Copy
THE DAILY SCAM NEWSLETTER - APRIL 8, 2020
Content Director: Doug Fodeman | Creative Director: David Deutsch


THE WEEK IN REVIEW

We’re sorry to report that most cybercriminals around the world are healthy and back at work, trying to make up for lost time and income in February and early March.  The VOLUME of scam emails, phish, and malicious texts has practically tripled compared to weeks earlier. In addition, the number of scam emails pretending to be about health-related products and protective gear to protect against the COVID-19 Coronavirus has increased markedly.  Would you believe that more than 35,000 pandemic/Coronavirus-themed domain names were registered in March and the overwhelming majority of them are believed to be used for fraud and malicious clickbait?  To learn more about scams disguised as Coronavirus clickbait, visit our web page devoted to this fraud!  Check out this article on ZDNet.com reporting on New York’s effort to get Registrars to do a better job of policing these malicious domain registrations.  Also, you’ll find a list of resources about Coronavirus scams (and other articles related to the pandemic) on the top page of our website: TheDailyScam.com.

The only good news we have to report in this pandemic-centered worldview is that the number of fake Amazon Prime and Apple Customer Support phone number scams, as well as the number of “underage girl sext scams” reported to us have all but disappeared.  In the last 2 weeks we’ve only heard from two people targeted by these scams.

On another topic, we think it is shameful that a tech giant like Google can’t identify as malicious when someone uses the Gmail service to set up an email address called officefedexcom20 “@” gmail.com.  Shame on them!

Stay healthy and safe!


Daily Scam Home Page

PHISH NETS
AppleID, Amazon Account, and Netflix

Just a hunch, but we’re skeptical that Apple Computer will ever send you an email about a problem with your account that begins with “HI THERE.”  Can we state the obvious…. Anytime an email tells you that your account has been locked/closed and you think the email is legitimate, the first thing you should do is TRY to log into that account!  And if that doesn’t work, then call the company! But this phish is so easy to spot that an amateur should see that the email came from 58493045[.]biz, not apple.com!  Also, the grammatical errors in the paragraph are worth reading for a good laugh!  Fortunately, LOTS of security services know that the link in this phish point to a malicious website! (See screenshot below.)  






For the record...Anytime an email, asking you to take immediate action, comes with no text but only an attachment, you can be 100% certain it is malicious!  Just like this email that came from the domain kumlasalam[.]com.  Don’t be fooled by seeing “bill-account @ info.amazon.com” after “FROM.”  That address was dumped into the “name” field in front of the real email address that appears between the brackets <>!



We opened that Amazon Report pdf file and took a screenshot.  You’ll see that this phish also contains grammatical and punctuation errors that should make people suspicious.  Most importantly, the link for Update Now looks like it points to a t.umblr[.]com web page but actually contains a redirect to a malicious website we’ve reported on in the past at parg[.]co (and hosted in Columbia!)







We suspect this next email, disguised as an “Alert Reminder” for Netflix, was very likely a phishing scam.  It was sent to us by a TDS reader but the link associated with the graphic was unavailable. Still, it was sent from the domain name filmnusa01[.]com, not Netflix.com.  That domain was registered on the same day the email was sent.  We all know that is NEVER a good sign!

Hit delete.

Daily Scam Home Page

 

YOUR MONEY
Become Debt Free and Drone Performance

Any idiot can throw a “Top Consumer Review 5-star rating” graphic on their website but that doesn’t make it true.  This email says it comes from “US National Debt Relief Service” but the domain was mashearly[.]com. (As in... I watch MASH early on old TV channels?)  This email says it represents “NationalDebtRelief[.]com” but clearly doesn’t.  However, DO NOT VISIT the NationalDebtRelief[.]com website either! (See below) The links in this malicious clickbait point to the often misused Outlook.com address but contains a redirect hidden in the link to another domain named tacticalfind[.]com. Not only has tacticalfind[.]com been identified as a phishing site, but Sucuri.net security service discovered malware waiting for you on this website AND ALSO on the NationalDebtRelief[.]com website that you’ll be redirected to once more! 

A BIG FAT DELETE!!







Drones are becoming increasingly popular as prices have fallen and many companies produce an increasing variety of them, able to do all kinds of tricks and carry things such as cameras and baskets.  So it isn’t surprising that cybercriminals use drone popularity as clickbait! DroneX Pro is a real product but this email simply takes that content and repurposes it for malicious intentions. It came from the not-so-clever domain “dronee[.]london.”  All links point back to this same not-so-clever domain.  Our favorite WHOIS tool informed us that this domain name was registered on the day this email was sent and is being hosted on a server in Amsterdam, Holland.  That says everything we need to know...

MALICIOUS! Deeeleeeete!





Daily Scam Home Page

 
 

TOP STORY
Many Different Ways to Go Phishing

Every fisherman knows that there are hundreds of different kinds of lures available for fishing.  Some lures are specifically designed to catch certain types of fish based on the size of the fish and what most attracts them to bait.  Same is true for phishing tactics used by cybercriminals. In addition to the usual Apple, Amazon and banking login lures we post in our phishing column every month, we’ve seen a spike in other types of phishing techniques and wanted to share them with our readers….

A valuable resource for cybercriminals that can easily be monetized is your detailed personal information.  What better way to gather it than be asking consumers to apply for a Mastercard! Imagine the personal questions you’ll be asked! And, let’s face it (**sigh**) many people will reuse passwords and account names for other accounts they already have with email, banks and credit card services.  BUT YOU SHOULD NEVER DO THIS!

This email asks recipients to apply for a “First PREMIER Bank Mastercard” and says it comes from a “marketing partner” identified by the domain name maggye[.]com.  Maggye[.]com??  Google can actually find only 1 link for that website and nothing more.  What strikes us as odd is that the link information shows that the website was copyrighted in 2017 and yet a WHOIS look up says that this domain was first registered in February, 2019.

 




 

Fortunately, the Zulu URL Risk Analyzer revealed that clicking the links for the maggye[.]com website will redirect visitors to another website called vaninvite[.]com.  Fortinet has identified vaninvite[.]com as a phishing site!

STEP AWAY FROM THE LEDGE!


 

In case you wonder what that PHISHING website on vaninvite[.]com looks like when compared to the real Premier Bank website we took these screenshots on March 31, 2020:

REAL Premier Bank Site:




FAKE Premier Bank Site:




Apparently, TheDailyScam.com has a problem with our “online reputation.”  Or so says this email from “trojlita384asooe” from Gmail who calls himself “Fix Business Reputation.”  It was sent to us along with a link to an oddball domain called str8-creative[.]io.  We think our reputation is fine, thank you very much, and asked VirusTotal.com about the reputation of this “str8 creative” website.  It turns out that it isn’t very good! (Shocking, right?!) The site has been blacklisted as a phishing site by Fortinet security service. 




 

FOOTNOTE: The website at  str8-creative[.]io is identified as “STR8 Creative” and offers services like “Ripoff Report Removal Services for $150 to $500.  They list their phone number as “001 (516) 926-1772.” When we search for that phone number in Google we found several websites since 2016 like eFraudsters.com and 800Notes.com listing dozens of posts from people calling this service (and it’s many other websites they have registered) as scams.

How can we focus attention on alternative ways to phish people’s personal information and NOT bring up a fake consumer survey?  Here’s a recent one that pretends to be from Walmart. The email came from a generic Gmail account and the links point to a tracking link for appspot[.]com.  Clicking that link will result in a redirect to a website using the domain name grenadaq[.]com.




 

The appspot link has already been identified as a phishing link on VirusTotal.com.  The top page of the survey on grenadaq[.]com (This domain was registered anonymously in mid-February) is funny because it presumably contains quotes from real people who have taken this Walmart survey. We’ve seen those same quotes before from other fake surveys!

BOTTOM LINE: Do your due diligence before sharing personal information online with any Tom, Dick, or Harry who invites you!  The website should be a well-known and trusted commercial service that can easily be confirmed by a phone call and Google searches.  Even then, there are questions you should never answer for a commercial service such as these… For example, what is your social security number?  What is the PIN number of your credit card, and what is your mother’s maiden name?



 

Daily Scam Home Page

 


FOR YOUR SAFETY
Buy Earrings Online and Your Credit Score Has Been Updated!

A few days ago, one of our readers sent us a link to an online store that happens to be physically located in China, according to their website.  She asked us if it was safe to visit the website and make a purchase. Our answer was CRYSTAL CLEAR….

A. Malware sitting on the website waiting for visitors like a bear-trap...



B.  The “Trust Score” for this “consumer retailer” is listed as a “1 out of 100” on ScamDoc.com.  Need we say more?

Random texts to your phone are as dangerous as they are into your email inbox!  Like this text received on April 2 and telling us that our “CreditScore has been updated.” It provided a random link to the domain If3ydz[.]com which was registered on the very same day. 

You know how this story goes! Delete.




Until next week, surf safely!

Forward to Friends

About Us
Contact Support
Manage Subscription
Unsubscribe


SUBSCRIBE


Produced by:
Deutsch Creative
 
Copyright © 2020 The Daily Scam, All rights reserved.


Want to change how you receive these emails?
You can update your preferences or unsubscribe from this list

Email Marketing Powered by Mailchimp