September 27, 2017

[hr_invisible]

Phish NETS:  Chase Bank, DropBox, and Your Apple ID

“Dear Valued Chase Customer, This is a security alert to help you protect your account as we consider it necessary for the purpose of maintaining basic safety tips to help customers secure their account.”  If you read carefully all of this email, you’ll get a sense that English is not the writer’s first language.  There are subtle grammar errors and awkwardness to some of the sentences.  Mousing-over the link “chase.com/authtifictn/cm” shows that the link does not point to chase.com but points to a website called my78692-DOT-com. This domain was registered on September 4 by the alias “Sam Adams” from Kharkivs’ka oblast, Eukraine (near Russia).

Delete, comrade!

[hr_invisible]

This next little gem stood out because of an email address that begins with DR()P-B()X.  Gee, ya think this could be legit?  “You Have Received Seven pdf files attached by dropbox.”  Can you figure out what country the link points to?  We had to look it up….  “.ml” is the 2-letter country code for Mali!

[hr_invisible]

And last, but not least, is this phish for your Apple ID.   “Your Apple ID has been locked.”  If you look carefully you’ll see that the email didn’t come from Apple.com, it came from secure @ appleid.ssl.com.  That’s a big difference!   Also, the link for “Click here to validate your account information” points to a site that seems official, myappleid-secure-DOT-com, but it is not apple.com.  That website was registered on September 21 to a “James Wilson” from London and the website is being hosted in Panama.  Sound like Apple to you?

[hr_invisible]

[hr_invisible]

YOUR MONEY:   Michael Korrs, Ray Ban and Oakley Sales!

If you care for fashion at all, you know about the brands Michael Korrs, Ray Ban and Oakley.  These are expensive products and also heavily targeted by cheap knock-offs from China and elsewhere.  So when you see these next three ads you might think “oh, just knock off products.  Maybe I’ll get one anyway.”  Don’t!  These are much more than knock-offs!  These offers are click bait to sites that are more likely to cause a computer infection.

The first email, seemingly for Michael Korrs products, has links that point to a website identified as 038235-DOT-com.  However, if you look carefully at the link, you’ll see that you will be redirected to a web site called mkoroic-DOT-com.  Both the Zulu URL Risk Analyzer and Sophos anti-virus have identified this site as malicious.

[hr_invisible]

How about this 90% sale on Ray Ban sunglasses, says an email from youmustbuy-DOT-top.  Links in this click bait point back to a domain called zdwff-DOT-loan. Who sells $200 sunglasses for $15.99 anyway?  The Zulu URL Risk Analyzer finds this malicious as well.

[hr_invisible]

Finally in this fashion group is this email from johnnie @ yvette.eaiia-DOT-com with the subject “1000s of items ON SALE!”  Links in the email point back to the oddball domain llil.trade.  Both domains (sender and link) are registered to different people in China.  The sites we use to evaluate these websites did not score these as malicious BUT we don’t trust them at all.

[hr_invisible]

[hr_invisible]

TOP STORY:  Fooled on Facebook!

Anyone paying attention to the news and following stories about Russian hackers influencing the last U.S. election may have heard about their manipulation of Facebook.  Facebook recently announced that it had identified more than 3000 polictical ads that were fake and came from sources in Russia.  Anyone using this social media platform should understand that Facebook is often misused to display fake or malicious advertising, Internet hoaxes, and bogus posts.  There have been thousands of fake accounts for both people and companies, as well as ads for crap companies who are trying to appear legitimate.  Over the years we’ve seen all of these examples on Facebook.  Here are some recent ones…

One of our readers sent us this Facebook ad in early September to ask if it were legitimate.  It depends on how you define legitimate, we said.  Is this a real watch that tells time that you can buy and receive?  Yes, as best as we can tell from Internet posts.  However, caveat emptor! Let the buyer beware.  There are lots of online complaints about this company’s advertised products…  “We’re offering watches for free to create word of mouth buzz for Mocelli…”  Just Pay Shipping.  But what if the shipping costs more than the value of the cheap watch?  That’s what some people claim on Reddit.com. And Reddit users are not the only ones complaining.  Onlinethreatalerts.com posted a similar article.

[hr_invisible]

There are also Facebook ads and posts that are completely fabricated click-bait.  Sadly, they are often so far from the truth that people click because they cannot believe such a thing is true and they have to see it for themselves. Some of these posts and ads have been malicious so clicking on them is never a good idea.  It would be better to visit legitimate news sites and look for news to back up the claim being made on Facebook, though you’ll rarely find it.  Take this ad about Sylvester Stalone…

[hr_invisible]

“Goodbye to Stallone!”   “A Legend is Leaving Us After…”  The ad appears to be a post from espn.com but it was phony-balony and those who clicked were directed to a website called Hollywoodsocialtrends, pushing products for “gym supplements.”  This scam was written about in an article from HollywoodinToto titled Facebook Must Lose Its Phony Sponsored Posts. Some FB users have also complained to FB about these ads in the Facebook community forum.  This article on Hoax-Slayer.net tells the sad tale that many of the celebrity death fake news posts seen on Facebook have led to malware infections on people’s computers.

Other posts, though harmless, are misleading and annoying.  There have been hundreds of hoaxes perpetrated by those who get pleasure by seeing how many thousands of people will spread the lies they fabricate.  Just a few days ago one of our friends called us to ask if a post she received from a relative was legitimate.  “Please tell all the contacts in your messenger list not to accept anything from Fabrizio Brambilla.  He has a photo with a dog…”  The text goes on to describe how your account will be hacked if you accept anything from him…

[hr_invisible]

Of course we Googled “Fabrizio Brambilla” and immediately found many articles listed on hoax sites exposing this as an urban legend, such as this article on Snopes.com titled Social Media Hacker Warning

Ironically, during our research for this article on September 24, we also found this fake ad about Melania Trump posted on Snopes.com, the beloved anti-hoax site itself!  So this problem is not just a problem for Facebook!

[hr_invisible]

Google shows precious little information about theorganicandyou-DOT-com, the website you’ll be directed to if you click the Snopes ad about Melania Trump.  And a WHOIS lookup for the domain theorganicandyou-DOT-com reveals that this website was registered through a private proxy service in Panama on July 3, 2017.  Google finds no such quote from Melania Trump either.  Does any of this seem legitimate to you?

[hr_invisible]

As always, our bottom line is this…  Not only is deception far too easy on the Internet, but time and time again there is proof that the Internet and social media are being manipulated for someone else’s agenda or gain.  Keep a healthy dose of skepticism about what you read online or via your smartphone!  Instead of believing everthing, get in the habit of verifying it or believing only what you read on highly trusted websites!  Here are a few related links to this story…

https://www.nytimes.com/2017/09/06/technology/facebook-russian-political-ads.html

https://www.forbes.com/sites/mattdrange/2017/03/02/a-basic-design-feature-makes-it-easy-to-create-fake-advertisements-on-facebook/

https://www.theverge.com/2017/8/28/16215780/facebook-false-viral-hoaxes-trump-malicious-suspicious