Weekly Alert  |  August 24, 2022

You Can Prevent Friends & Relatives From Being Victimized! Here’s how… We suspect that most of our readers have become pretty savvy at identifying scam emails, texts, phone calls and perhaps even bogus websites. But what about your family members, friends or neighbors? Especially the elderly and the young? According to this NYTimes article posted in June 2021, young people fall for scams more often than old people. However, the numbers of seniors who are victimized is still very high, and the financial losses they suffer are much greater than young people. But wait! There’s something very simple that YOU can do to help them reduce their chances of being victimized! We’ve detailed several critical practices in this week’s Top Story that everyone should follow. Forward this email to your loved ones, friends, neighbors, and others to help them reduce their risks.  We’ve also included a legitimate email and explain why it is legitimate! 

Last week, one of our team members was enjoying a 25 mile bike ride along a beautiful bike trail, though it was a hot day. (Temperatures were in the mid-80’s F, about 29 degrees C) However, this team member noticed an older man, in his late 70’s or older, biking without a helmet and carrying just a can of Diet Coke. The value of having enough water and a helmet is significant! Perhaps the elderly gentleman wasn’t thinking about the risks inherent in this activity? Similarly, using the Internet, smartphones and related technologies have inherent risks and taking steps to protect yourself are “de rigueur” and expected! Let’s review the most critical practices  to help keep you safe in today’s highly technological world…

  1. Smartphones Tips:
    Though Android phone owners are much more susceptible to malware risks than iPhone owners, iPhone owners still have risks, as was evident in last week’s Apple vulnerability announcement. Also, social engineering tricks target ALL smartphone users daily! But there are several simple things you can do to reduce your risks.
  • Never click a link that you receive via a text from a stranger, an unknown phone number or an unverified service. Check out this recent example sent to us by a reader. It claims that your DCU bank account has been suspended. But the link provided clearly doesn’t point to DCU.org, which is the legitimate website for Digital Credit Union. (Check out our Textplosion section below for another example of a malicious text!)

     

  • Never click on any links sent to you via social media or seen in Ads while using your smartphone. The reason is simple. It is extremely difficult to verify or judge the authenticity of these links while using a smartphone. Scammers know this, and also know that people are more likely to trust messages they get from people they know. So scammers hack accounts and send out malicious links or scams to the friends of a hacked account! VERIFY, VERIFY, VERIFY! Contact a friend via email, text or voice call to ask if they actually sent the message or posted the link BEFORE clicking it! A famously malicious collection of these types of scams were known as the “is it you in the video?” (Read our Top Story from March 22, titled Your Facebook & IM Accounts Were Hacked! Now What?)
  • Never click on links sent to you via email UNLESS you are 100% certain of the sender AND what is being said. If something feels odd about the contents of an email, or you are not sure of the source, or simply can’t SEE the domain of the source to verify it, DO NOT CLICK! Instead, open that email on a computer where you can see a lot more details about it and the links within it. In an email, it is easier to “mouse-over” a link to see where it points BEFORE you click it. (See below.)

  • If you ever receive any type of verification code, DO NOT, UNDER ANY CIRCUMSTANCES, tell anyone what that code is! (Especially if you didn’t request the code!) There are LOTS of scams in which cybercriminals pretend to be YOU, trying to get into your accounts. Many of these accounts will send a verification code to YOU in a text or email. The scammers then contact you, pretending to be from the service that sent the code, for example, and ask you for that code. If you give it to them, they will have full access to your account!

2. Email Tips:
Did you know that email is one of most frequently used weapons to target businesses, schools, hospitals and other organizations? It is easier for hackers to trick someone to install malware on their computer or network than it is to hack into a computer or network!  And there are many different types of malware that serve many purposes on behalf of criminals, including ransomware, spyware, keyloggers, adware and more.

    • “FROM” Address: One of the most critical skills is to understand the Domain Naming System (DNS) and carefully look at the FROM domain within an email. Check out this “package delivery notification” below that appears to have come from the United States Postal Service (USPS). Anyone can write anything at all into the text field that appears IN FRONT OF an email address. It’s important to find the <> brackets which contains the REAL email address from which the email was sent. But sometimes these brackets don’t even show up, such as in this email below. Instead, look for the “@” symbol that appears in the latter half of the email address. Don’t be fooled if you see an @ symbol near the beginning of an email address! The source domain of the email will appear AFTER the last @ symbol.  In this bogus email below, the domain that appears after the last @ symbol is otaniss[.]online and NOT usps.com!

    • Mouse-over to reveal link destination: Unless your web browser is set up poorly, you should be able to move your mouse over any link, WITHOUT CLICKING IT, and your browser will show you the destination of that link in the lower left corner of the browser window. For example, this email is supposed to be from the U.S. Postal service but a mouse-over clearly shows that the link doesn’t point to usps.com.  The link points to an online service called dream[.]io that is being heavily misused by cybercriminals during the last few weeks! Fortunately, Virustotal.com clearly shows that this link is a threat. (See screenshot.) Keep in mind that the success rate of threat-detections services like VirtusTotal is never perfect. But when they tell you something is a threat, believe it!

3. DOMAIN NAMES: It’s important to understand a little bit about the “domain naming system” so that you can identify online fraud more easily! (DNS is the system used to name websites) Here are several examples, beginning with an advance-fee scam called a “419 Scam” (based on the Nigerian Penal Code: 419, source: Wikipedia) This email clearly shows the <> brackets containing the actual email address that this email came from. After the @ symbol, you can see that the email came from Yahoo.com. However, at the very end of this fully qualified domain name (FQDN) are 2 letters, separated from DOT-com by another period.  These 2 letters represent a country-code and, if they are present at all, they will be found ONLY at the very end of a FQDN. If you look up the 2-letter country code “.ph” using Google, you’ll discover that this Yahoo email server is in the Philippines! Also, “Captain Greg Greg” asks you to contact a Diplomat Agent, named Oliver Brown, through his email at “diplomats[.]com.” But, did you know that diplomats[.]com is a free email service on which ANYONE can open an account! (In another similar scam email, the recipient is asked to contact someone at the Nigerian Office of Debt Management. The recipient was given the email address of cbn[.]gov[.]ng @ financier[.]com. Remember, anyone can create an email address with ANYTHING in front of the @ symbol and it doesn’t make it true! Pay attention to the domain that follows the @ symbol. Financier[.]com is another free email service! “Cbn[.]gov[.]ng” is complete fiction!)

Now let’s take a look at an email that is 100% legitimate and understand WHY it is legitimate!  One of our readers sent us this email from American Express because he thought it was fraudulent. It asked him to update his income to “better service your future account needs.” (We don’t believe it is necessary to tell credit card companies your income, but we’re overly cautious. Big surprise, right?)  Notice that the domain following the @ symbol found within the <> brackets of the FROM address is americanexpress.com. However, some very skilled cybercriminal gangs are able to spoof a FROM email address to look like a legitimate business. That’s also why it is important to note that this email contains both the recipients full name AND the correct last 6 digits of his AmEx account! This data is critical and confirms the legitimacy of the email.

Finally, the link associated with “Update Now” also points to AmericanExpress.com. Some of our more savvy readers may notice that there is another domain embedded in that link, toward the end. It is m.amex. This could be a malicious redirect, except for the fact that a WHOIS lookup of the domain, m.amex, shows that it was registered over 4 years ago to the American Express company! 

Get into the habit of always checking the FROM address, mousing-over links and looking for verifiable information, such as name and account numbers!  You’ll be glad you did! And if you are contacted by strangers, unknown numbers, oddball messages, “advertisements,” surveys or other “free offers,” BE VERY SUSPICIOUS! Verify, verify, verify!

Wells Fargo, Yahoo, Xfinity, and AOL Readers have sent us so many yucky phish! We don’t have enough space to post them all but here are several. Notice that three out of these four try to trick recipients into handing over their email passwords! We’ve often said that your email account represents the digital keys to your kingdom. (This was the Top Story of our February 23 newsletter.) Like so many smelly phish, this bogus email from “Wells Fargo” actually came from a personal Gmail account.  Mousing over the link to login clearly shows that this fraud doesn’t point to wellsfargo.com! The link points to a well-known phishing website called sucharusaccos[.]com.

Deeeleeete!

  1. One of our readers sent us this “Yahoo Mail” that came from a personal Yahoo account named “carolyndfreeman.” This email states that “we are closing all old versions of our Yahoo Mailbox.” Nonsense! We dug into the code used to create this email and discovered that clicking “VERIFY HERE” will direct you to the free service at Square[.]site. Once again, cybercriminals are misusing this service. Check out their phishing page below…

Square[.]site and Dream[.]io are not the only services to be misused by cybercriminals! Check out this bogus email pretending to be about your XFINITY account. It came from a South Korean service called “Naver[.]com. The link to “view your messages” points to a free website service called Weebly at weebly[.]com! (Notice too, the oddball emails that appeared in the “TO” section of this smelly carp.) Just like Square Site, the phishing page on Weebly TELLS YOU that this is a Weebly website! (Which is also, coincidentally, powered by Square!)

Finally, we bring you an AOL phishy email, telling you that your account is about to be shut down. Seriously? As easy as it is to see through this fraud, some AOL users will be immediately manipulated by that opening line that says “you submitted a request to terminate your AOL mail account…”  ALWAYS check the FROM source and mouse-over links to VERIFY, VERIFY, and VERIFY!

Amazon Fraud Department and Lucky Walmart Customer! Another reader sent us the tail end of a bogus voice message, claiming to be from the “Amazon Fraud Department.” Listen to the AI as it invites you to press 1 to speak to them about a suspicious charge to your account. Amazon NEVER makes calls like this! Don’t believe this junk!

    Congratulations! You are the lucky customer who has been awarded some nonstick cookware from Walmart! But hold on! Before you click that link, look at the domain the email came from! It is unbecoming, for sure! (The domain is unbecoming12[.]store) Also, the links in this malicious clickbait don’t point to walmart.com. They point to the misused services at dream[.]io again! Unbecoming12[.]store was registered just 2 days before this clickbait landed in one of our honeypot accounts. That is a SURE SIGN of malicious intent! Once again, Virustotal has our back, showing that the dream[.]io link is malicious. (See screenshots below.)

      The Dangers of Link-Shortening Services! – The very first service created to shorten long internet links was called TinyURL in 2002. There are now hundreds of Link Shortening services (also called “URL shortening”) around the globe and many of them are frequently misused by cybercriminals to hide the final destination of your click! Therefore it is helpful to recognize a “shortened link.”  The latest service to be heavily misused by criminals is called Bit.do.  Check out these recent scam emails that offer bit.do links. Remember, the bit.do link is NOT your final destination! You’ll be forwarded somewhere else on the Internet and that can be VERY DANGEROUS. Let’s start with this crazy stupid email that came to The Daily Scam from unknown @ unknown[.]com.  You can see how we used URLEX.org to unshorten that shortened link to learn where in the webaverse we would be sent.

      All of us at Scamadviser and The Daily Scam are frequently targeted by cybercriminals. (We guess this means our efforts are annoying to cybercriminals!) Check out this “approved termination request” we got from a server in the United Kingdom! Clicking either link to select our “request” is SUPAH DANGEROUS! The bit.do link will forward us to a website in Vietnam that hosts malware AND a phishing page. Yikes! Lunge for the delete key!

      3 Bedroom Apartment Available – One of our readers received this bogus text from 443-442-9807, a phone number she didn’t recognize. Where on earth can you get a 3 bedroom apartment for $462/month? Two things worth noticing about this malicious clickbait text….

      1. The criminals wrote “now” using a zero instead of a capital O, to try to hide from anti-spam services (we think). This is a SURE SIGN of fraud!

         

      2. Notice the crazy text formatting used in the letters of the link, making it difficult to read the domain name!  This trick is often used by the same cybercriminal gang, and another sure sign of malicious intent!  The domain is whatyouwant4[.]info and it was registered very recently in Iceland, using Namecheap on August 11, another sure sign of malicious intent!

      Until next week, surf safely!

      Copyright © 2021 The Daily Scam and Scamadviser. All rights reserved. You are receiving this email because you
      have subscribed to it via Scamadviser.com or thedailyscam.com

      Keurenplein 41, UNIT A6311  |  1069CD Amsterdam, The Netherlands

      Contact Webmaster

      Now let’s take a look at an email that is 100% legitimate and understand WHY it is legitimate!  One of our readers sent us this email from American Express because he thought it was fraudulent. It asked him to update his income to “better service your future account needs.” (We don’t believe it is necessary to tell credit card companies your income, but we’re overly cautious. Big surprise, right?)  Notice that the domain following the @ symbol found within the <> brackets of the FROM address is americanexpress.com. However, some very skilled cybercriminal gangs are able to spoof a FROM email address to look like a legitimate business. That’s also why it is important to note that this email contains both the recipients full name AND the correct last 6 digits of his AmEx account! This data is critical and confirms the legitimacy of the email.

      Finally, the link associated with “Update Now” also points to AmericanExpress.com. Some of our more savvy readers may notice that there is another domain embedded in that link, toward the end. It is m.amex. This could be a malicious redirect, except for the fact that a WHOIS lookup of the domain, m.amex, shows that it was registered over 4 years ago to the American Express company! 

      Get into the habit of always checking the FROM address, mousing-over links and looking for verifiable information, such as name and account numbers!  You’ll be glad you did! And if you are contacted by strangers, unknown numbers, oddball messages, “advertisements,” surveys or other “free offers,” BE VERY SUSPICIOUS! Verify, verify, verify!

        Crypto Scams: Victoria VR and Fake Nickelodeon NFTsAs more and more people get into cryptocurrency and NFT investment, the crypto scams keep on coming. Here’s what we’ve found recently. Use our FREE, all-in-one tool to combat scams with ease!

        Celebrating 10 Years & Scams Come in Many Forms! We are thrilled to announce that this month marks the tenth year that Scamadviser and The Daily Scam have been tirelessly serving the public good! This week also marks one year since we joined our teams to produce a comprehensive weekly newsletter to more than 166,000 subscribers! We’re very proud of the fact that we have helped millions of people recognize, avoid, or recover from online and smartphone fraud. We are also extremely grateful to our readers for contributing the content that we use to help keep you informed, educated and secure!

        In addition, as Jorij Abraham, the Executive Director of Scamadviser since 2018, explained the other day… The most rewarding part of this work is bringing together people and organizations to jointly fight scammers, like in our Global Anti-Scam Summit this November! This gives me the feeling that, while it may be a long time before we get scams under control, we are slowly turning the tide.”

        You can learn more about Scamadviser’s beginnings, and some background information about their outstanding services in this article on their website.  As for Doug and David at The Daily Scam, our beginnings were born out of very personal circumstances when family members were repeatedly targeted by scammers, some successfully. And yet, we couldn’t find any quality websites that were centered on educating the public HOW to see through online fraud. And so we created TDS! We know that we have literally saved lives by helping some young men who were considering suicide after being targeted by the brutal “underage girl sext scam.” (Read Plenty of Fish Has Plenty of Sharks) We have also provided LOTS of data to the FBI, contributing to the arrests and convictions of a group of criminals.

        Did you know that Doug at The Daily Scam also offers online and in-person workshops to businesses, organizations and schools to educate them how to better protect themselves and their organizations? Our website has many articles to help you build your anti-scam skills! The Daily Scam also contains links to every newsletter written in the last few years, showing you the Top Stories! As our team of anti-scam experts begins another year working together, we want our readers to recognize that online and smartphone fraud is more of a threat than ever before. And the types of fraud targeting consumers is staggering. You may be surprised by some of the ways that the public is targeted.  Check out these recently published articles by the Federal Trade Commission website (ftc.gov) and other news websites:

        Are You Back to School Shopping? Find Ways to Avoid Fraud and Save Money  (By Andrew Rayo; 8/15/22 at FTC.gov)

        FTC Takes Action to Stop Online Home Buying Firm Opendoor Labs, Inc. from Cheating Potential Sellers with Misleading Claims about its Home-Buying Service (8/1/22; FTC.gov)

        Is that Health Insurance a Health Product, or a scam? (By Cristina Miranda; 8/1/22 at FTC.gov)

        Get a Text about your flight? It Might Be a Scam. (By Sergio Flores and Nicholas Kjeldgaard; 8/10/22; NBC Channel 7 News in San Diego.) 

        Government Grant Scam Looks Like a Text from a Friend – and victims are losing thousands (By Susan Tompor; 8/10/22; Detroit Free Press)