Lions, Tigers, and Bears, Oh My! — We had a hard time choosing between the above quote from Judy Garland in “The Wizard of Oz, or using the quote “Danger, Will Robinson, Danger!” from the robot of the 1960 Television Series called Lost in Space. In this old series, recreated in a 2018 movie, the Robot always warned young Will Robinson about an impending threat! Either way, we’re on our feet screaming at our readers…. Danger, danger! Each of these recent emails below are extremely dangerous to open and click on anything! We can’t help wonder if any of our readers might have fallen for these malicious clickbait! We hope not! Let’s take a look and carefully lift the hood on these malicious vehicles…
We recently heard from a newsletter reader who received an email containing only a name and a link showing Google and included her email address in the link, suggesting that she use Google to search for her email. (Or that a stranger had done that.) The random sender is hoping she was curious enough to click that link, which seems like it points to Google. In fact, in every one of these bogus emails, the “Google link” always points to a link-shortening service instead! This email was sent from a server in a small Island called Reunion, in the Indian Ocean. Mousing over that “Google” link CLEARLY shows that it points to a link-shortening service called bit[.]ly! Using Urlex.org to unshorten that link, we learned that you will be forwarded to a malicious domain registered less than 2 weeks earlier and hosted in Germany. Malware awaits your visit!
When you think of the iconic Spielberg movie called “Jaws” (released in 1975), we hope you have memories of that tense sound effect that implied danger was coming! This is what’s played in our heads after we opened this email. The sender displayed some skill by spoofing the correct domain for HSBC Bank, a bank that serves many states across the US. HOWEVER, Supervisor “Loren Wortham” attached a hand grenade to this email that immediately triggered the Jaws theme in our brains as we moved our mouse close to it! The attached “Payment Receipt” is a document ending in DOT-html. Attached documents ending in html, htm and php are EXTREMELY DANGEROUS because they contain instructions that control your web browser! For example, the attached file’s instructions may say “go to this malicious website, download and install this malware.” NOT GOOD! Lunge for the delete key!
Here’s another such email, with an attached htm file called “invoice request.” We found it interesting that the sender claims to represent a business in Thailand, but “Somkhid” sent the email from a server in Japan.
In the movie “The Hunt for Red October,” actor Sean Connery says “Most things down here don’t react well to bullets.” Neither do we and we bet you would agree! The most important step to stopping a digital bullet is NOT to pull the trigger on yourself! To avoid this self-inflicted harm, it’s important to mouse-over email links BEFORE clicking and see where they point. Cybercriminals love to use link-shortening services, for which there are many – more than 200! This bogus email was sent from a server in Russia (Notice “.ru”) and the link points to the shortening service at Bit[.]do.
Again, we used Urlex.org to unshort that shortened link and discovered that we would be forwarded to a website called infovina[.]com, which is both a phishing website and malware trap! Yikes! Jump ship!
And finally, we wanted to leave you with a very recent experience of ours. David and Doug at TheDailyScam are targeted daily by scams from cybercriminals. (It must be our name, right?) This confirms for us that we piss them off and our work to educate our Readers works to expose their fraud and threats! Someone from a cybercriminal gang looked up the Registrar for our domain, TheDailyScam.com. They then crafted a hand grenade disguised as if it came from our Registrar and asked us to renew our domain because it was about to expire. But the email came from worldpod[.]com and the link to “renew now” pointed to a website called ExtraHandsNursingService[.]com! We were so intrigued by the name of that helpful, healing website that we did a little investigation of it and discovered that it has been hacked and misused for some time now! One of many malicious clickbait misuses of this “helpful” website, concerned JetBlue Customer Support! VirusTotal.com informed us that at least six security services found this healing website to be malicious and hosting malware! Hmmmm….not so helpful after all. To avoid the dangers in cyberspace, please look before you click!
A message to the low-lifes who target us: Keep them coming! We love turning your lame attempts to target us into teachable moments. If, however, you decide you want to stop being an a-hole who lives off of other people by causing them pain, we forgive you. Go get a real job like everyone else.
Critical Security Alert from Google? – Have you received a critical security alert email from Google and you’re not sure if it’s a scam? Protect yourself using this FREE, all-in-one tool! Click below to read more security tips:
You Are Invited to Hear an Expert From the FBI Speak! – Donna Gregory, Unit Chief of the FBI Internet Crime Complaint Center (IC3), will speak on the 9th and 10th of November at the Global Anti Scam Summit. In her keynote speech she will discuss the FBI’s Internet Crime Complaint Center (IC3)’s Past, Present & Future. (The FBI will also host a workshop for law enforcement officers and policy makers about Sharing Best Practices in Law Enforcement Scam Fighting.) Joining this event is free and it is open to the public. To Register click on the link below:
Sometimes, so much value is associated with the number of “likes” and “followers” connected to social media accounts and posts that we forget they may not always be legitimate. Did you know that it is EASY to buy fake Likes, Followers and Web Traffic? Check out an excellent article by Fake Website Buster Extraordinaire, James Greening, to learn more about this on his website FakeWebsiteBuster.com.
Last week our Top Story was about two sextortion victims. Coincidentally, the day before we published that story a Reddit user named AfoHD posted this random sextortion threat text targeting him on Sept 13. It is completely unfounded and a fake threat. It’s laughable to read that the extortionist is skilled enough to send the supposed-nude photo to “everyone in Cities til it go virals” but can’t provide an image in the text as proof that he has it!
And then, just two days later, Doug at The Daily Scam ALSO received one of these lovely threats. (Technically, Doug and Dave have together received at least 60 of these in the last 4 years, and that is NOT an exaggeration!) Our response to this threat is simple… Where’s the proof? Show us the video! Show us the photo! The sender can’t, of course, because no such photos or videos exist.
Finally, our friend Rob sent us this Interesting article from The Red Tape Chronicles called “Poor Customer Service is Our Greatest Cybersecurity Threat,” by Bob Sullivan. While we don’t believe that this is the “greatest” security threat, the point Mr. Sullivan makes is a good one! (Published 9/15/22)
Different Kinds of Rotting Phish – This week we diverge a bit from the usual smelly phish and include a spear-phish and a phishing text direct from a scammer pretending to be the daughter of a woman who was targeted. Let’s start with this oddball one sent to us by a longtime reader, telling her that her password had expired. Though the sender’s name is “Support-Admin” the domain is odd and called hinet[.]net, and completely unknown to her. More bizarre was the name of the domain that showed up in a mouse-over of the link “Keep My Password” – cmiccdmx[.]org. This oddball domain was already identified by 2 security services as malicious. Delete!
Did you know that school employees are often targeted by scammers? One such school has been targeted at least six times via bogus emails in the last two weeks by a scammer pretending to be various employees. In this email, Mr. Scammer is pretending to be the Head of School and is reaching out to another employee at the school. We’re told that the employees at this school are very well trained and immediately recognize the fraud because the sender’s email is NOT the real school email OR the REPLY-TO address is not the real sender’s email. We know how this phish goes…. In this case, the “Head of School” will be asking the victim for a favor that includes buying gift cards, like Apple gift cards, and sending the numbers on the card back to the scammer…. Ah, we mean Head of School. Pathetic!
And finally, a Reddit user named Zombie_Cop75 posted this lovely text she received, supposedly from her daughter! The giveaway that this was a scam message was that her daughter doesn’t have a cell phone! Don’t believe everything you read!
Brand New iPhone 14 and Negative Background Check! – “This is our second attempt to tell you that you are a lucky user! We’ve pasted a big red target on your back and if we can convince you to click our link, you’ll deeply regret it (but it will make us very happy, thank you.)” Don’t be fooled by malicious clickbait like this! The email came from a domain called expoplatforme[.]com. It was registered on August 1st in Iceland through Namecheap! WHAT A SURPRISE, RIGHT? The website you’ll land on tells you that you’ve got 7 minutes to complete a survey in which you’ll be asked to provide lots of personal information. (You might also get hit with malware!) And trust us, you will NOT get a free iPhone as a result.
Malicious clickbait comes in many forms. Anything to trick you into clicking a malicious link will do! One method long-cherished by cybercriminal scum is an email telling you that someone conducted a background check on you and found bad things about you! What provides slightly more credibility to this malicious fraud is the fact that links in the email may point back to Googleapis, a trusted service by Google. Check out this clickbait sent to Doug at TDS. Oh no! Two negative items have been added that could effect his future and current job prospects? Oh dear! But DO NOT click! Six security services have identified the Googleapis links in the email as malicious!
Critical Digital Safety Skills for Today’s World – If you use the Internet, have an email or social media account, and/or own a cell phone today, you will be targeted by cybercriminals. This is a fact and consequence of life in today’s digital age. And yet, it is easy to see through most types of fraud and malicious intent if you train yourself to take several easy things when online and using your phone. Here’s a short but critical list, and includes some links to our articles that offer a lot more detail about these skills, followed by a funny post on Reddit that makes our point!
- Understanding and observing what you see in the FROM and REPLY-To sections of emails. Check out our article “Where it’s @!” and “7 Tips for Recognizing Scam Emails Before You Open Them.”
- Mouse-over skills are critically important. However, it is very difficult to do this on a smartphone, tablet or iPad! When in doubt about something, wait til you sit down at a computer to mouse-over and check on a suspicious link! You’ll be glad you did. Check out these articles and videos to help you build your mouse-over skills:
- Mouse-Over skills article
- Mouse-Over skills explained (short video)
- Mouse-Over skills on iDevices like an iPhone and iPad
A Reddit user recently posted a text thread he had with a stranger after posting his sofa for sale on a local website. The person contacting him says that he’s “busy at work” but will send a FEDEX postman to come and pay cash for the sofa so it can be delivered to the person’s home. How ridiculous is that! Listen to your gut, if it doesn’t feel legit to you, it probably isn’t!
New Funding Options for You! – We have no idea why people would believe these bizarre texts from random phone numbers that claim to offer low-interest funding! Over the years, we’ve seen dozens of them and they are all 100% a fraud, or HIGHLY suspicious! Check out these two recent ones! They appear to be nearly identical to others we’ve seen in the last few years. Hmmmm…. Sent by the same scammers? Likely!
We can GUARANTEE that any bogus text or email from a “bank” or financial service that includes USA in the name, is coming from scammers OUTSIDE the USA! Check out this one from “BankUSANet[.]com. This “American” domain was registered in Iceland, through NameCheap, just 35 days earlier on August 11th. Delete and block 202-967-1805!
How about this bogus “funding request” text that came from 833-206-7649. You are asked to click a link to GreenLinkApp[.]com. But this domain was also registered in Iceland a little more than 2 weeks after we got this text, (September 2). Delete and block!
Until next week, surf safely!
Copyright © 2021 The Daily Scam and Scamadviser. All rights reserved. You are receiving this email because you
have subscribed to it via Scamadviser.com or thedailyscam.com
Keurenplein 41, UNIT A6311 | 1069CD Amsterdam, The Netherlands