Many Different Ways to Go Phishing
Every fisherman knows that there are hundreds of different kinds of lures available for fishing. Some lures are specifically designed to catch certain types of fish based on the size of the fish and what most attracts them to bait. Same is true for phishing tactics used by cybercriminals. In addition to the usual Apple, Amazon and banking login lures we post in our phishing column every month, we’ve seen a spike in other types of phishing techniques and wanted to share them with our readers….
A valuable resource for cybercriminals that can easily be monetized is your detailed personal information. What better way to gather it than be asking consumers to apply for a Mastercard! Imagine the personal questions you’ll be asked! And, let’s face it (**sigh**) many people will reuse passwords and account names for other accounts they already have with email, banks and credit card services. BUT YOU SHOULD NEVER DO THIS!
This email asks recipients to apply for a “First PREMIER Bank Mastercard” and says it comes from a “marketing partner” identified by the domain name maggye[.]com. Maggye[.]com?? Google can actually find only 1 link for that website and nothing more. What strikes us as odd is that the link information shows that the website was copyrighted in 2017 and yet a WHOIS look up says that this domain was first registered in February, 2019.
Fortunately, the Zulu URL Risk Analyzer revealed that clicking the links for the maggye[.]com website will redirect visitors to another website called vaninvite[.]com. Fortinet has identified vaninvite[.]com as a phishing site!
STEP AWAY FROM THE LEDGE!
In case you wonder what that PHISHING website on vaninvite[.]com looks like when compared to the real Premier Bank website we took these screenshots on March 31, 2020:
REAL Premier Bank Site:
FAKE Premier Bank Site:
Apparently, TheDailyScam.com has a problem with our “online reputation.” Or so says this email from “trojlita384asooe” from Gmail who calls himself “Fix Business Reputation.” It was sent to us along with a link to an oddball domain called str8-creative[.]io. We think our reputation is fine, thank you very much, and asked VirusTotal.com about the reputation of this “str8 creative” website. It turns out that it isn’t very good! (Shocking, right?!) The site has been blacklisted as a phishing site by Fortinet security service.
FOOTNOTE: The website at str8-creative[.]io is identified as “STR8 Creative” and offers services like “Ripoff Report Removal Services for $150 to $500. They list their phone number as “001 (516) 926-1772.” When we search for that phone number in Google we found several websites since 2016 like eFraudsters.com and 800Notes.com listing dozens of posts from people calling this service (and it’s many other websites they have registered) as scams.
How can we focus attention on alternative ways to phish people’s personal information and NOT bring up a fake consumer survey? Here’s a recent one that pretends to be from Walmart. The email came from a generic Gmail account and the links point to a tracking link for appspot[.]com. Clicking that link will result in a redirect to a website using the domain name grenadaq[.]com.
The appspot link has already been identified as a phishing link on VirusTotal.com. The top page of the survey on grenadaq[.]com (This domain was registered anonymously in mid-February) is funny because it presumably contains quotes from real people who have taken this Walmart survey. We’ve seen those same quotes before from other fake surveys!
BOTTOM LINE: Do your due diligence before sharing personal information online with any Tom, Dick, or Harry who invites you! The website should be a well-known and trusted commercial service that can easily be confirmed by a phone call and Google searches. Even then, there are questions you should never answer for a commercial service such as these… For example, what is your social security number? What is the PIN number of your credit card, and what is your mother’s maiden name?
Daily Scam Home Page