Please support our effort by making a small donation. Thank you!

x

September 2, 2015

THE WEEK IN REVIEW

We were thrilled to see a few new tricks during the past week and also new variations of old tricks. Scammers have often targeted dog-lovers with malicious emails but this is the first time we saw a malicious email target cat owners. We also continued to see many email “ALERTS” about shocking videos and “someone viewing your criminal or personal records” yada, yada, yada. Fortunately, we received an email to help us manage our anxiety about all those people looking at our private records!

1-Savings on Cat Food

 

 

 

2-Shocking video reveals church coverup

3-Manage Anxiety

 

 

 

 

 

 

 

 

 

 

 

 

Sample Scam Email Addresses

#1 Method to Restore Your Hearing

8%–returns.. compare annuity rate Quotes

$5000 deposited to your account (this week)

ALERT: Your Court Report has been Reviewed Record #3414283

Costa Rica Travel Guide

Dr. Oz: She 10# in 15 days, Ships Free 8/30/15

Experienced and aggressive Personal injury Lawyers!!!

Free a Family – member from addiction.

Greetings Dear Friend

Important Notice

Toxic bug makes you fat

Unable to deliver your item, #0000355209

YOUR ATM CARD DELIVERY NOTIFICATION FROM THE FBI!!!

 

Sample Scam Email Subject Lines

Beats_Fall_Clearance@ellipticpress.date

BusinessFunding@gonerast.review

Dr.HillerWalker@fir4ad.eu

Eharmonypartner-(your email address)@vrescy.com

GenieZipBraBenefits@federly.review

HealthTips@tworeent.eu

MichaelKors_LaborDay_Clearance@climateprogram.racing

Move-with-Allied@follmy.faith

Natl_Center_for_BioTech@nervepainstopencourage.faith

Obama-PopeConspiracy@survivalcircumstances.faith

OutdoorPools@alberticle.win

RegisteredOffenderMapsKidsLiveSafe@speedmettle.review

RentAYacht@studentswilluse.review

TechCrunch.iPad.Gadget@holdmen.date

 

 

 

 

 

 

Phish NETS: Apple GSX Access Blocked

Fortunately phishing scams were hard to find this past week. However, this “Important Update” scam we found was very artfully crafted and contained a very risky attached file. The scammers used a domain look-alike trick in the from address so it seemed to come from gsx.com. The domain gsx.com is a legitimate website but not Apple Computer’s website. The legitimate Apple “Global Service Exchange” website is gsx.apple.com.

What makes this scam possibly more risky than just a phishing site meant to capture login credentials of those who offer repair services of Apple computers is that the attached file is a web document (.htm file). A web document can have all kinds of code in it that will instruct a web browser to do various things. This can include code to retrieve/deliver malware, notify someone on the Internet with information about the user who opens the file, etc. Please visit our article “File Names Will Set You Free.”

 

 

 

 

YOUR MONEY: Marriott Gift Card, Labor Day Clearance Sales

Our readers should recognize the design of this next scam. It has been used many times before but with the names of other businesses such as CVS and Amazon. The email came from MarriottCustomerRewards@perfumeswipe.faith.  This is a perfect opportunity to remind our readers that anyone can create an email with any username in front of the “@” symbol but that username doesn’t make it true. “MariottCustomerRewards” is no different than seeing “JohnSmith” or “putmynamehere.” What is most important is to look at the domain name that follows the “@” symbol: perfumeswipe.faith.  And if you think for a moment that it will help you to click the Opt out link at the bottom of the email, do not click! Read our article Unsubscribe me…Not!

5-Marriott gift card 50 dollars

 

 

 

 

 

 

 

Scammers often link their scams to major events and holidays, such as Labor Day. Check out the email below that seems to be about a blow-out cybersale from Quibids.com for Labor Day. The email comes from iPad-LaborDay-Liquidation@waybase.win and the link leads to waybase.win, not Quibids.com. Also notice that the Labor Day sale expires on the day the email was sent (hurry now to take advantage….) and before Labor Day is here! Anyone can say anything on the Internet and get away with it! In case you had any doubts, check the Zulu URL Risk Analyzer’s score for the waybase.win website. Just delete!

6-Labor Day clearance sale

 

 

 

 

 

 

 

7-Labor Day clearance sale- Zulu score

 

 

 

 

 

 

 

 

TOP STORY: Sex Manipulates Internet Traffic to Dangerous Websites

Remember the adage “sex sells?” That is certainly true on the Internet as well. And this explains why sexual content is often used to entice people to click links and visit websites that result in computer infections, financial losses, and other serious consequences. Below are a variety of scams related to sex/porn that targeted people during the past week. The first is an email invitation that seems harmless from a woman named Gretchen. There are no links or attached threats that may be threats and “Shepherd62c1f@vasquezinsurance.com” simply seems interested in getting to know you.  Though there is an insurance company by this name which registered its website in 2004, there is no guarantee that this email came from that company or from anywhere in the United States. (Notice the bad grammar and spelling… “you was online 3 days ago” and “Hellow”) Innocent email contact is often the first step to manipulate the recipient.

 

8-My name is Gretchen

 

Check out this blatant porn email to “meet sexy singles for free!” Before your curiosity gets the better of you, know that the website was registered in Russia (dot-ru) just ten days before the email was sent and the Zulu URL Risk Analyzer states that it is hosted in China.  Also both Websense ThreatSeaker and the Zulu URL Risk analyzer have identified this website as malicous.

9-Meet Sexy Mates-ru

 

 

10-Meet Sexy Mates-ru Zulu Score

 

 

 

11-Meet Sexy Mates virustotal score

Finally, in this week’s top story we wanted to turn your attention to the app called Tinder. Tinder says that it is “a fun way to connect with new and interesting people around you.” Parents should be forewarned that this is a VERY ADULT app with many risks and is primarily used by college students and twenty-somethings to meet/hook up. However, Tinder users are also targted by phony text messages such as this one below from “Paulene.” The link in the text message is a shortened URL and purposely obfuscated. Using the website Unshorten.it, we were able to demonstrate that the shortened goo.gl link points to a live sex cam porn site displayed in German. Ownership of the site is hidden behind a WHOIS Guard proxy service. Caveat emptor.

 

 

 

 

 

 

 

 

 

 

 

 

So the next time your sexual curiosity takes you onto the Internet, we recommend keeping a very healthy dose of caution by your side. If you know of any young adults using Tinder, though they may roll their eyes at you, please urge them to raise their awareness about scams that target Tinder users. Here are several articles worth sharing:

http://netsecurity.about.com/od/securityadvisorie1/fl/Could-Your-Tinder-Match-be-a-Scam-Bot.htm

http://www.theguardian.com/technology/2014/jul/16/tinder-spam-adult-webcams-fake-prostitutes

http://www.businessinsider.com/how-to-spot-dating-site-scammers-on-okcupid-and-tinder-2015-7?r=UK&IR=T

 

FOR YOUR SAFETY: Tricks to Engineer Your Clicking Behavior

During the past week we saw many samples of short malicious emails meant to produce a click. Some of these emails were sent to us from our readers. Thank you! Each of the attached files or links in these emails results in a computer infection. (Didn’t we mention you should read our article Filenames Will Set You Free? These emails claim to be EZ Pass notices, FedEx deliveries, attached resumes, fax notifications, and even Visa card payment notices. (And yes, Word documents can contain malware.)

 

 

 

 

 

 

16-Resume attached

 

 

 

17-You have a fax - zip file

 

 

 

18-Visa Card Payments this month

 

 

 

 

 

 

ON THE LIGHTER SIDE: Mystery Shopping Opportunity!

We’ve needed to get some back-to-school shopping done and coincidentally received this email that couldn’t have been better timed! Shop AND make money! We are so psyched! We emailed our reply to Mr. White right away so we won’t miss our chance! (By the way… We reported on “mystery shopping” scams in our July 15, 2015 newsletter!)

Until next week. Surf safely!