Copy


THE WEEK IN REVIEW

Do you know what is the favorite currency of most scammers? Money cards! These are cards onto which money is loaded or preloaded, and are not associated with any bank or other financial institution.  All that is needed to pull money out of these cards is the numbers on the back of the card. The perfect example is a MoneyPak Green Dot card.  However, gift cards of any kind work just as well, such as an Apple Gift Card.

The reason we mention this is because it should immediately make anyone suspicious that they are being scammed when the person asking for payment specifically asks for payment through a money card.  We’ve heard stories from people who have been asked, for example, to buy five $100 Apple Gift Cards, scratch the covers off the numbers on the back, and then text those numbers to the person asking for payment for a jury duty summons!  Or this example (see screenshot below) of a man who pretends to be the father of an underage girl. He and his wife are demanding payment from a man in his 30’s who thought he was communicating via a dating app with a 23-year old but was informed that she was 17.  In fact, there was no “she” at all. The entire thing is a scam we’ve documented well after hearing from more than 840 men!  (Read “Plenty of Fish Has Plenty of Sharks.”)  The “Father” texts the soon-to-be victim telling him how he wants payment for the supposed sexting exchange with his underage daughter.  A MoneyPak card is required! Men hit by this scam have offered checks, cash in person, bank checks, but they are all declined.


 

We don’t often recommend products or services to our readers.  However, we’ll make an exception because this particular service is so outstanding and is centered around education and training.  The service is called KnowBe4.com and is for businesses, organizations, schools and non-profits.  Their service trains employees to significantly reduce their risks by learning how to recognize fraudulent emails -- e.g. malicious emails to ransomware, phishing emails, and others.  The best part of their training techniques is that they have hundreds of different kinds of fake emails that employers can actually send to their employees to see if they fall for the tricks (harmlessly, of course! And with training tips for those who click.)

There is a tremendous value to learning how to recognize 2-letter country codes in both an email address and domain name.  These country codes indicate the location of an email server or a website, and often make it possible to detect online fraud.  You’ll see many country codes appear in the content of this week’s newsletter. To learn more about detecting 2-letter country codes, visit our two minute video on the topic.  You can look up 2-letter country codes by visiting the “decoding table” on this Wikipedia page.  Hover your mouse over the 2 letter code in to see the country revealed.

Daily Scam Home Page

PHISH NETS
Bank of America and Chase Bank

One of our readers was targeted by both of these phishing scams.  She’s smart enough to smell the fraud! The first phish wants you to think that Bank of America is “updating their systems” to “bring enhanced features to your Online Banking experience.”  A close look at the FROM address makes it painfully obvious that this email didn’t come from bankofamerica.com.  In fact, the email was sent from a server in South Korea.  Also, mousing over the link highlighted in red clearly shows that it points to the domain unlockarewa[.]com, not bankofamerica.com! 

A big, fat delete!


 

There are many similarities between this Chase Bank phish and the Bank of America phish.  For example, it is rare that we see text highlighted in red. And yet, these two phish, sent about 90 minutes apart to the same person, both contained text highlighted in red.  This phish was sent from a server in Germany. (Note the 2-letter country code “.de” = Deutschland = Germany) The link for “Verify your Information Here” points to a hacked website called airlesspainter[.]com.  In addition, if you read the email, you’ll find several examples of incorrect grammar that should make everyone suspicious!




Daily Scam Home Page

 

YOUR MONEY
Device Stops Barking Dogs, GPS Tracker Spy Technology and Affordable Assisted Living

Criminals will often use legitimate products to grab your attention and trick you into clicking malicious links, such as this Bye Bye Barks clickbait.  The greatest risk comes from the fact that there is nothing about this email that suggests it is malicious at all UNTIL you dig into the domain name or links contained in the email.  It turns out that the domain, byebye[.]buzz, was registered by someone in India on the day this email was sent, February 10.  Day-old domains are ALWAYS malicious! We used the Zulu URL Risk Analyzer to confirm our suspicions!


 




Here is another malicious clickbait disguised as a real product that is actually kind of creepy…. A tiny GPS tracking device. (Want to find out where your teenage son/daughter goes, or where your spouse goes?)  Our readers will immediately notice similarities to the email above. This email was sent from the domain batterywalk[.]buzz.  It won’t surprise readers to learn that this domain was also registered by someone in India on the day the email hit our inbox, February 19.
 







It isn’t always so easy to detect online fraud and malicious intent, as we’ve demonstrated in the previous two emails.  Take this email that appears to offer information about how to pay for assisted living for the elderly. The bottom of the email twice states that this email is associated with CaringForAParent.com.  However, the email came from the address contact “@” floristshopseller[.]com and the links point to a domain called reconstructional[.]me.  When we asked our security tools to evaluate this odd link, none of them were able to identify it as malicious.  And two of them showed us that visitors who click that “reconstructional” link will actually be forwarded to the caringforaparent.com website.  Could we be wrong about the malicious intent of this email?  Absolutely NOT! No online security tool is 100% perfect. Often it is important to follow your gut and pay attention to things that don’t make sense such as why would this email come from the domain floristshopseller[.]com or contain links pointing to reconstructional[.]me?  Google identifies both of these domains but knows absolutely nothing about them!  Our advice? It’s a landmine that you should step away from!





Daily Scam Home Page

 
 

TOP STORY
Malicious Mimics

“Batesian Mimicry” is a brilliant form of evolution in the animal kingdom in which a harmless species of animal evolves in such a way as to closely resemble a poisonous species.  Predators can’t tell them apart and avoid both the harmful and harmless species. A perfect example is the very venomous coral snake and its harmless mimic, the king snake.  Another example is the monarch butterfly, poisonous to predators if eaten because of the milkweed plant it feeds off of. However, the viceroy butterfly, which has evolved similar markings to the monarch, is harmless...and is also avoided by predators.

The reason for this lesson in Biology is because we have seen many different kinds of malicious emails in the last couple of weeks that share a similar characteristic.  They can best be described as the OPPOSITE of Batesian mimics. These emails, noticeable by their simplicity and few words, look absolutely harmless. And yet, each is 100% malicious as a result of its intent or malicious link.  Let’s start with a bit of simple social engineering from “Dominic” using the subject line “for you” and a “laughing til you cry” emoji. “Is this the one that you meant” followed by an oddball link to fxntsxe[.]pro.  Once again, 2-letter country codes are important to notice.  This email came from a server in Latvia. The link, of course, is malicious and leads to a malware infection.

 


 

This next malicious mimic has a brief story behind it.  It appeared to be sent by a relative named Lindsay to her uncle.  Except that her uncle, a long-time reader of our newsletter, recognized that the email address after her name was not her real email!  And that email came from a server in Brazil. “When you get a few minutes check it out. Hopefully you will appreciate it!” says someone pretending to be Lindsay. 

The link, once again, is malicious.



This next malicious mimic was actually part of a recent spear-phishing campaign targeting the head of a small independent school in New England.  This email, presumably from “Paul” was sent to a former employee and said “I need a favour from you.” But the scammer who sent it thought the recipient was a current employee.  (Also, notice the European style of spelling “favour.” The sender was not likely born/raised in the U.S.) The former employee ignored the email after recognizing that it didn’t come from his former boss’ school email address.  It came from the generic gmail address “exdirector1005.”




A little more than two weeks later, that same former school employee received another email pretending to be from the same school Head.  However, this time the email came from the Gmail address “schoolhead512.” (How original. **said with sarcasm**) We reached out to the Head of the school about these emails.  Of course, he didn’t send them and has notified his community to be aware of the attempted fraud. In this fraud, the criminal will ask the victim to make a purchase or wire money in the name of the school.



 

We’ll leave you with one more malicious mimic that was sent to Doug from a name he recognized, “Howard.”  Only it wasn’t Howard’s email address, making the link very suspicious. The link pointed to a domain, rsllope[.]info, that had been registered on the same day this innocent email was sent saying “Something you should see!”  Zulu URL Risk Analyzer had no problem identifying the threat waiting at the end of that link.

Beware of these malicious mimic opposites!








 


Daily Scam Home Page

 


FOR YOUR SAFETY
Your iPhone is Severely Damaged

One of our friends was looking up something through Safari when this page suddenly popped up.  It is total malarky and meant to scare you into clicking a seriously malicious link! Her iPhone didn’t have 39 viruses and it is not possible to tell what “percentage of damage” has taken place.  Don’t believe this BS.

Deeeleeeete!



Until next week, surf safely!

Forward to Friends

About Us
Contact Support
Manage Subscription
Unsubscribe


SUBSCRIBE


Produced by:
Deutsch Creative
 
Copyright © 2020 The Daily Scam, All rights reserved.


Want to change how you receive these emails?
You can update your preferences or unsubscribe from this list

Email Marketing Powered by Mailchimp