Copy
THE DAILY SCAM NEWSLETTER - NOVEMBER 20, 2019
Executive Editor : Doug Fodeman | Designed by Deutsch Creative


THE WEEK IN REVIEW

Truth be told, we’re old enough to know exactly what the phrase means “to sound like a broken record.”  Due to a scratch, the record repeats a section over and over.  We must sound like a broken record sometimes too. It’s not our fault!  Here’s yet another reminder how easy it is to deceive people online. In this case we are referring to social media and product reviews.  SocialFasters-DOT-com is a business in New York that sells fake “likes,” “followers,” YouTube views, etc. Just another reminder why you can’t always believe what you see online.
 


 

These are a few articles related to the rise of purchasing fake followers, friends and likes….

Trey Ratcliff Exposes How He Bought Fake Instagram Followers/Likes (USA Today)

Follower Bots Exposed: How to Spot Fake Influencers (PRN News)

Buying and Selling Followers and Likes Ruled Illegal in Precedent-Setting Case (SocialMediaToday.com)

We also want to remind readers never to accept as fact any “customer service” phone number that you find anywhere online EXCEPT from the company’s website you wish to call!  Here are two recent examples of fake phone numbers for Amazon that were posted by a cybercriminal gang on Quora and Twitter. They turned up in a Google search for an Amazon customer service number….





 

PHISH NETS

We are just learning about a multifaceted phishing scampaign targeting Facebook users in the last week.  Take a look at these two ads that appeared in Facebook scrolls and see what stands out to you as suspicious….




 

Did you notice that both “free giveaways” show a very suspicious domain name in grey before the headline?  The JetBlue headline is preceded by “OFFERSNOVEMBER[.]WIN” while the Bud Light headline has  “WINTERGRAB[.]WIN”  Both headlines contain the same basic text… “has announced that everyone who shares this link will be sent…”  If you search for that exact phrase (in quotes), Google will return lots of links identifying many such give-aways as phishing scams designed to collect your personal information through social media!

Since changing its policy about advertising content last year, Facebook now includes more details about the company/organization/person who posts an ad.  Just click the “i” in the lower right (BUT DON”T CLICK THE LINK ITSELF!) When we clicked the “i” for information about the JetBlue ad, we saw this…



 

This was a new post, and the link actually led to another domain called GRABNOVA[.]WIN

Here’s what we do know about these “winning” domains… They were all registered in the last few days, a VERY short time before the ad appeared on Facebook. (See WHOIS data below).  On November 12, Reddit member named SlicingBlade posted information about the Bud Light scam and said that the creators of this scam were using it to collect personal information about social media users for the purpose of sleazy marketing.  Hoax-Slayer.net has posted an article that provides details about what happens when you click through this fraud.  Our brief investigation shows that the people who created this ad campaign are using the following company names in these “free giveaway” ads in addition to JetBlue and Bud Light: (If you know of other companies used in this scam, let us know!)

Carlton Draught (Australian beermaker)

Costco

Dunkin’ Donuts

Marlboro Cigarettes

Morrison’s Supermarket Chain

Tesco Supermarket (a UK company)






 

 


YOUR MONEY

One of our readers sent us this malicious clickbait disguised as a customer experience survey reward from Capital One Bank.  What made him most suspicious was the fact that the email appears to have come from wsj.com –the domain for the Wall Street Journal!  We dug into the code for this scam to find that the links will send you to a website called convertkitcdnn[.]com.  This domain was registered in mid-July, 2019 and not by Capital One!

Deeeleeeete!

 




Cybercriminals often use hyperbole to entice people to click links leading to their malware.  We’ve seen lots of bogus subject lines recently such as….

  Do THIS When A Gun Is Pointed At Your Head

  Genius Doctor Reveals Alzheimer’s & Dementia Reversing Solution

  Guy gets almost killed for revealing how to generate electricity from Earth’s Magnetic Core

  Special “Oil” DROPS 1-2lbs of FAT a day

  Super simple method lowers the cost of solar panels by 85%

  The “Battery Restoration Trick” your mechanic doesn’t want you to know about

  Weird seed sheds pounds

  Why You Should Put Garlic in Your Ear Before Going to Sleep

One email in particular grabbed our attention because the subject line was so absurd…. “Ancient Scottish invention Powers Home Completely For Free.”

 


 

This clickbait is really meant to appeal to those who think the utility companies charge too much.  We especially liked the line “As soon as you use this for yourself, you will have the sudden urge to all your electric company and SCREAM at them for robbing you blind for all these years…”  This clickbait points to a malicious domain, diethealth[.]best, which was registered on the very same day that this email hit our inbox.  We all know that this is NEVER a good sign. Just delete, pay your energy bill, and accept the fact that “ancient scots” didn’t have any device to produce cheap heat energy to power their home heating systems.

 

TOP STORY

Cybercriminals use hundreds of different methods to snare people into their traps and many of these methods are particularly offensive because of the vulnerable population of people they target.  We’ve seen them use content to target parents concerned about the safety of their children, diabetics who are looking for a new treatment or cure for their condition, lonely adults looking for companionship, and people with a deep faith in God who want to make a positive difference in the world, to name just a few.

One of the “staples” that cybercriminals use to target their next victims is information related to health.  Recently we saw a spate of these malicious emails. Let’s start with this clickbait disguised as “Health News” that came from the domain signosys[.]info and is about a condition called hypothyroidism, a disease that produces too little of a hormone that is important in regulating your body’s energy production and use.  The subject line reads “If you want to overcome Hypothyroidism – Don’t Do This!” The author of this “newsletter” — Mary Swanson — claims to have a natural cure based on scientific research.  Anyone dealing with this difficult disease, or with a loved one who is dealing with it, might be tempted to click the links that point back to signosys[.]info.  Were they to do that, they would be hit with a malware script before being forwarded on to the very real website called hypothyroidismrevolution[.]com.   Look at the screenshots below to see the redirect after hitting signosys[.]info.  This malicious website has no web pages to be found and was registered by someone in India in early September.

 





 



 

Similar to this type of clickbait is the recent email below with the subject line “Your Prostate Is The Size Of A Lemon” and was sent from the domain exeganie[.]info.  The email claims that “research has recently discovered an incredibly effective way to shrink your prostate.”  If you are an older person who frequently feels that need to run to the bathroom, this email might interest you.  And that would be a mistake. The domain exeganie[.]info was also registered in India, just hours before this email was sent.  That shouldn’t be a surprise to anyone.



 

In addition to supposed health information, we also often see remarkable stories that seem incredible, or absurd, such as this one… “Uncle Discovers By Accident How to Cure Girl’s Deadly Disease…”  Of course, it is total BS but it is likely to trick some people to click through to the domain michenix[.]info where malware awaits before forwarding you to airpurifiersystem[.]online.  At least this time, the Zulu URL Risk Analyzer was able to identify that michenix[.]info is malicious!  Guess where michenix[.]info was registered?  Yes, India and on the day this email was received, November 14, 2019.

To you, our readers, the point is obvious.  However, do you have any friends or relatives who are battling health issues and may be more susceptible to this form of trickery?  Show them this newsletter and help them understand that there are low-life cybercriminals who target them BECAUSE they have health issues.  It’s hard to think how anyone can stoop much lower than this in an effort to make money.
 




Forward to Friends

About Us
Contact Support
Manage Subscription
Unsubscribe


SUBSCRIBE


Produced by:
Deutsch Creative
 
Copyright © 2019 The Daily Scam, All rights reserved.


Want to change how you receive these emails?
You can update your preferences or unsubscribe from this list

Email Marketing Powered by Mailchimp