Don’t click that link in your email. Please.

I shouldn’t have to keeps saying this, but far too many people just don’t practice “safe computing’ and as a result end up getting their computers infected by malware, losing their data, having their information stolen by criminals, being robbed, or all of the above.

Phishing message with dangerous link

Red flag #1: This message is not from Venmo. The email address of the sender is “0vmlwfglxague7g0kzs@oneautousa.com” which is not a venmo address; the domain leads to an essentially empty storefront of a generic “church.” Either the domain was created for the purpose of scamming people, or an otherwise unrelated domain was hijacked to have malicious content injected into its directory structure, or the email address was simply spoofed. In any case, it’s a clear indication that this email is not from Venmo.

Red Flag #2: “Congratulation.” Uh, no. That’s not what a message written by English-speakers would say. We’re dealing with Nigerian scammers here, or something similar.

Red flag #3: The link on the “accept money” button looks like this:

malicious link, not from Venmo

If you hover your mouse over any button or link in an email, the actual address where you will be taken will be shown at the bottom of your browser (at least that’s where it is in Chrome.) However, most of these deceptive links will re-direct one or more times, so you really never know where you’ll end up. But if the original link is not a “venmo.com” address, then you know you’re being taken for a ride.

Red Flag #4: “Click her” I suspect she, whoever she might be, will not appreciate being clicked. Real emails from real corporations do not generally contain obvious typographical errors like this.

So, as is my wont, I clicked on the “Accept Money” link just to go down the rabbit hole and see where I ended up. Malwarebytes told me the page was malicious, but I’m pretty well protected so I advanced anyway.

Instead of getting any money through Venmo (which I didn’t expect), I ended up on a “survey” page.

Again, not from Venmo, but camouflaged to look as though it is. All of the “verified” comments are without doubt spurious. The questions below are carefully crafted to keep the illusion going that the survey is from Venmo. It ain’t.

So once you give your answers, you end up at a “reward” page with 26 different offers you can claim. But beware – every single one of these is as phony as Donald Trump’s tan, and if you claim any of them you will end up paying a lot of money for next to no value.

Limited Supply! Act fast, offer expiring! [These are the “scarcity” and “urgency” sales ploys.]

This is the first reward on the list. Check the “Terms and Conditions:”

By placing an order, you agree our special deal club and we will bill you $0.00 S&H + $6.98 = Total: $6.98 (one-time purchase, no auto-ship) plus tax where applicable for your initial order, and every thirty days thereafter we will send you a new product from our special deal club, and automatically bill you the low price of $0.00 S&H + $6.98 = Total: $6.98 (one-time purchase, no auto-ship) plus tax where applicable.

So you’re getting a really cheap fitness tracker for 7 bucks, and committing yourself to getting another piece of slum [that’s what the carnival hucksters call the cheapest prizes they hand out] for another 7 bucks every 30 days, until you catch on and cancel. Which will be hard to do, I can guarantee it. And, you’ve given your contact information and your credit card number to extremely disreputable people. I cannot count the number of ways that this is a bad idea.

A couple of rows down is an offer for an iPad Pro. But again, after you give them your information so that they can spam you forever, you read the “Terms and Conditions:”

Claim your chance now! Sign up for a 30-day trial to Best Tech Giveaways and get the chance to win a new iPad Pro and Magic Keyboard! This contest is not made by or in cooperation with Apple. The winner will be contacted directly by email. All new customers participate in the prize draw for the shown campaign product. If you are the lucky winner, you will be contacted directly by email. This special offer comes with a 30-day trial to an affiliated subscription service, after which the subscription fee (37.97 USD every 30 days) will be automatically deducted from your credit card. If, for any reason, you are not satisfied with the service, you may cancel your account within 30 days. The service will be renewed every 30 days until canceled. This campaign will expire on December 31, 2021. If you wish to participate without signing up for a 30-day trial to besttechgiveaways, please send an email to support@besttechgiveaways.com.

What you’ve “won” is a chance. Your odds of winning that iPad are about the same as hitting the Powerball. Don’t hold your breath.

You might end up at another similar website whose small-print terms are like this:

As a user of Blue Ice Group, you agree to a deeply discounted LIMITED user fee of nine dollars and ninety-five cents ($9.95), the LIMITED user price. If you’re happy in approximately 7 days you will receive an email offer to purchase 30 days for our low one-time price of eighty-six dollars and sixty-one cents ($86.61), the 30 day FULL PLAN. We will continue to send you offer to purchase upon expiration of your user terms via text or email (data rates may apply) approximately every 28 days simply reply N to postpone, please allow up to 10 days to process your payment. You can continue to view our Premium Content including exclusive games, beta games, motivational content, exercise videos, diet, nutrition and other VIP Benefits unless you choose to cancel. You may cancel your purchase anytime by contacting our customer support center by email, or toll-free telephone (877) 327-2393. THE WEBSITE IS ALLOWED TO COLLECT AND STORE DATA AND INFORMATION FOR THE PURPOSE OF THE USUAL OPERATIONS AND FUNCTIONS OF THE WEBSITE.

So you’re authorizing a ten-dollar charge for the privilege of being sent offers, and will likely be charged $81.61 every month until you raise the alarm.

No money from Venmo, just a lot of scammy, spammy malvertising and potentially dangerous websites.

Don’t click that link.

The Old Wolf has spoken.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s