Copy
THE DAILY SCAM NEWSLETTER - APRIL 1, 2020
Content Director: Doug Fodeman | Creative Director: David Deutsch


THE WEEK IN REVIEW

Dear TDS readers, we’ve finally published a web page devoted to malicious clickbait and fraud disguised as information related to the Coronavirus pandemic.  It includes several recently registered domains that SOUND legitimate but are not, like FamilyViralProtection[.]com.  Visit our article at https://www.thedailyscam.com/coronavirus/

There was a time when we used to remind readers that cybercriminals frequently target people who battle various health issues like diabetes, obesity, acid reflux, back pain, alzheimers, etc. with malicious clickbait.  For God’s sake, they even target people dealing with toenail fungus! Though we haven’t mentioned this fact in many weeks, it is still the case! Here’s just one small example we received just a few days ago… An email with the subject line “1 Weird Stretch DESTROYS Back Pain and Sciatica” sent from the domain educapila[.]info.  “My good friend Emily used to suffer from horrific back pain…” Blah, blah, blah.  You are encouraged to click the link.
 



And of course, the domain educapila[.]info was registered by someone in India the day before this email was sent.  Visiting the links in the above email will result in a malware infection before the visitor is forwarded onto another sketchy website called “erase my back pain” DOT-org.  Thankfully, the educapila[.]info website has been blacklisted by McAfee security service.  No matter how tempting it may be to discover an email that randomly arrives in your inbox about a health issue you are dealing with...

DO NOT CLICK THE LINKS IN IT.



Because they are so much fun to listen to, here’s another scam AI voice message one of our readers sent us.  She was informed that “legal procedures” were going to begin against her unless she called 301-703-9934.
 



Happy April Fool’s day.  Wish we had something to smile about….

Daily Scam Home Page

PHISH NETS
Go Daddy Account

GoDaddy is one of the largest domain registrars and web hosting companies in the U.S.  And anyone who owns a domain name is accustomed to getting annual emails asking them to verify the account information used to set up the domain.  However, this email claiming to come from GoDaddy didn’t come from GoDaddy.com. It came from a free email service in Germany called t-online[.]de.  (“.de” = Deutschland = Germany)  The recipient is asked to verify their domain information.  However, the link for “Verify Now” points to a website in Morocco called mapara[.]ma.  (“.ma” = Morocco; though it makes no sense to us why the 2-letter country code is “ma” since Morocco doesn’t contain the letter “a”).




No surprise that the Zulu URL Risk Analyzer tells us that the Mapara website is malicious and visitors will be redirected to a phishing website in Chile called aquasagrada[.]cl.  (“.cl” = Chile)  However, this is more than just a phishing scam targeting people who have purchased domains through GoDaddy.  Sucuri.net found malware on mapara[.]ma waiting to infect computers before being redirected to Chile’s phishing site!

Ouch!  Double-whammy!




Daily Scam Home Page
 

YOUR MONEY
Dating Has Never Been So Painful

As seen through the experiences of some of our grown kids and their friends, dating today can be really challenging, for a variety of reasons!  Compound these challenges with the current pandemic and dating becomes little more than a Skype date! But sometimes dating through online tools and apps is painful AND deadly.  Take, for example, this bizarre email that appeared in our inbox at TDS from “Jacketild” using the email address “yourmail “@” mail.com. (“Mail.com” is a free email service.) What the heck is this person even saying???


 

The ONLY thing that is clear to us about this email is that the sender wants us to click a link to a dating service that was built using a free web page creation tool in France called “webself.net.”  The website waiting for us on this free tool is called “chinese-brides-66.” According to TravelChinaGuide.com, “6” is a lucky number in Chinese culture, especially concerning love and relationships.  Visiting this website for “chinese-brides-66” takes the visitor to the web page titled “Meet Chinese Brides.” (This strikes us as odd since a “Chinese Bride” is a newly married woman.  Why would a newly married Chinese woman want to meet some other man for dating?) The web page goes on to say that “every single man in the world is dreaming of dating a Chinese woman.” Uh, no, not true.  Open the graphic and read what these experts have to say about Chinese women. Clearly, English is NOT their first language and we know some Chinese women who would likely disagree loudly with what is said on this website.  But that’s not the point!  

Let’s break down the legitimacy of this “dating service”...

  1. This dating service is advertised via an email from “Jacketild”... “yourmail “@” mail.com ---not through a domain owned by a dating company providing a legitimate phone number and actual people you can call to inquire about their service.  And what kind of name is “Jacketild” anyway?

  2. This dating service is hosted on a free French website tool that anyone can use to put up webpages, not a registered domain of a company with information that can be traced and verified.  In fact, if you look at the top web page carefully you’ll see the sentence “If you discover any difficulty about love and relationships, feel free to contact our dating experts by” That’s it!  Contact them by what, mind reading? Mental telepathy?

On a “Legitimacy” scale of 0 to 100, this Chinese Brides 66 dating service scores in the negative numbers, no matter how much you like their smiles!

Deeeeleeeete!



Obviously we can’t trust “Chinese brides” just yet so how about Russian brides? One of our honeypot email accounts got this lovely email saying “You Have 1 New Message” and it came from “Your Russian Woman.”  We almost teared up seeing the headline “Share family life with your charming Russian Bride.”  But a closer look at this clickbait tells a much more painful story! The email was sent from the domain ketocarr[.]buzz. This domain has nothing to do with the also-sketchy website RussianWomenDate[.]com mentioned in the email.  Even the link below the pretty pictures that reads “Russianwomendat” pointed to ketocarr[.]buzz.


 

Once again, the Zulu URL Risk Analyzer AND VirusTotal.com come to our rescue and save us from a date worse than hell!  Both services find ketocarr[.]buzz to be malicious!  We couldn’t help, once again, noticing that we’re invited to complain about this clickbait by sending an email to a company in India called Apexpoint.  We have written many times about this company! Just delete and stick with meeting your date in person!




 


Daily Scam Home Page

 
 

TOP STORY
Comment Spam Landmines

In our March 18 newsletter, our Top Story was about painful comment spam that we shared with readers.  What was a waterfall of pain is now a deluge, though some of it is funny! And some of it is also dangerous! We thought we would share some of these more dangerous comment spam landmines with you!

Let’s begin with this lovely email from Essie.  We’re told that she is “engaged in posting articles on Internet resources” and she’s asking us to “cooperate.”  We weren’t entirely certain what that really meant. Fortunately, she’s given us a link to a questionnaire where we are asked to fill out a form that “takes no more than 3 minutes and will greatly increase the speed of the start of our cooperation!”  Of course we found it interesting that “Essie Shepherdson’s” name in her email address is followed by a different name “irintishkova1” in the actual address. This is a trick often seen used by scammers. Sucuri.net AND VirusTotal.com informed us that the link to the “forms[.gle]” website has been identified as a phishing scam by other security services like PhishTank.com.  That link also redirects the visitor to a Google form.






 

If you want to see the questions that Essie wanted to ask us, open this screenshot!



 

We also got an email from someone called “alimxyxj” at Gmail representing an abuse treatment center called aaa-rehab[.]com.  In fact, the short email included three links to this self-described “stress and substance abuse” support site.



 

However, we learned from Sucuri.net that the security service McAfee has blacklisted the rehab website. Clicking a link to it will also send visitors to another website. Of course that made us even more curious so we checked our favorite WHOIS to see when aaa-rehab[.]com was registered and we learned that this domain was registered in Panama just 8 days before we got this email.  This fits the perfect definition of malicious clickbait!  




 

Daily Scam Home Page

 


FOR YOUR SAFETY
Taking Advantage of Family Relationships

One of our readers very recently informed us that he received an email seemingly from his niece containing the message “So sorry for not emailing this before” and it included a link to an oddball website.  But our reader is VERY savvy and didn’t take the bait. Both the uncle and his niece contacted us to say that the email was NOT legitimate. The Zulu URL Risk Analyzer shows that the link was malicious.  

Cybercriminals are able to use a variety of free & paid online tools to find relationships between people, as well as email addresses.  We think it is likely that they used such tools to connect these two and then create a fake email using the name of the niece, to send to her uncle.  It pays to look carefully at the sender’s email address! And don’t think it is safe to click all links even if the sender’s email address is accurate.  Does the email “feel” right to you?





Until next week, surf safely!
Forward to Friends

About Us
Contact Support
Manage Subscription
Unsubscribe


SUBSCRIBE

Produced by:
Deutsch Creative
 
Copyright © 2020 The Daily Scam, All rights reserved.


Want to change how you receive these emails?
You can update your preferences or unsubscribe from this list

Email Marketing Powered by Mailchimp