Weekly Alert  |  February 23, 2022

The Keys to Your Digital Kingdom are… — As the number of our digital accounts continue to explode, there is still “one ring to rule them all.”  Think about this for a moment… How many digital accounts do you have?  We took a tiny informal survey of three family members, asking them to count the number of digital accounts to which they had a login ID and password. The numbers were staggering! And this did not include any accounts having to do with their work. Accounts included financial accounts, medical accounts, consumer product accounts, email, social media, pet related accounts, entertainment accounts, social security and other government-related accounts, home Internet devices (e.g. home router), security services, and so much more! Even after their count, our family members were confident that they didn’t recall all of the accounts they had opened. And yet, their numbers were 42, 52 and 53 accounts!  (How many accounts do you have?) And there is just ONE account that rules them all!  It is, quite literally, the keys to your entire digital kingdom! If this one account is hacked or compromised, it can lead to the takeover of every other account you own. Can you guess what this important account is?

It is your email account! Nearly every other account you set up will ask you to enter an email address. Nearly every account you own will allow you to reset a forgotten password THROUGH your email account. It’s your email account that sits atop your digital kingdom.  This is one of the reasons why cybercriminals are so keen to  acquire the keys to this account!  Take this recent, and very funny email, that Doug received at TheDailyScam.com.  It appears that “ADMIN” from TheDailyScam.com was contacting him to confirm his recent request to shut down his email account.  WHAAAT?! 

But thankfully, Doug can cancel this “Email shutdown in progress” by clicking the link to “Cancel Email Address Shutdown.”   Except that the link doesn’t point back to TheDailyScam or its host provider.  It points to the web developer Netlify.  Three days after receiving that email the Netlify link destination says “This site has been suspended.” Doug dodged a bullet! 

Since that lame trick didn’t work to get Doug to reveal the keys to his kingdom, cybercriminals sent this lovely, but politically odd email to another one of our email accounts.  Apparently, our password was going to expire within 12 hours, we were told, and we needed to click the link to “Keep Current Password.”  But this email, sent to redflags@thedailyscam.com, contained two nasty red flags in itself!  The email was sent from the domain KeepCongressRepublican[.]com and the link points to a forwarding service at Bit.do.  A few days after getting this email we tried to visit the link but Bit.do said “this address was removed because it violated our terms and conditions.”  Boohoo! Cheated out of another good time!

    Finally, and just a few days ago, Doug received this wonderfully thoughtful “Security Notice” informing us that our email has been tampered with! Oh no! But we were invited to “take out your time and ensure you are the one performing this action.”  We couldn’t help but notice that this email came from a server in Japan.  We’re pretty certain that none of TheDailyScam email services are located in Japan. Looking more closely at the link connected to “RECOVERY SETTINGS” we see that it contains a redirect to a website called sigmarket[.]tv, rather than TheDailyScam.com.  Hmmmmmm… Further investigation by VirusTotal.com showed us that 11 security services think the link is malicious! Oh Dear!

      It appears that the keys to our digital kingdom are in high demand! In fact, on average, we receive 3-4 phishing emails every week that try to capture our digital keys.  There are several important things that you can do to secure your most important digital account.  Please take these precautions. Trust us, you’ll be glad you did!

      • If your email service allows you to turn on 2-factor authentication, DO IT!  This is the MOST IMPORTANT security resource you can use! For example, if you have a Gmail account, log into it and visit: https://myaccount.google.com/  Then click on the menu item “Security.”
      • Make sure your email password is UNIQUE and VERY STRONG! That means it should be no less than 12 characters and not crackable using password-cracking software. Visit our article on how to make strong passwords that are easy to remember but hard to guess!
      • Make sure that NONE of your other accounts use the same password as your email, manage them using a strong “base” password to which you add 2-3 letters that relate to the account itself.  For example, this-is-my-base-password.  For American Express you might use AMEthis-is-my-base-password. For Instagram you might use this-is-my-base-passwordINST. And for Bank of America you might use this-is-my-BOA-base-password.
      • NEVER, EVER log into your email account using any free wifi service in a hotel, coffee shop or other public space UNLESS you are absolutely 100% certain that this wifi network is a real network and is secure. (Sometimes criminals will sit in a public space and open a “network” that sounds like the place you are visiting.)
      • NEVER, EVER log into your email account (or any other personal account) from any free computer available at a hotel NO MATTER how high-end and fancy that hotel is!
      • If you keep a written list of your many passwords at home, we STRONGLY suggest that you include “false herrings” in your listed passwords to throw off anyone who might see/find them and try to take them without your permission.  To do this, simply add 2 characters to the beginning, end or one at each end of your password and then REMEMBER that each password has the same 2 characters to remove before YOU use it!  E.g. If your Visa card password is iH@T3p@$$w0rd$!, you might right down iH@T3p@$$w0rd$!22 and know that the last 2 digits should NEVER be used!

        Wading into Political Waters to Protect YOU We understand that people have very strong reactions for, or against, the former 45th President of the United States, Donald Trump. The information we have to share is not meant to stir this volatile pot. It is meant to inform our readers that cybercriminals often use content in malicious emails that people feel very strongly against or in support of because they are sure that a certain subset of people will likely click that link!  Don’t be one of those people, without taking a CAREFUL look at the source of the email and destination of the click!

        Take this email that appears to come from PoliticalOffers[.]com but did not!  You are offered a FREE “Trump coin.”  But before you click, look at the domain this clickbait came from… btryshia[.]cam (Not even “.com” –it is “.cam”) A WHOIS shows us that this trash domain was registered one day earlier and it is hosted on a server in Russia!  How do you feel about that free coin offer now? Yeah, that’s what we thought.

        A Huge School of Phish! Last week readers sent us lots of rotten phish! Below is a sampling. (Also, be sure to look at the VERY DANGEROUS phish we tossed into the “For Your Safety” column below because of the VERY unique type of link in it!)  We’ll begin with this unusual one claiming to be from Netflix Store, but sent from another personal Gmail account.  The formatting was a bit messed up, but it didn’t stop these scammers from telling you that you “auto renewed” your Netflix account for $199.99!  What??? Not you??? Call back the scammers at 850-812-5070 and SCREAM at them, before hanging up.  Then feel better that you did.

        This bogus email, pretending to be from Amazon, informs the recipient that her Amazon account is locked! It also goes on to describe something that the REAL Amazon will NEVER say to you!  The link to Log-in points to a dangerous “.xyz” global top level domain!

        Yikes! Deeeeeleeeeeete!

        This next phish, disguised as an invoice for an automatic renewal of “Norton Secure for PC,” was extremely clever! It was actually sent from the business and financial accounting software called Quickbooks. People can use this to send invoices to their clients and so this email comes from Intuit, the owner of Quickbooks.  There was also an attached pdf invoice to match the email, which is standard for Quickbooks invoices.  Don’t believe this smelly carp!  The email does NOT identify the recipient by name (or address).  But it does provide a SCAMMER’S phone number to call if you want to complain that this charge is not legitimate.  DO NOT CALL 678-856-3308!  You’ll risk being manipulated by these scammers resulting in financial loss and a LOT OF PAIN!

        Bank of America Gift Card and Costco Exclusive Reward –Congratulations! You’ve been selected…blah, blah, blah.  Yeah, we know how this goes. But look carefully at the source of the email and you’ll see that it doesn’t come from “Bank-of-America.”  It came from the crap domain clubcrdmember440[.]com! (A WHOIS lookup tells us that this domain was NEVER registered and doesn’t exist!)  This bogus promo misuses a marketing listserv and will then forward you to a malicious domain. Step away from this ledge.

        Have you ever visited the Netherlands?  Here’s your opportunity, but we guarantee it will be painful!  This “Costco Reward” came from Jimmy’s nonsensical domain, not costco.com!  The link points to a server in the Netherlands where malware awaits.

        Ouch!

        A VERY DANGEROUS PHISH, and Hurry Up Imprtant for You – One of our readers sent us a phishing email that surprised us!  We’ve never seen anything like it before. It was so dangerous that we needed to reach out personally to the sender and explain why.  On the surface, this phish pretends to be an email from Chase Bank support, informing the recipient that her bank account was placed on hold. We expected to find another phishing domain when we moused over “View Online.” But instead, the link pointed to the service called iplogger.com.  IPLogger.com is used to determine the EXACT location of the person who clicks an email link! Why would someone want this information about a person.  This didn’t feel safe for several reasons and we told the woman as such.  The email came from an odd domain that is up for sale and must have been hacked.  If you ever see a link pointing to iplogger.com do NOT click it.

        Another one of our readers got this very “important,” and very dangerous email.  Not only did the link point to malware but the email contained a tracking cookie meant to inform the sender that the email had been opened, as well as the date and time it had been opened.  We think the sender likely dropped out of school at about sixth grade!  It contains so many mistakes and errors in such a short congratulatory email.  Also, a news flash.  Anytime you receive an email that says “Imprtant for you” or “HURRY UP!!” you can be certain the opposite is true.  The malicious domain used in the links is a website called “xikolam[.]club.” It was registered in Iceland using Namecheap about 3 months ago! ‘Nuf said.

        Package Will Not Be Delivered, Cash Loan & Money Waiting for You! – One of our readers is a VERY SAVVY U.S. Serviceman.  When he sent this to us, he told us that he almost fell for this malicious clickbait because he had been expecting a delivery from the Post Office that hadn’t yet arrived. Also, the malicious domain in this link contains the letters usps.com BUT is actually siusps[.]com.  This ALMOST accurate domain name was registered in Malaysia the day before the Serviceman received this text.

        Everyone in favor of applying for a loan through a random, anonymous text that lands on your phone unsolicited, raise your hand!  Gee, looking out amongst our many subscribers, we don’t see any hands up.  “Zoe” sent this lovely offer to Doug at TDS just a few days ago.  But….

        1. Doug doesn’t need a loan, hasn’t asked anyone for a loan, and isn’t the least bit interested in a loan.
        2. Doug doesn’t know how “Zoe” got his personal number but you can be sure HE DIDN’T PROVIDE IT!
        3. The domain in that link, AppFastCash[.]com, was registered in Iceland 9 days ago. He’s not feeling the love.
        4. Google, unsurprisingly, knows NOTHING about this loan service!
        5. A screenshot of the top page at AppFastCash[.]com shows that Doug will be asked for some very personal information to start this “loan” process.  No thanks, he’s good.

        Until next week, surf safely!

        Copyright © 2021 The Daily Scam and Scamadviser. All rights reserved. You are receiving this email because you
        have subscribed to it via Scamadviser.com or thedailyscam.com

        Keurenplein 41, UNIT A6311  |  1069CD Amsterdam, The Netherlands

        Contact Webmaster