A Father's Day Gift Quiz
Happy POST-Father’s Day to all the Dads out there! This special day was celebrated in the United States, the UK and 89 other countries on the third Sunday in June. However, Father’s Day is celebrated in more than 150 countries around the world on various dates, according to this Wikipedia article. We noticed an interesting uptick in malicious clickbait emails of a certain type in the two weeks before Father’s Day. These were emails that stereotypically might appeal to the “do it yourselfer.” The person who likes to tinker and use tools. While we know several women who are extremely skilled with hand tools and like to build, we think that the “do it yourself” builder is a stereotype for Dads. Scammers are very nuanced and so have created clickbait pretending to be these kinds of gifts for Dads.
Therefore, in honor of Father’s Day and malicious clickbait, we’ve created a quiz for all our readers to test their skills. Below you’ll find screenshots of two recent emails meant for the “do it yourselfer.” In the bottom left corner of each email you can also see the link to which you would have been sent if you clicked the email. Your job is to look at each of these emails carefully and create a list of “red flags” -- warning signs that something about each email is suspicious. How many red flags can you list? We encourage our readers to use the online tools we routinely employ to help us evaluate and assess malicious intent. Here are a few of them. HOWEVER, NO TOOL IS PERFECT! Sometimes the reports from online site scanners will say a site is safe or legitimate, and it is not! Also, simple common sense can go a looooong way to see through online fraud and deceit:
WHOIS to help determine website ownership and registration information
ScamAdviser.com to check for website trustworthiness
Zulu URL Risk Analyzer
VirusTotal.com to analyze possible threats waiting on a website
Sucuri Sitecheck scanner
The World’s Best Measuring Tape:
12,000 Shed Plans! Build Your Own Shed.
HOW MANY RED FLAGS DID YOU SPOT? Here is our assessment…
1. The World’s Best Measuring Tape:
a) This malicious clickbait was created by the infamous Hyphen-Poopy gang whom we think is located in India. In the link found in this email you’ll see the two hyphenated words “exalted-environs.”
b) This email came from, and has links pointing to, a very oddball website named “krig24-01[.]shop.” A WHOIS tool will tell you that this domain was registered on the very same day that this email was sent. (see screenshot below) This is a SURE SIGN of malicious intent!
c) The WHOIS tools also told us that this “shop” domain was registered anonymously in Iceland and is hosted on a server in Amsterdam. Yes, these facts make this shopping website very suspicious!
d) Finally, Sucuri.net informed us that the web page at krig24-01[.]shop was an empty page AND that it was blacklisted by the security service McAfee!
e) Sucuri also showed us that visitors will be forwarded to a very real website where you can buy tools such as this tape measure. This behavior is HIGHLY suspicious and often means that the oddball website will hit you with malware and then forward you to a legitimate website so you aren’t suspicious that you just got targeted.
2. 12,000 Shed Plans! Build Your Own Shed.
a) Once again, the domain name used to send this clickbait AND found in the clickable links, is extremely odd. It is called catermic[.]digital. A WHOIS lookup tells us that it was registered anonymously in India on March 12. These facts are HIGHLY suspicious!
b) You’ll also notice a physical address listed at the bottom of this email for those who may want to “unsubscribe” without clicking a link. (NEVER click UNSUBSCRIBE in suspicious emails!) A search for this address in Google tells us that it leads to a Registering Agent called Harvard Business Services, Inc. This business has NOTHING to do with email subscriptions or marketing for businesses.
c) Just like the first email, Sucuri.net also showed us that visitors will be forwarded to another real website where you can find plans for sheds. Again, this behavior is HIGHLY suspicious and often means that the oddball website will hit you with malware before forwarding you to a legitimate website.
d) Finally, the Zulu URL Risk Analyzer was able to identify the links in this email as 90% chance of being malicious. We’ll add the additional 10% and call it 100% certainty!
Daily Scam Home Page