Copy


THE WEEK IN REVIEW

What a week it has been!  Fear, anxiety, along with our changing work and personal lives in response to the coronavirus pandemic continues to suck the air out of the room. As soon as we can find time, we plan to create a feature article showing the increasing number of scam emails, websites and products related to this growing pandemic.  At this point it is hard for us to juggle everything. Suffice to say, please be very careful and thoughtful about clicking links in any emails that randomly come into your inbox claiming to be about products to protect yourself against getting the infection, products to heal yourself if you have the infection, and causes/campaigns to donate money for those in need.

Here are links to several recent resources that are also exposing online fraud and threats disguised as coronavirus related information:

Coronavirus Cybercrimes: Are These the Worst? (Secure World Expo)
FBI Sees Rise in Fraud Schemes Related to the Coronavirus Pandemic (IC3.gov)
FTC Coronavirus Scams - Part 2 (FTC.gov)
Secret Service Warning: Exploiting the Coronavirus for Fraud and Profit (KnowBe4.com)
Truth in Advertising: Pure Herbal Total Defense Immunity Blend (truthinadvertisingorg)

As one example of possible fraud or clickbait, a website named EmergencyEssentials[.]co[.]uk (as in the United Kingdom = “.uk”) was registered just a few days ago and is being hosted in India. The email claims to sell products to stay safe from Coronavirus.  We believe this is a fraudulent site and not what it claims to be….





 

If you are considering donating to help those in need during these challenging times, please check out the organization to whom you wish to donate using these research tools:

Can we complain for just a moment about Google?  Normally, this tech giant, on whom we all depend, does a pretty decent job of protecting us from spam, scams and malicious content.  It is able to block or identify most of it. Why, then, can’t their AI be designed to recognize such OBVIOUS fraud from someone who created a free gmail account named “OnlinePowerBallSweepstakes” “@” gmail.com?  **sigh**

 

Daily Scam Home Page

PHISH NETS
Amazon Survey, M&T Bank, and Apple Support

At first we thought this email was another clickbait step away from a computer infection.  However, a deeper dive tells us that it is more likely a phish for personal information from Amazon account holders.  This email didn’t come from Amazon or any legitimate marketing firm. It came from glennworana[.]com, a domain that was registered about a month earlier and Google knows nothing about it.  The metatag data returned by a Google search simply says “glennworana[.]com is your first and best source for all of the information you're looking for. From general topics to more of what you would expect to find here, ..”  What, exactly, does this mean?



 

The active link in this email “COMPLETE AMAZON SURVEY HERE” points to aattrckr[.]com but then redirects visitors to a website called promotionsonlineusa[.]com that appears to be hosted in the Netherlands.  When we tried to use Screenshot Machine to visit the site and take a screenshot, it was presented with a message that this website was flagged by security services as a phishing site. 

Ouch! Dodged a bullet!






M&T Bank is headquartered in Buffalo, New York. According to Google, it operates 780 branches in New York, New Jersey, Pennsylvania, Maryland, Delaware, Virginia, West Virginia, Washington, D.C., and Connecticut.  This email, sent to us by one of our longtime readers, did NOT come from M&T Bank! It came from an email/news service in Germany. And the “Get Started” link in this email points to a phishing site created with Wordpress called lasantha[.]online.

Deeeeleeeete!


 

Last week we showed readers this exact same phishing email disguised as an email from Apple Support.  These cybercriminals are still at it and are using a different sending address and have links to a different phishing site.

Beware!

Daily Scam Home Page
 

YOUR MONEY
Amazon Scam Phone Call and Costco Survey

One of our readers received this recording to her voicemail box and sent it to us recently. It came from the phone number 717-390-5098.  The AI voice tells her that there has been a suspicious charge of an iPhone XR to her Amazon account for $765.  She’s asked to call 800-296-1878 if she did not place that charge. 

This is classic social engineering clickbait!  Enjoy...


 

Sad to say it, here’s another scam rewards survey disguised as a Costco survey.  These surveys must be extremely successful clickbait for cybercriminals because they send them EVERY SINGLE WEEK!  

This particular scam email, with the subject line “Congratulations-An Costco Reward Has_Arrived..!” came from the domain glowmathematicscenter[.]info.  ….Sounds like Costco.com, right?  This email was different than others like it because it contained a timer that counted down from 3 minutes to zero.  That’s how much time you have to make a decision to click this malicious link. Can you guess what happened when the timer hit zero?  It restarted at 3 minutes again!


 

This glowing number domain was registered in India about a month before this email landed into our inbox.  Sucuri.net had no problem seeing that malware was waiting like a bear trap for you step on upon arrival.

Deeeeleeeete!





Daily Scam Home Page

 
 

TOP STORY
A Spear-Phish Targets a School

On March 18 we heard from a school that had been targeted by a spear-phisher. Twenty-one employees of the school had received an email sometime between 6:10 and 6:25 pm on March 18 claiming to be from the Head of the School.  The message to each employee was the identical…. “Are you Available, Are you available?” The email, however, didn’t come from the school’s domain, it came from a generic Gmail address called “schoolmail630.” 

It’s important to note that it is much harder to detect email fraud when viewing an email on a smartphone because the smaller screen means that details are left out of the email presentation, unless you know how and where to find those details.  At least one employee responded to the email via their phone but then stopped because she became suspicious by the response. Compare these two presentations. One is the spear-phisher’s email on a computer (2nd image) and the other is on an iPhone (1st image).  Notice how easy it is to see the fraud when the email is opened on a computer screen.




Spear-phishing happens when a cybercriminal researches a company or organization and specifically targets members of that group using personal information he or she has gathered from his/her research.  In this case, the spear-phisher learned who the head of the school was, along with many employees and their email addresses. Doug at TDS was informed of this scam almost immediately. He put on his super-hero cape, launched into action and emailed the scammer to ask what he needed!  Enjoy the conversation thread below...

Hi [NAME REDACTED],

I got your email earlier but was eating dinner.  I'm here. What's up

Doug

I'm in a meeting right now that's why i'm contacting you through here. I should have call you instead of mailing you but phone calls are not allowed to be use during meeting. I don't know when the meeting will be rounding up and i want you to help me get something from any store close to you and send it here via mail.. Can you?

Best Regards

[NAME REDACTED]

Head of School

[NAME REDACTED] School.

[NAME REDACTED]

Yes, of course I can help.  Sorry you are in such a late meeting.  Is it related to coronavirus??

What do you need?

D

I need you to help me get Walmart gift card from any store close to you...  i will need you to send me picture of the card or code on the card for confirmation... Then I will get the physical card from you later when we see and reimburse your money back

It will be a privilege and honor if you can help me

Best Regards

L [NAME REDACTED]

Head of School

[NAME REDACTED] School.
 

[NAME REDACTED],

I'm headed out to the grocery store soon to pick up a couple of things and can swing by walmart on the way back.  I'll take a picture and send it to you in about a half hour.

Hope that timing's ok.

Doug

Thanks i really appreciate, Just help me get Walmart gift card,  The amount i want is $100 each in four (4) pieces so that will make it a total of $400,, Once you get them just scratch the silver label at the back of each cards and send the pictures on here,  i will get the physical card from you when we see and reimburse back your money

How soon will you get it ?

Best Regards

[NAME REDACTED]

Head of School

[NAME REDACTED] School

Hi [NAME REDACTED],

Just got back.  I took a photo of each card and put them all on this google doc so you can print them out as one sheet of paper.

See you tomorrow morning!

Doug


I'm not getting the image of card yet ...I need you Scratch the silver panel on each card and send me here for confirmation just like the image I just sent you now

Best Regards

[NAME REDACTED]

Head of School

[NAME REDACTED] School

I told you in my last email.  I put all the pics on this google doc so you can print them out as one sheet of paper.

Visit the link [NAME REDACTED].

Doug

OK do you still have the cards with you ?

Best Regards

[NAME REDACTED]

Head of School

[NAME REDACTED] School

[NAME REDACTED],

I sent you the link to them already. The photos are all on this Google doc.

If you don't want to print the document at home I will give you the cards in the morning

Good night,

Doug

Doug was trying to get the spear-phisher to click a link that would expose him.  Unfortunately, he didn’t take the bait! 

Daily Scam Home Page

 


FOR YOUR SAFETY
You Have a New Gift Pending (text) and Confirm Your Unsubscribe Request

On March 22, Doug at TDS received the following text… “Thank you for your recent purchase. You have a new gift pending…” followed by a link to the domain cfikkr[.]com.  The text came from the email address rewardnoticeoftbxr “@” thfswo[.]com.  The domain cfikkr[.]com was registered that very same day and the domain thfswo[.]com was registered just a couple days earlier.  Everything about this text and its link reeks of malicious intent!  That gift can stay “pending.”




Here’s another email that reeks terribly!  One of our readers received it and was asked to “unsubscribe” from this “Amazon Competition.”  Clicking the link sends an email to the address “contact “@” sdkldfsd[.]space.”  Like the text above, that domain was registered just a few days before the email was sent.  Nothing about this email looks like the real Amazon.com. Step away from this precipice….






Until next week, surf safely!
Forward to Friends

About Us
Contact Support
Manage Subscription
Unsubscribe


SUBSCRIBE

Produced by:
Deutsch Creative
 
Copyright © 2020 The Daily Scam, All rights reserved.


Want to change how you receive these emails?
You can update your preferences or unsubscribe from this list

Email Marketing Powered by Mailchimp