Copy


THE WEEK IN REVIEW

The spread of Coronavirus, now called COVID-19, dominates the news and conversations across the globe.  People’s anxiety levels are up over concerns about its rapid spread across communities. This impact has had a ripple effect on everything from stock markets to panic-buying in supermarkets. Unexpectedly, there may be one possible small silver lining in this very dark cloud of consequences. Since the international spread of COVID-19 around mid-February, we have felt a noticeable drop in the number of scams targeting Netizens around the world. One way for us to measure this drop, besides the number of scams we find or that our Readers send us, are pageviews on our website.  Pageviews have dropped from an average of about 1500 pageviews per day in January, to just under 900 pageviews per day in February, and then less than 800 per day in the first week of March. Our pageviews have always been strongly reflective of the most current and significant scams impacting people across the United States, UK, and Australia.

We can’t help but speculate what is responsible for this approximate 50% drop in pageviews and decreased scam reports.  Keep in mind that the significant international spread of the Coronavirus epidemic has only happened in the last three weeks, since the third week in February. Why did we see such a drop in February?  If we look at the countries that were MOST impacted in January and the first half of February we may have our answer.  The countries most impacted in those earlier weeks included China and Iran.  Both China and Iran have been known to host government sponsored cybercriminals who target the United States.  A Google search of “Chinese government sponsored hacking” and “Iranian government sponsored hacking” return links to many credible news sources about their nefarious activities in just the last two years. Also, we wonder how severely the virus has spread into North Korea, a country that has a relationship with China (i.e. COVID-19 spread) but is so secretive that no one really knows the impact of the virus on its citizens. North Korea is WELL KNOWN for cyberattacks against the United States government and US citizens.  Is it possible that the severe spread of Coronavirus in these three countries has forced their state-sponsored cybercriminal gangs to be less active during the last few weeks?  Obviously, we’ll never know for certain but we can’t help but wonder.

To help us correlate our drop in pageviews with the spread of this disease, we used this NY Times article detailing the timeline of the spread of COVID-19:  https://www.nytimes.com/article/coronavirus-timeline.html

However, we were not 100% scam-free last week! (As if that would ever happen?) And it was only a matter of time before criminals started to use the Coronavirus outbreak itself as malicious clickbait.  Read this week’s Top Story!

Do you value advocacy programs for the disadvantaged? We do, but not this one! Read our latest feature article about a scammer who just launched a fake website on March 2 called RentAdvocates to target lower income people in Ohio!

Daily Scam Home Page

PHISH NETS
Chase Bank and Amazon (Again!)

We feel really badly for both Amazon users and Chase Bank account holders.  They both get targeted a lot by phishing scams! Let’s start with this email sent from a web server in Germany with the subject line “Chase Alert: For Your Protection.”  “Your Chase Online Banking Will Be Disabled.” The link may LOOK LIKE it points to a verification page at Chase.com but a mouse-over reveals that the link actually points to a website registered in India last December and hosted in Germany. It is called grahani[.]in.

Lunge for the delete key!


 

Another TDS reader sent us this phish poorly disguised as an Amazon Order Confirmation.  Subject line is “Authorization Confirmation is required.” But this email came from “barbames1” at an Outlook.com email address.  The link to “Cancel The Order” for this $4000 gift card points to a marketing service called phplist.com that is being misused by criminals.  

There are two things about this email that we found most interesting.  First, the recipient is told that the “estimated delivery” of this gift is in 5 minutes.  Obviously this is meant to get someone to rush to click without thinking carefully about what they are reading and its source.  Secondly, the email address that appears to be associated with the $4000 fake gift card is “kurg-nigeria” at Hotmail. Believe us, if this were a REAL fraudulent misuse of someone’s account, the criminals wouldn’t use an email address that suggests Nigeria, a well-known source of cybercriminals.  They might just was well used “send-your-money-to-Nigerian-scammer @ hotmail .com.”

This is another big, fat deeeeleeete!
 



Daily Scam Home Page
 

YOUR MONEY
Anyone Can Learn Piano and You've Been Nominated.

PianoForAll is a legitimate business and website promoting piano playing for all ages.  This email wants you to think it is associated with that website but it is nothing more than malicious clickbait. Cybercriminals have misused this legitimate business for many years. The email came from the domain calatelate[.]us and all links point back to it.  When we looked to see when that oddball domain was registered, we were not surprised to learn that it was registered in India on the same day the email was sent. 

Step away from this precipice!






We used to see a lot more vanity scams than we’ve seen lately.  Vanity scams refer to scams that flatter the recipient into thinking he or she is special and invites them to join some special service or receive an award because they are so very special!  You can read more about these types of scams and see many examples in our feature article Dubious Awards.

We mention this because one of our readers sent us this wonderful nomination she received to become part of the Who’s Who community of Professionals.  Except that it didn’t come from any known Who’s Who organization. It came from the domain eponywax[.]com, a domain registered last August, 2019 and with no visible website to be found.  However, most importantly, the link associated with “Click To Get Started” points to a malicious website on a server in Montenegro. (Country code = “.me”)
 



Daily Scam Home Page

 
 

TOP STORY
Corona Virus Scams

It was only a matter of time before criminals focused on everyone’s anxiety associated with Coronavirus to target us with malicious clickbait and other scams. On March 6, the U.S. Department of Homeland Security issued this warning “Defending Against COVID-19 Cyber Scams.”  In it they broadly urge caution when opening anything referring to COVID-19 but give no specific examples.  That’s OK, we’ve got you covered! Check out this malicious clickbait that we received at 2 pm on Friday, March 6.

The subject line reads “Coronavirus has reached the US.”  This email was sent from newsletter “@” huristaix[.]us.  It contains statements that are false or exaggerated and meant to increase anxiety and generate a click, such as “This new coronavirus spreads as readily as the 1918 Spanish flu which killed 59 million people worldwide.”  HOWEVER, if you read the bottom few sentences in this re-used clickbait, you’ll see that the criminals didn’t remove sentences from the last time they used this template to target people! All links point back to huristaix[.]us, which is interesting because that oddball domain was registered in India by someone named “Shreena Arora” on January 14, 2020.

According to the N.Y. Times timeline, the first death reported in China from COVID-19 wasn’t until January 11 and the spread was not documented and made public until January 20.  How very forward thinking of Shreena Arora to think she needed to register and set up a website about all of this on January 14! (Said dripping with sarcasm.)
 





As we’ve described many times in the past, and as recently as last week’s newsletter…. Take notice of any large colored box underneath email content.  Spammers and scammers often hide generic text of the same color inside it, hoping that this text will be seen as normal content by anti-spam servers and pass the email through to your inbox, rather than block it.  Of course we found grey text against the grey background…


 

When we copied that text and pasted it into a simple ASCI text program and turned the text black, we were surprised to learn that these criminals had taken text from two Wikipedia passages about the Roman Empire and History of the Roman Empire! It must parallel their desire to conquer the world through cybercrimes.

“notable one being Charlemagne. Historiy, this event marked the transition between classical antiquity and the Middle Ages. In the view of the Greek historian Dio Cassius, a contemporary observer, the ion of the emperor Commodus in 180 marked the descent "from a kingdom of gold to one of rust and iron"—a famous comment which has led some historians, notably Edward Gibbon, to take Commodus' reign as the beginning of the decline of the Roman Empire. In 212 , during the reign of Caraa, Roman citizenship was granted to all born inhabitants of the empire. But despite this gesture of universality, the Severan dynasty was tumultuous—an emperor's reign was ended routinely by his murder or execution—and, follog its collapse, the Roman Empire was engulfed by the Crisis of the Third Century, a period of invasions, civil strife, economic dis, and plague. In defining historical epochs, this crisis is sometimes viewed as marking the transition from Classical Antiquity to Late Antiquity. Aurelian (reigned 270–275) brought the empire back from the brink and stabilized it. Diocletian completed the work of fully restoring the empire, but declined the role of princeps and became the first emperor to be dressed regularly as domine, "master" or "lord". Diocletian's reign also brought the empire's most concerted effort against the perceived threat of Christianity, the "Great Persecution". Diocletian divided the empire into four regions, each ruled by a separate emperor, the Tetrarchy. Confident that he fixed the diss that were plaguing Rome, he abdicated along with his co-emperor, and the Tetrarchy soon collapsed. was eventually restored by Constantine the Great, who became the first emperor to convert to Christianity, and who established Constantinople as the new capital of the eastern empire. During the deces of the Constantinian and Valentinian dynasties, the empire was divided along an east-west axis, with dual power centres in Constantinople and Rome. The reign of Julian, who under the influence of his viser Mardonius attempted to restore Classical Roman and Hellenistic religion, briefly interrupted the ion of Christian emperors. Theodosius I, the last emperor to rule over both East and West, died in 395 after making Christianity the official religion of the empire. The Roman Empire by 476”

Were you to click any of the links in that clickbait email you will be sent to huristaix[.]us just long enough to pick up computer malware (OUR BEST GUESS!), and then be redirected to a VERY SKETCHY website named survivecoronavirus[.]org.  DO NOT VISIT THIS WEBSITE!  We believe it may also be a malware trap, but can’t prove it….yet.  It was registered privately in Canada on January 27, 2020 anonymously.  survivecoronavirus[.]org is certainly filled with absurd and ridiculous claims and headlines such as:

“Military Source Exposes Shocking TRUTH About Coronavirus” 
“The "1 Thing" You Must Do Before It's TOO LATE”

You may also be informed that the video on this sketchy site doesn’t load and you have to install some type of video player.  BAD IDEA! Another line then reads “Video may take 10 seconds to load.”  It should read “Malware may take 10 seconds to load.”  The Security software company ESET has identified this sketchy website as “suspicious.”

One of our longtime readers sent us this email on Sunday, March 8 and thought it was very suspicious.  The subject line is meaningless. The email appears to be an offer from the legitimate manufacturer of protective face masks called SafeMask by the company Medicom.  However, the FROM address in this email is completely missing, which immediately makes it suspicious.  So too is the fact that all links point to a Microsoft server address that has been repeatedly misused by cybercriminals for months now… safelinks.protection.outlook[.]com.  Why wouldn’t that link just point to Medicom or some other legitimate reseller of their products?  Instead the Outlook[.]com link redirects people to another obfuscated link through another legitimate service that has also been very successfully misused to deliver malware to people’s computers…. Googleapis[.]com.  (Read a description of this threat from misusing googleapis[.]com that is posted on MalwareFixes.com.)  Cybercriminals are experts at misusing legitimate content as tricks to engineer our clicking behavior.  Instead of risking a click, open a new window and search for the product or website via Google and click a link that points directly to that domain, not an odd teaser domain such as this example: buy-safemasks[.]health.


 



To all our readers, we wish for you and your families to stay safe, healthy, and especially calm, as the world figures out how best to respond to this epidemic.  We leave you with one more very important link about this topic. It’s to the KidsPlay video on YouTube singing the “Cough, Cough, Sneezy, Sneezy… You Need to Cover Your Mouth” song!  Enjoy!

Daily Scam Home Page

 


FOR YOUR SAFETY
This Should Make You Smile

Rather than leave you with another warning about risky content and increase everyone’s anxiety, we thought we would leave you with a smile on your face.  Read this delightful email one of our readers received from none other than…. Billionaire Warren Buffet! He correctly claims that he “am the most successful investor in the world.”  No argument there! God bless you too, Mr. Buffett!



Until next week, surf safely!
Forward to Friends

About Us
Contact Support
Manage Subscription
Unsubscribe


SUBSCRIBE

Produced by:
Deutsch Creative
 
Copyright © 2020 The Daily Scam, All rights reserved.


Want to change how you receive these emails?
You can update your preferences or unsubscribe from this list

Email Marketing Powered by Mailchimp