The Daily Scam Newsletter (June 24, 2020)

THE DAILY SCAM NEWSLETTER — JUNE 24, 2020
Content Director Doug Fodeman | Creative Director David Deutsch | Issue 305

THE WEEK IN REVIEW

Last week TDS readers reported an explosion of phish in their sea of emails! We had so many phish of many different kinds reported to us that it is the topic of this week’s Top Story. But before jumping into that ocean we'd like to remind readers that clickbait comes in many varieties. A very simple, and effective form, is a short email question to engage the target. Take this question in an email from Maria, or is it from Jennin? (Look carefully at the full FROM address) She asks…. “Hello where are you…” and addresses the recipient by first name! The recipient didn’t recognize either name or email address.

Deeeeleeeeete!

We have so many good ideas how the Internet can be made safer for netizens of the world but do you think companies or organizations like Google or ICANN or Microsoft are going to listen to little-old-us? Here’s one tiny example… Why does Google allow ANYONE to set up a free Gmail email that uses names like “DHLCompanyDelivery0” or even “AdamFletcher.PaymentDepartment” without immediate investigation. These are so obviously being used for fraudulent purposes, especially the former username. Google should delete such accounts immediately! We wrote an article several years ago called How to Make the Internet Safer for Everyone filled with lots of good ideas, but no one's listening. **sigh**

How Good Are You At Telling Fact From Fiction?
Here are links to two Law Firm websites. One is legitimate and the other is a complete fraud and being used to support an elaborate “advance fee” scam:

Scott Lee Adams & Associates

Kristopher K. Greenwood & Associates

The answer can be found in our newest feature article about this FAKE LAW FIRM!

Daily Scam Home Page

PHISH NETS
Apple and Microsoft Chicanery

Apple account holders are often targeted by cybercriminals with phishing tricks but this is one of the most lame efforts we have ever seen! The same TDS reader sent us both of these emails. She received them a week apart. Notice the TINY dots between the letters in the emails. We wondered what those dots were so we copied the text and pasted it into a text editor that strips away all formatting. Take a look below at what we saw!

The tiny dots were random letters in extremely small font size! The scammer does this to make it impossible for anti-spam filters to evaluate if the email is spam, and so they default to letting it pass through to an inbox. But anyone with half-a-brain should be suspicious when they open the email and NOT click the link!

Another trick that cybercriminals use to get their phishing emails through anti-spam filters is character substitutions. Take this email that wants you to believe it is from Microsoft (but came from a Hotmail account.) Instead of typing MICROSOFT, the scammer wrote MICR0S0FT (using Zeros). We have no idea why, but they even did this on the phishing web page set up on Yolasite. They titled the page “EMA1LSET-UP.” Laughable!

Daily Scam Home Page

YOUR MONEY
Amazon Fraud Phone Number, CVS Rewards

In the summer of 2017 Google had a serious problem! The search engine was badly poisoned to display scammer phone numbers targeting about two dozen legitimate businesses when someone conducted a search for the customer service numbers. Amazon and Apple, in particular, were hit the hardest and this “search engine poisoning” resulted in tens of thousands of people being victimized. (Breadcrumbs from more than a dozen reports to TDS from victims, as well as the registration of several fake websites, all point to cybercriminal gangs in India as most likely responsible for this fraud.) It took Google several weeks to stop most of the poisoning but it has never completely gone away for long. One of the latest tactics we’ve seen is that the poisoning is very short-loved and then removed. We suspect that this trick makes it harder for Google to find and adjust their search algorithms to protect netizens against this type of fraud.

We first published articles about these fraudulent Amazon and Apple phone numbers and websites in August, 2017. Since that time, we have collected & posted 156 fraudulent phone numbers used by these scammers to represent Amazon customer support. (TDS readers have reported at least another dozen phone numbers but we have been unable to verify them as fraudulent and so will not post them.) The reason we mention this is because this type of fraud is still very active. One reader recently informed us that his elderly parents searched for Amazon customer support to refund a $9 item on June 10. They found the number posted on a website named PrimeNewsAM[.]com. When they called the number they spoke with someone with an Indian accent.

The edlerly man was asked to give his personal information (last 4 digits of his social security number, his full address, and phone number). He was then manipulated into receiving and clicking a link on his computer that gave the scammer full control of his computer. The scammer went through the mother’s email, and probably much more, and eventually logged into their bank account. The scammer said this was necessary in order to refund their $9. Then the story gets even crazier, according to the son. The scammer made it appear that he had accidentally sent the father $4,000 from Amazon, instead of refunding $9. At that point the scammer asked the father to go to a store like Target and purchase $4,000 worth of gift cards to Amazon. and to read him back the codes of the gift cards over the phone. And the father actually believed the scammer and tried to do exactly that! That is until a friendly Target security person overhead what was going on and stopped the man, telling him that this was all a scam. Thank goodness for that security person!

Below is the photo that the son took of his dad’s computer screen. It clearly shows that a website named primenewsam[.]com says the Amazon Prime Customer Service number is 800-440-7566. THIS IS NOT THE REAL AMAZON PHONE NUMBER! This is a scam phone number! When we visited that website hours later, that message and fraudulent number had been removed.

Anyone with a pulse and paying attention should notice several things about this recent CVS Rewards email that don’t make sense…

It appears to have been sent from the domain calvinklein.com
The subject line says it is about a “$50 CVS Gift Card Opportunity but the email asks if you want a $100 gift card
The “TO” email address and “Reply-To” email addresses are bizarre.

We were unable to capture the link associated with “Get Yours Now” from this email but we can GUARANTEE that this email is 100% malicious clickbait!

Daily Scam Home Page

TOP STORY
A Plethora of Phish!

Sooooo many phish in last week’s seas! Let’s use these as a simple review of how to tell fraudulent from real…

Does the domain listed in the FROM address match the company/organization the sender claims to represent? If NO, then don’t click!
Is the message within the email without any grammatical, capitalization, or spelling errors? Is the English well stated (as opposed to awkwardly stated)? If NO, then don’t click!
Is the layout/presentation of the email messed up, poorly designed, missing graphics, or contain poorly presented graphics such as pixelated graphics or misshapen graphics? If YES, then don’t click!
When you mouse-over the most important link that you are asked to click, does your browser show you that this link points to the domain you are expecting? If NO, then don’t click!
Does the message seem reasonable or make sense? If NO, then don’t click!
Do you have an account with the service represented in the email? If NO, then don’t click!

If you are genuinely concerned by the message you receive, open your web browser and go directly to the service represented by the email and log into it, without clicking the link in the email.

Keep in mind that some very sophisticated cybercriminals are able to “spoof” the FROM address to look like it came from the expected domain. Take, for example, this email that shows that it came from wellsfargo.com.Daily Scam Home Page

It makes no sense that the phone numbers in this Netflix email appear as international numbers, or that the address for Netflix is for Netflix International in the Netherlands. Also, be forewarned that just because you might see a link that points to a known online service, like Sendgrid or Appspot, doesn’t mean the email is safe or legitimate!

This last message is easy to spot as fraudulent. But let’s not forget the obvious one that NO LEGITIMATE SERVICE will EVER threaten to suspend your account because you haven’t verified something!

Daily Scam Home Page

FOR YOUR SAFETY
Dangerous Unsubscribes and Malicious Email Link

We want readers to keep in mind that there is clickbait in which the response that makes the most sense is exactly what you shouldn’t do! Take these two recent emails below that were sent to Doug at TDS. Clicking “unsubscribe” on trash like this is exactly what the sender wants! Both emails were designed to send his response to the same six questionable email addresses listed below. All of the domains in these addresses, except the last one, are being hosted on the same server in Lithuania. The last domain was registered by someone using an address in Nepal. Step away from the ledge…..

Canlitvizler @ canlitvizler.com

Odahabertv @ odahabertv.com

Tv-tip @ tv-tip.com

Longgroveia @ longgroveia.net

Bimehshee @ bimehshee.com

Arthasarokar @ arthasarokar.com

Finally, this email contains a malicious link meant to infect your computer with malware. It is a simple example of social engineering by cybercriminals…

Until next week, surf safely!

Forward to Friends

About Us
Contact Support
Manage Subscription
Unsubscribe

SUBSCRIBE

Produced by:
Deutsch Creative