Copy
THE DAILY SCAM NEWSLETTER - NOVEMBER 6, 2019
Executive Editor : Doug Fodeman | Designed by Deutsch Creative


THE WEEK IN REVIEW

We ALWAYS instruct our readers to get into the habit of mousing-over links WITHOUT clicking them to better understand whether or not an email, website, or even a text, are legitimate.  For example, if an email says it is from AmericanExpress.com and asking you to log into your account, the link had better point back to the real and correctly spelled American Express website, not something like amercnexprss.com.

But sometimes legitimate online tools and services are misused in malicious ways to target people, making it much harder to see the wolves lurking in the woods.  This has been the case lately with Google’s API domain. Google APIs are a “set of application programming services developed by Google to allow communication with Google Services and their integration to other services.” (Source: Wikipedia.)  Check out these two emails that both point to storage[.]googleapis[.]com (where “storage” is a subdomain of the Google owned domain “googleapis[.]com):
 





 

The first email appears to be from CarInsurance.net and the second email appears to be associated with Free Score 360 and announces that your credit score has changed.  The links in both emails point to storage[.]googleapis[.]com.  Many security services have reported that this subdomain of Google has been found to install malware scripts that are desiged to further download and install gobs of malware onto people’s computers!  Malwarefixes.com says “Storage[.]googleapis[.]com is a type of website that can implement a drive-by-download scheme in order to infect visitor’s computer. With this type of threat, users are normally not aware that the site is downloading and installing a small script which can lead to a bigger issue when not taken care of as soon as it affects the system. Malicious site like Storage[.]googleapis[.]com is known for distributing various kinds of adware, malware, and potentially unwanted programs.”

Here are two articles about removing these threats if you have made the mistake of clicking one of these links:

https://www.pcrisk.com/removal-guides/14315-googleapis-com-virus

https://www.2-spyware.com/remove-commondatastorage-googleapis-virus.html
 

PHISH NETS

Fortunately for the TDS reader who received it, this email was easy to spot as fraudulent.  Though “account-alert @ amazon.com” follows the FROM part of the address field, it is only text.  The real email address follows it inside the <> symbols. Also, the subject line was so bastardized as to be funny… “We have detect is a problem with your account, update your payment amazon is available on Thursday, 24 2019.”  This email contained an attached Word document which we’ve shown below the screenshot of the email. The link in the Word doc many look like Amazon.com but it clearly is not!

Deeeeeleeeeete!



 

 


YOUR MONEY

This next email will take you on a series of visits that will not end well! This “Congratulations Costco Customer” didn’t come from costco.com, it came from wristmore[.]net. You are invited to take another 30 second survey and then select “Exclusive Rewards worth over $50…”  As we have seen before, the link for “Continue HERE” seems to point to a very safe-looking link called “safelinks[.]protection[.]outlook[.]com.”  But this link actually contains a redirect within it. This link will redirect you to a website called “bulletcube[.]com.” And BulletCube will redirect you again to a website called “fixadherence[.]com” where malware sits like a bear trap waiting for you to step on it.

Ouch!





 

TOP STORY

I have a social media account but use it very little, and only with family and friends.  So when a complete stranger named “Abbie Damours” recently “liked” a post I had shared publicly back in February, 2017 I found it very odd and suspicious… Red flag #1.



 

Her “like” for my 2017 post felt very suspicious, but I couldn’t resist exploring!  So I began by clicking the link to Ms. Damours’ social media page only to discover that the lovely Ms. Damours has no friends or posts in her social media account.  Red flag #2.

When I clicked to open her “About” page it was completely empty.  Red flag #3. Clearly, this “like” was meant to draw us to slaughter, not to make a new friend or invite us into a conversation.



Further investigation informed me that Abbie Damours had recently updated her profile picture.  When I checked out that update I found a link that appeared to be to her “private photos” on a tumblr account.  Private photos? Hmmmmmm…..that would suggest photos of a “different” nature. Most of us are likely thinking porn, and that is clearly what Ms. Damours meant to suggest, especially when you look at her name and see that it contains “amour.” (“my love” in French!)  However, being the suspicious fellow I am, I took that to link to mean a malware trap disguised as personal private photos….



 

Screenshots of Ms. Damours Tumblr page confirmed the “ruse” that “she” had posted nude photos (and video) for me to visit.  But my suspicions about the real intention of this “like” were rock solid. They were confirmed when I was unable to mouse-over the links on Ms. Damours Tumblr page to reveal where they pointed!  The web page was coded in such a way as to completely disable a mouse-over. There is only one reason why someone would code a page this way… he didn’t want us to see where the link will send us. However, it didn’t take me long to find another way to show that the links on this Tumblr page pointed to a website called sveta[.]sexnow[.]site



 

Again, don’t assume that this is nothing more than an invitation to view adult content.  It isn’t! Using our usual assortment of online tools, I was able to easily show that malware was waiting for me, along with at least one more redirect to another questionable porn website.  The lesson here should be obvious all, online deception is a chronic problem and cybercriminals have a very large playbook of tricks to try to fool us into installing the tools of their trade.


Forward to Friends

About Us
Contact Support
Manage Subscription
Unsubscribe


SUBSCRIBE


Produced by:
Deutsch Creative
 
Copyright © 2019 The Daily Scam, All rights reserved.


Want to change how you receive these emails?
You can update your preferences or unsubscribe from this list

Email Marketing Powered by Mailchimp