Please support our effort by making a small donation. Thank you!


September 30, 2015


The past week was very unusual. We saw a noticeable decrease in the amount of spam and scams compared to the typical level over the last few months. We have no idea why and wonder if our readers also felt a bit of relief in the volume of scams filling their inboxes. However, the scams that did fill our mailboxes were just as malicious and sneaky as ever, especially the very nasty scam highlighted in this week’s Top Story.

In case you missed seeing some of the reward and gift scams this week, here is a sampling of three that crossed our inboxes… Rite Aid and Walmart Customer Rewards, and a Southwest Air Rapid Reward.

1-Rite Aid customer reward2-Walmart customer appreciation reward3-SouthWest Air rapid reward

Sample Scam Email Addresses

2015 Home Refi Review

Aetna: Offering $30/mo. Health insurance

Bill Gates: This made me 20 million last month

Cloud solutions Perfect for Business

Courier was unable to deliver the parcel, ID0056300534

Don’t let Drug Addiction – Control your Life

Find any lost – items in seconds.. Using iPhone or Android

Get Support Fighting Addiction with Drug Rehab Programs

Implant Dentures for Less

Low – Cost Navigation Systems

New – invention Every iPad accessory Rolled into One

Refinance at 2.89%. Don’t miss out.

WARNING: Stop taking your anxiety meds before they kill you!

Sample Scam Email Subject Lines





Phish NETS: PayPal Warning!

This PayPal phishing scam is so poorly crafted that it’s actually funny. Read the warning carefully and you’ll see what we mean… “Your account PayPal has been limited, Because we are Found many informations is absent, Please update your account now , For continue with best services.” The email was sent from with the subject line “Warning: Update your account.” By the way, the link leads to a URL shortening service called and it was suspended soon after it was created.

Clearly, English is not the first language of the criminals who created this poor phish. We’re not sure these guys could pour water out of a boot even if the instructions were posted on the heel. Laugh and then delete.



Your Money: DISH Network, ADT Voucher & Fantasy Football

All three of these seemingly legitimate email pitches have very questionable tactics that should make any consumer suspicious. The Direct TV Dish offer email comes from a web domain called Google cannot find any website of that name and the link in the email leads to a shortened URL “” Scammer have often used shorted URLs because they hide the real destination of a link. Read our article titled Risks of Shortened URLs.  None of the links lead to Dish Network (

5-Unbeatable value from DISH

We asked the Zulu URL Risk Analyzer to check out the link and it came back saying that there were too many redirections. One of those redirected links was to a website call and another to a website called But none to These two websites end in 2-letter country codes. Can you guess the countries for .my and .im? The answer is below.

(.my is the country code for Malaysia. .im is the country code for Isle of Man, a small island located between Ireland and England.)

The link in this next scam for an ADT home security voucher and gift card leads to a web domain called Sound like ADT to you? This time Zulu Risk Analyzer gets it right. It rated the website linked to this scam as 100% malicious!


 7-ADT Voucher and gift card


8-ADT voucher zulu score



TOP STORY: eFax Word Document

This week’s top story begins with an email sent to a woman we’ll call Lisa. Lisa was identified by name in the email. She was told that she had a 2-page eFax attached to the email as a Word Document. Not only was Lisa identified by name but the telephone number named as the source of that fax was a utility company just a few towns over from her home, and a local number. And what made this all the more convincing was that all the links in the email pointed back to There was only one small problem. It was actually a well-crafted and targeted attack.

 9-Targeted attack eFax

Lisa clicked the attached Word document which downloaded and opened. When Word launched Lisa was presented with the request you’ll see below. “Please enable Editing and Content to see this document.” This request made her suspicious and that’s when she called us. The Word document contained a hidden visual basic script that attempted to contact a random assortment of websites set up by the scammers to deliver very malicious software directly to Lisa’s computer. Fortunately, Lisa did not give permission to this nasty script to run. Read what says about this awful attack. Lisa, thankfully, dodged a bullet.



10-eFax malware Word doc image

FOR YOUR SAFETY: Woman of Distinction Invitation

Women of Distinction is a legitimate publication and the website is It defines itself as a national publication and community of professional women. However, the very attractive invitation below was sent from a domain called and the link leads back to that website. According to a WHOIS lookup, the domain was registered on the very day the email was sent and the ownership is hidden by a proxy service called WhoisGuard. As far as we can tell the domain is being hosted in France. Notice in the email that there is pressure to reply in just a few days. This lovely invitation is a wolf in sheep’s clothing!


11-Women of distinction


ON THE LIGHTER SIDE: Homemade Hair Restoration

Though we don’t like to admit it, we’re getting older. And our hair is getting thinner. But now we have hope! And best of all, we can make this formula at home! Can’t wait to learn more….


Until next week. Surf safely!

12-Homemade hair restoration formula