TOP STORY
Corona Virus Scams
It was only a matter of time before criminals focused on everyone’s anxiety associated with Coronavirus to target us with malicious clickbait and other scams. On March 6, the U.S. Department of Homeland Security issued this warning “Defending Against COVID-19 Cyber Scams.” In it they broadly urge caution when opening anything referring to COVID-19 but give no specific examples. That’s OK, we’ve got you covered! Check out this malicious clickbait that we received at 2 pm on Friday, March 6.
The subject line reads “Coronavirus has reached the US.” This email was sent from newsletter “@” huristaix[.]us. It contains statements that are false or exaggerated and meant to increase anxiety and generate a click, such as “This new coronavirus spreads as readily as the 1918 Spanish flu which killed 59 million people worldwide.” HOWEVER, if you read the bottom few sentences in this re-used clickbait, you’ll see that the criminals didn’t remove sentences from the last time they used this template to target people! All links point back to huristaix[.]us, which is interesting because that oddball domain was registered in India by someone named “Shreena Arora” on January 14, 2020.
According to the N.Y. Times timeline, the first death reported in China from COVID-19 wasn’t until January 11 and the spread was not documented and made public until January 20. How very forward thinking of Shreena Arora to think she needed to register and set up a website about all of this on January 14! (Said dripping with sarcasm.)
As we’ve described many times in the past, and as recently as last week’s newsletter…. Take notice of any large colored box underneath email content. Spammers and scammers often hide generic text of the same color inside it, hoping that this text will be seen as normal content by anti-spam servers and pass the email through to your inbox, rather than block it. Of course we found grey text against the grey background…
When we copied that text and pasted it into a simple ASCI text program and turned the text black, we were surprised to learn that these criminals had taken text from two Wikipedia passages about the Roman Empire and History of the Roman Empire! It must parallel their desire to conquer the world through cybercrimes.
“notable one being Charlemagne. Historiy, this event marked the transition between classical antiquity and the Middle Ages. In the view of the Greek historian Dio Cassius, a contemporary observer, the ion of the emperor Commodus in 180 marked the descent "from a kingdom of gold to one of rust and iron"—a famous comment which has led some historians, notably Edward Gibbon, to take Commodus' reign as the beginning of the decline of the Roman Empire. In 212 , during the reign of Caraa, Roman citizenship was granted to all born inhabitants of the empire. But despite this gesture of universality, the Severan dynasty was tumultuous—an emperor's reign was ended routinely by his murder or execution—and, follog its collapse, the Roman Empire was engulfed by the Crisis of the Third Century, a period of invasions, civil strife, economic dis, and plague. In defining historical epochs, this crisis is sometimes viewed as marking the transition from Classical Antiquity to Late Antiquity. Aurelian (reigned 270–275) brought the empire back from the brink and stabilized it. Diocletian completed the work of fully restoring the empire, but declined the role of princeps and became the first emperor to be dressed regularly as domine, "master" or "lord". Diocletian's reign also brought the empire's most concerted effort against the perceived threat of Christianity, the "Great Persecution". Diocletian divided the empire into four regions, each ruled by a separate emperor, the Tetrarchy. Confident that he fixed the diss that were plaguing Rome, he abdicated along with his co-emperor, and the Tetrarchy soon collapsed. was eventually restored by Constantine the Great, who became the first emperor to convert to Christianity, and who established Constantinople as the new capital of the eastern empire. During the deces of the Constantinian and Valentinian dynasties, the empire was divided along an east-west axis, with dual power centres in Constantinople and Rome. The reign of Julian, who under the influence of his viser Mardonius attempted to restore Classical Roman and Hellenistic religion, briefly interrupted the ion of Christian emperors. Theodosius I, the last emperor to rule over both East and West, died in 395 after making Christianity the official religion of the empire. The Roman Empire by 476”
Were you to click any of the links in that clickbait email you will be sent to huristaix[.]us just long enough to pick up computer malware (OUR BEST GUESS!), and then be redirected to a VERY SKETCHY website named survivecoronavirus[.]org. DO NOT VISIT THIS WEBSITE! We believe it may also be a malware trap, but can’t prove it….yet. It was registered privately in Canada on January 27, 2020 anonymously. survivecoronavirus[.]org is certainly filled with absurd and ridiculous claims and headlines such as:
“Military Source Exposes Shocking TRUTH About Coronavirus”
“The "1 Thing" You Must Do Before It's TOO LATE”
You may also be informed that the video on this sketchy site doesn’t load and you have to install some type of video player. BAD IDEA! Another line then reads “Video may take 10 seconds to load.” It should read “Malware may take 10 seconds to load.” The Security software company ESET has identified this sketchy website as “suspicious.”
One of our longtime readers sent us this email on Sunday, March 8 and thought it was very suspicious. The subject line is meaningless. The email appears to be an offer from the legitimate manufacturer of protective face masks called SafeMask by the company Medicom. However, the FROM address in this email is completely missing, which immediately makes it suspicious. So too is the fact that all links point to a Microsoft server address that has been repeatedly misused by cybercriminals for months now… safelinks.protection.outlook[.]com. Why wouldn’t that link just point to Medicom or some other legitimate reseller of their products? Instead the Outlook[.]com link redirects people to another obfuscated link through another legitimate service that has also been very successfully misused to deliver malware to people’s computers…. Googleapis[.]com. (Read a description of this threat from misusing googleapis[.]com that is posted on MalwareFixes.com.) Cybercriminals are experts at misusing legitimate content as tricks to engineer our clicking behavior. Instead of risking a click, open a new window and search for the product or website via Google and click a link that points directly to that domain, not an odd teaser domain such as this example: buy-safemasks[.]health.
To all our readers, we wish for you and your families to stay safe, healthy, and especially calm, as the world figures out how best to respond to this epidemic. We leave you with one more very important link about this topic. It’s to the KidsPlay video on YouTube singing the “Cough, Cough, Sneezy, Sneezy… You Need to Cover Your Mouth” song! Enjoy!
Daily Scam Home Page
|