PHISH NETS

YOUR MONEY

One of our readers sent us this malicious clickbait disguised as a customer experience survey reward from Capital One Bank.  What made him most suspicious was the fact that the email appears to have come from wsj.com –the domain for the Wall Street Journal!  We dug into the code for this scam to find that the links will send you to a website called convertkitcdnn[.]com.  This domain was registered in mid-July, 2019 and not by Capital One!

Deeeleeeete!

Cybercriminals often use hyperbole to entice people to click links leading to their malware.  We’ve seen lots of bogus subject lines recently such as….

  Do THIS When A Gun Is Pointed At Your Head

  Genius Doctor Reveals Alzheimer’s & Dementia Reversing Solution

  Guy gets almost killed for revealing how to generate electricity from Earth’s Magnetic Core

  Special “Oil” DROPS 1-2lbs of FAT a day

  Super simple method lowers the cost of solar panels by 85%

  The “Battery Restoration Trick” your mechanic doesn’t want you to know about

  Weird seed sheds pounds

  Why You Should Put Garlic in Your Ear Before Going to Sleep

One email in particular grabbed our attention because the subject line was so absurd…. “Ancient Scottish invention Powers Home Completely For Free.”

This clickbait is really meant to appeal to those who think the utility companies charge too much.  We especially liked the line “As soon as you use this for yourself, you will have the sudden urge to all your electric company and SCREAM at them for robbing you blind for all these years…”  This clickbait points to a malicious domain, diethealth[.]best, which was registered on the very same day that this email hit our inbox.  We all know that this is NEVER a good sign. Just delete, pay your energy bill, and accept the fact that “ancient scots” didn’t have any device to produce cheap heat energy to power their home heating systems.

Cybercriminals use hundreds of different methods to snare people into their traps and many of these methods are particularly offensive because of the vulnerable population of people they target.  We’ve seen them use content to target parents concerned about the safety of their children, diabetics who are looking for a new treatment or cure for their condition, lonely adults looking for companionship, and people with a deep faith in God who want to make a positive difference in the world, to name just a few.

One of the “staples” that cybercriminals use to target their next victims is information related to health.  Recently we saw a spate of these malicious emails. Let’s start with this clickbait disguised as “Health News” that came from the domain signosys[.]info and is about a condition called hypothyroidism, a disease that produces too little of a hormone that is important in regulating your body’s energy production and use.  The subject line reads “If you want to overcome Hypothyroidism – Don’t Do This!” The author of this “newsletter” — Mary Swanson — claims to have a natural cure based on scientific research.  Anyone dealing with this difficult disease, or with a loved one who is dealing with it, might be tempted to click the links that point back to signosys[.]info.  Were they to do that, they would be hit with a malware script before being forwarded on to the very real website called hypothyroidismrevolution[.]com.   Look at the screenshots below to see the redirect after hitting signosys[.]info.  This malicious website has no web pages to be found and was registered by someone in India in early September.

Similar to this type of clickbait is the recent email below with the subject line “Your Prostate Is The Size Of A Lemon” and was sent from the domain exeganie[.]info.  The email claims that “research has recently discovered an incredibly effective way to shrink your prostate.”  If you are an older person who frequently feels that need to run to the bathroom, this email might interest you.  And that would be a mistake. The domain exeganie[.]info was also registered in India, just hours before this email was sent.  That shouldn’t be a surprise to anyone.

In addition to supposed health information, we also often see remarkable stories that seem incredible, or absurd, such as this one… “Uncle Discovers By Accident How to Cure Girl’s Deadly Disease…”  Of course, it is total BS but it is likely to trick some people to click through to the domain michenix[.]info where malware awaits before forwarding you to airpurifiersystem[.]online.  At least this time, the Zulu URL Risk Analyzer was able to identify that michenix[.]info is malicious!  Guess where michenix[.]info was registered?  Yes, India and on the day this email was received, November 14, 2019.

To you, our readers, the point is obvious.  However, do you have any friends or relatives who are battling health issues and may be more susceptible to this form of trickery?  Show them this newsletter and help them understand that there are low-life cybercriminals who target them BECAUSE they have health issues.  It’s hard to think how anyone can stoop much lower than this in an effort to make money.