Select Page
Weekly Alert  |  April 20, 2022

You Can’t Trust What You Most NeedWhat do you most need on every computer, phone or home network that connects to the Internet? Security! Especially anti-virus and anti-malware protection. And yet, our email inboxes are bombarded by hundreds of threats disguised as these very resources we most need! Cybercriminals have disguised their phishing emails and malicious clickbait for many years as discount offers from security services as their middle-finger gesture. However, lately, these threats have sky-rocketed! They are the single most common type of threat reported to us by our readers.  Below are several examples, starting with a recent conversation between our scam-baiting friend Rob and an Indian scammer pretending to represent GeekSquad. 

Rob’s assistance began when one of our readers sent us this lovely phishing email disguised as a GeekSquad invoice. It claimed that his Geek Squad Secure Service was about to auto-renew at a cost of $440.80! Unlike most scams, this email was perfectly spoofed to look like it came from GeekSquad.com. HOWEVER, we noticed that the unsubscribe link pointed to a crap domain called helpsupport[.]agency AND the phone number (860-751-1159) was NOT the real number for GeekSquad. This crap domain was registered just 4 days earlier and is hosted on a server in Rajasthan, a city in Northern India.

We forwarded the smelly phish to Rob and invited him to make the call.  The goal was to find out exactly what the scammer’s game was. And it took Rob only 3 minutes to discover it and then accuse the man of being a scammer! Listen to the phone call and you’ll here a trick universally used by these Indian cybercriminal gangs.  They try to trick callers into visiting a link that will download and install software that allows them to take over your computer!

Once the scammer revealed the link that he wanted Rob to enter into an installation command window, we had what we needed!  The scammer wanted Rob to enter www[.]tinyurl[.]com/ geeksquadservice.  Look at what Urlex.org revealed to us when we unshortened that link! It was meant to download and install executable software called AnyDesk[.]exe. This software would have given these criminals COMPLETE ACCESS and CONTROL over Rob’s computer!

When criminals have complete control of your computer, YOU LOSE! It’s “game over!” They can do tremendous damage to you as they look for ways to monetize their access into your digital lives!  Check out the additional scam emails below disguised as offers/discounts for software from security services like McAfee and Norton.  They are flooding people’s inboxes! Some contain phone numbers, similar to the scam that Rob responded to, and some contain malicious links leading to malware.

Ironically, it is these very real products which can help to protect us all! Every device and home network should have them installed! Here are links to some of our favorite resources:

   TrendMicro.com products for the Home

   TrendMicro.com products for Business

   BitDefender

   Sophos

And to help protect your entire home network, we recommend Netgear Nighthawk Routers

(P.S. – We didn’t get paid to mention these products! They are good!)

Online Fraud & Threats Have Increased Significantly! The title says it all.  Online fraud and threats are exploding across the Internet and especially here in the United States. And readers are sending us more examples of these threats than ever before.  One of our readers works at a chemical company and she’s been getting clickbait emails containing attached “html” and “htm” files.  These files are EXTREMELY dangerous to click on because they contain instructions for your web browser!  Clicking on a file that was sent by cybercriminals and ending in DOT-html, DOT-htm, or DOT-php is an open invitation for a  cybercriminal to control your web browser!  For example, your web browser could be directed to a malicious website where it suddenly downloads ransomware, locking you out of the computer until you pay a ransom (Ransomware). Or the malware installed might monitor every keystroke you make, and send that information back to the scammers! (Keylogger) Worse, that malware could spread across your network and infect lots of computers!  Can you imagine the damage and pain this could cause?!

It also feels like the types of scams that we are seeing are increasing in variety. Check out this recent TrendMicro article on Scamadviser.com about Zell scams targeting customers of Bank of America and Wells Fargo banks. Another example are malicious clickbait emails disguised as Shell Gas gift cards and discounts, such as this one sent from a server in Australia to American citizens.

Adding to the assault on netizens around the globe is the fact that the software used by scammers is growing in sophistication. Would you believe that some criminals are now using software that allows them to mimic a person’s voice and use the phony voice to target family members in phone scams? Check out this NewsWest9 article about these voice-cloning scams. 

Thanks to our friend Rob, we’ll leave you with this one bit of good news. Recently, Walmart was able to stop $4 million dollars in gift card scams that had targeted the eldery!  Way to go, Walmart!

Some of you may enjoy the, sometimes vulgar, humor of John Oliver.  If his vulgarity doesn’t bother you, check out one his most recent shows about data brokers and internet privacy. He makes it CRYSTAL CLEAR that “online privacy” is an oxymoron!

Amazon & PayPal Phish Dominate Inboxes! Lately, we’re seeing multiple instances of LinkedIn services being misused by cybercriminals.  Here’s a recent example in an email that wants you to believe your Amazon account has been put on hold.  This email was sent to 50 people with an ATT.net email address. The link to “Check Now” points to LinkedIn’s own link shortening service… linkd[.]in.  The second Amazon phish below came from another personal Gmail account.  It’s a shipping confirmation about a nearly $1200 order that includes a large credit as well.  The dollars don’t properly add up! But it doesn’t matter because the email says your order was sent to some bogus address that doesn’t exist in Wilmington, Delaware (According to Google and Zillow.) But wait!  You can call the scammers to cancel!

The same scammers are also sending phishing scams to AT&T email users but disguised as PayPal emails. This email came from jpay[.]com instead of paypal.com. That’s especially ironic when you consider that JPay[.]com offers services for people who are incarcerated! The “Login to Paypal” link in this email also points to the link shortening service at LinkedIn.com! These similarities to the Amazon scams support the idea that the perpetrators of these scams are organized cybercriminal gangs who push out LOTS of fraud using similar methods.

We do not recommend investigating these examples of phishing fraud yourself because sometimes these phishing sites can also host malware. Take this recent Paypal phish that was almost identical to the one above! (We show just the bottom of the email) However, the link to “Log In to PayPal” pointed to a different website that also hosted malware!

Easter Egg Clickbait, IRS Economic Impact, and Insanely Cool Gadgets! Last weekend many people celebrated Easter. And so it should come as no surprise that malicious clickbait hit people’s inboxes disguised as another “crack the egg” email to open a hidden reward.  Variations of this clickbait come out EVERY YEAR around Easter for the last decade! This one was disguised as a $90 Walmart reward and it was extremely dangerous to click!

Early in the first year of COVID lockdown many governments, including the US Government, offered economic relief stimulus packages to citizens.  This also created another opportunity for criminals to create new malicious clickbait.  And it is still in use! Check out this “third round of economic impact payments” allegedly being offered by the US Government.  But of course, this email didn’t come from any U.S. Government agency! The email came from a server located in Ireland (2-letter country code “ie”) The link points to a nasty phishing site on a server in Guyana, South America! Deeeeeleeeeete!

Many websites write about “insanely cool gadgets” and emails like the one below often land into people’s inboxes.  Many are considered spam. This one is far worse.  It is malicious clickbait.  The links point to the crap domain compliitj[.]cam. This malicious website will also forward you to a highly suspicious website we’ve seen used many times in the last few years in clickbait.  It is called littleitaliano[.]com and we DON’T recommend visiting this suspicious site!  We know the source of this email all too well! It was created by the Hyphen-Poopy gang!  At the end of the link, see the 2 oddball hyphenated words “recomputed-scorings.” If you ever see 2 random hyphenated words in a link, run!

Your Package Will Be Sent Back & Work From Home Scam Collecting Personal Info – Your parcel has arrived at the post office but it’s going to be sent back! Oh no! What to do? Definitely DO NOT click on that link to “Check This Now.”  The link points to a domain associated with malware and phishing scams called info-akira[.]com! Ouch!

Speaking of phishing for personal information, one of our readers sent us this invitation he received to apply for a “work from home” job. The email came from job4u[.]com with a link to a Google form to collect personal information. Google shut it down and they simply created another one! They wanted lots of information including your name, address, phone, email, last 4 digits of your social security numbers, bank account information, copy of a government ID such as a license, and more.  Before you provide this kind of information to an employer you should be 100% certain about WHO it is and meet them in person!  Don’t provide this information just because someone asks for it in an email! It is too risky and you’ll be susceptible to identity theft!

My Cup Runneth Over… – So many malicious texts and so little space! Here are just a few.  The critical things to notice are…

  1. None of them came from a short code. Short codes require that companies register and purchase the use of a short code from the phone companies and it is harder to hide malicious intentions and stay anonymous! And so these malicious texts all come from random phone numbers.

  2. They all contain a link to malware or a phishing site and use social engineering tricks to try to get the recipient to click.  The most revealing feature about the domain used in every link is that it was registered in the last few days and did not exist before that date!  That’s NEVER a good sign!

Until next week, surf safely!

Copyright © 2021 The Daily Scam and Scamadviser. All rights reserved. You are receiving this email because you
have subscribed to it via Scamadviser.com or thedailyscam.com

Keurenplein 41, UNIT A6311  |  1069CD Amsterdam, The Netherlands

Contact Webmaster