Please support our effort by making a small donation. Thank you!

x

September 9, 2015

THE WEEK IN REVIEW

On the one hand it feels like the criminal gangs have upped their game by sending out some very targeted malicious scams to people based on the position they hold in their company or organization. For example we learned of a malicious email from an “International Women’s Leadership Association” sent to a female leader of a non-profit recently. On the other hand, we also saw some of the most amateurish and ridiculous scams too, such as an “advance fee 419 scam” that was supposedly sent from Michelle Obama! We enjoyed that one. Check out our newest feature article reviewing a month of Advance Fee scams. We hope you enjoy these as well…

 

Sample Scam Email Addresses

Beautiful Beach Resorts ….Close to Hawaii Attractions

Congratulations on Your Macy’s Labor Day Points, No. 5178942

Congratulations you have been chosen to receive this magazine

DraftKings has the Biggest money pools of for every professional sport

End-of-Summer LIQUIDATION: Michael Kors Signature-Tote $7.17, Thru 09.05.2015

Foods Proven to Shrink Belly Size

Labor-Day-Weekend Savings: Apple iPad Air 2 64GB Wi-Fi $28.83, Ends 09/04/2015

Major Scandal Takes the Renewable Energy World by Storm

Problem with Parcel Shipping

Re: Hot Asian woman-Reset password and see free profiles Today

Re: Party Invite

Southwest wants to give you a Labor Day bonus

Take Your Place Today Besides Other Remarkable Women

Wired –iPad Lovers Must Have

Your September Matches: (9) positions match your experience, starting at $2.7K/month

 

 

Sample Scam Email Subject Lines

Amazon-Prime-Reward@somehowgiftcards.win

Anna_Y@searchjobvisit.faith

Asus_LaborDay_FlashSale@conepeak.racing

CheapEnergyGenerator@power-generate-new.review

Cigna.Supplement.Benefits@superbhealthplans.date

CNNHealth_Memory_Booster@obipipe.win

Daily-Fantasy-Football@unifytelephony.date

eharmonypartner-[User’s email address]@polishedpearldesigns.com

Employment-Specialist@homeincomesystemzone.win

Epson-Re-Fill-Clearance@groundworkcontracts.date

FanDuel@livefootballfan.racing

Marriott-Customer-Rewards@pressworldwide.racing

Natl_Center_for_BioTech@dailyneuropathycare.faith

noreply@secureserver.net (Email with malicious zip file)

VisitIreland@grainyphoto.space

 

 

 

 

 

 

 

Phish NETS: Bank of America, Apple iCloud Account

Check out this very slick email from abuse_Alert@bankofamerica.com below. The email address was spoofed to look like it came from the real Bank of America and the subject line “Unusual credit card activity detected on your Account” is certainly designed to get your attention. Everything about this email looks legitimate EXCEPT for the fact that a mouse-over of the link in red points to a shortened URL at bit.ly, not bankofamerica.com. Fortunately, the redirect that this phishing email pointed to was taken down pretty quickly. Security services such as Sophos have reported in the past that the average life of a link for a phishing scam is about 1-3 days.

 

By our unofficial estimate, Apple Computer has far surpassed PayPal and Bank of America as the MOST TARGETED company by phishers. (Read our feature article Anatomy of a Phish.)  The email below looks like it might be official because it was sent from bounce@iosdevicesupport.com but that isn’t Apple.com! The criminals sending out these tricks have purchased dozens of domains over the last year that sound official but are still not apple.com. And the link in this email doesn’t lead to apple.com but to a website called supportforapps.info.

Just delete!

 2-iCloud Final Warning

 

YOUR MONEY: Amazon & Walgreens $50 Promotional Credits

We’ve said it many times…. Pay no attention to the smoke and mirrors written in front of the “@” symbol of an email. Anyone can select anything to appear in front of the “@” symbol. This first email is just another perfect example: “Amazon_Reward_Center @coupongiftsposing.faith.” The domain coupongiftsposing.faith is very odd. According to a WHOIS lookup the website was registered to someone named Judith Obrien on the day the email was sent, a common practice of scammers. Notice the odd text at the bottom of the email that looks like it was lifted from a YELP review. We actually found some of this text on the YELP review for a restaurant called Ram & O’Hare’s in South Dakota!

 

You can tell by the design below that this next scam for a Walgreen’s Labor Day Thank You reward was designed by the same criminal gang who created the Amazon scam above. These scammers will often take advantage of holidays like Labor Day to target people with shopping and discount scams.

Just delete!

4-Walgreens promotional credit 50

 

 

 

 

 

TOP STORY: Scam Hits ‘Map My Ride’ App and Fundraising Scams Revisited

This week’s top story hit the smart phone of TDS Content Director Doug Fodeman…. I use a wonderful app called “Map My Ride” to track my bike rides and share them with friends. A couple of days ago I received a message in Map My Ride. When I clicked on the mail icon my phone’s browser immediately launched and went to the very deceiving website apple.com-luckywinner.com and displayed the message “Your Apple device was selected because we need more testers for the new iPhone 7. Press OK to participate and receive a free iPhone 6.”

5-Congratulations lucky winner

 

The only choice given was to click OK. I immediately force-quit Safari but couldn’t remove the offending message from my Map My Ride app. After getting online I used several tools to investigate if apple.com-luckywinner.com was a threat and found no immediate threat so visited the website. This was the next message I received…

 

 

 

 

 

 

 

 

My experience has taught me that NO ONE gives away iPhones and I am certainly not a randomly selected lucky winner. Let’s investigate this trick…

  1. The creators of this scam have cleverly created a domain name that is very misleading. The domain is the part of the name that immediately preceeds the global top level domain (gTLD). The gTLD here is “dot-com” (.com) and so the domain is actually “com-luckywinner.” The “apple” that appears at the beginning is called a subdomain and is separated from the domain by a period. ANYONE can select ANY subdomain they want. When it is put all together it looks like this is from apple but it is not: apple.com-luckywinner.com is not apple.com.
  2. According to a WHOIS lookup, the owner of this website has chosen to hire a proxy service to register the site to protect his/her identity. The website was registered on July 9 and we’ll never know who really owns it. (The WHOIS record was updated on July 6th, the same day the scam hit me, but it isn’t clear why.)
  3. A web search turned up several discussions about this scam, including this recent conversion on Apple’s discussion boards: https://discussions.apple.com/thread/7132971 According to the conversation, people are asked to pay a $2 fee in order to get their iPhone. Besides losing their $2, they also have given the scammers their credit card information and a lot of other personal information needed for this “promotion.”

Do you remember the adage “if it seems too good to be true, it is?” Just delete! By the way, I have found other conversations online about this exact same scam but they refer to a website that is nearly identical: apple.comluckywinner.com. (no dash in the name.) Also, just to be on the safe side, TDS strongly recommends clearing the browser data/cache on your iPhone if you are hit with this scam. (Go to the Settings app and scroll down to select Safari. Then select “Clear History and Website Data.”

TDS was recently contacted and asked about the following email about Midland Fundraising:

 

Do you notice that the name and domain of the sender doesn’t match the name and domain of the person within the email? This company is extremely suspicious. We researched and wrote about them in the Top Story of our April 22, 2015 newsletter. TDS strongly recommends against doing any business with Midland Fundraising, or it’s related companies.

 

 

FOR YOUR SAFETY: Party Invite and Company Complaint

We have reported several times in the past about very dangerous short emails with attached malicious files pretending to be payment invoices, notices about undeliverable parcels, and notices to appear in court, etc. This past week we saw two similar emails that we’ve never seen before and equally dangerous. Check out “party invite.” “Hello, it was not easy but I got you an invite to the event.” The attached Word document carries malicious code. As does the email below it… “This message has been generated in response to the company complaint submitted to Companies House WebFiling Service.” That zip file contains malware! By the way, “Companies House” refers to a legitimate United Kingdom government website that overseas the creation and dissolution of UK companies.

Delete, delete!

8-Party invite

 

 

 

 

 

9-Re company complaint

 

 

 

ON THE LIGHTER SIDE: Yoshi Grill!

Though summer is practically over we’re hoping to hang on to those last moments by buying an awesome new grill! A Yoshi grill! We received this great offer in our inbox… Buy 1 Get 2 Free! And look at the accessories we get! We hope it won’t take too long for us to get our grills though. The website was registered and hosted in the Czech Republic the day before the email came out.

Until next week. Surf safely!