lobe of the brain.)
  • Generally speaking, children are trained to listen to, and comply with requests from adults.

Here is one small, but representative example, of what we mean. This email from a stranger recently came into one of our honeypot accounts.  Would a child respond to this? We think that a higher percent of children would respond to this email than adults.

Considering all of this, the idea of strangers reaching out to my 12 or 13 year old would not give me warm feelings about making new friends online.  And how does it feel to adults to be contacted by strangers? Of course we have an extreme case to share with readers and we’ll be the first to admit that it is NOT the norm, but it serves a point…

In April, 2019 a woman living in the UK named Laura contacted us for advice.  She had just opened a business from which she offered services/products through a Facebook web page.  Almost immediately Laura received friend requests from strangers. Lots of strangers. In 3 days, Laura received friend requests from 17 strangers. (She gave us full access to her FB account to see for ourselves what she was experiencing.)  All but one of these contacts appeared to be men and the majority of them showed that they were living across the European Union (Italy, Germany, UK) or Africa. Most of those in the EU listed that they were originally from African countries such as Nigeria and Gambia. Also, as you’ll see in the screenshot below, nine of these men reached out to Laura via FB messenger in the first week.  Understandably, all of this sudden attention made Laura feel extremely uncomfortable.

Curious fellows that we are, we did some digging into many of their FB accounts since they all seemed to be publicly available accounts, not private. Though several of these accounts did indeed have many FB friends (one had more than 1200), several also had very little information available posted about themselves and a few had “No Friends” visible in their accounts.  These “No Friends” accounts seemed to be little more than empty shells and we could hear the echoes of our footsteps as we walked around the account, looking for credible, verifiable information who the friend request had come from.

This experience was so creepy to Laura that she told us she was considering closing out the account entirely.  Laura’s experience may seem extreme to some of our readers, but is it really that extreme? Ask your friends and family members who have any type of Internet account whether or not they have been contacted by strangers online.  And, if so, how did that contact make them feel? No doubt, the answers will vary markedly, especially if one’s profession were a realtor as opposed to a 17-year old girl with a public Instagram account as opposed to an adult who blogs about cooking from her own website.  Any time our research has required us to reach out to a stranger as we investigate possible online fraud we have explained who we are, what we’re doing and how they can verify that information and contact us via more than one method.

Our readers know the lens through which we look at the disinhibited communication that happens across the Internet. Internet deceit is epidemic and there is little “medicine” available to cure this illness. And so it is always our recommendation that people be wary when they are contacted by strangers.

FOR YOUR SAFETY: You Might Appreciate This

One of our longtime readers sent us a message that appeared to come from a relative of his.  However, the email address that followed the relative’s name was not her email and came from a server in Japan.  The message was designed to produce a click! “Hope you’re having a great day. I thought you might appreciate this” and followed by a link.  That link pointed to a website that was registered without ANY registration information on the day the email was sent! (How this is even possible to register a website with no information is beyond belief in today’s interconnected world.  Blame ICANN and the Registrar system because ICANN doesn’t give a damn about the world, so long as they get paid!) We’re confident that the link in this email leads directly to a malware landmine.  To read more about these types of threats from people you know, read our feature article titled “From Hell.”

 

 


Until next week, surf safely!