Tag Archives: Phishing

Another phishing Scam to watch out for

Posted on by The Old Wolf

scam-alerts2

Your Apple ID was just used to download Skate Simu 3$ from the App Store on a computer or device that had not previously been associated with that Apple ID.

To: (redacted)
Date: Oct 13 (2 days ago)

Dear W R Jonathan Graham, (clearly not my name)

Your Apple ID was just used to download Skate Simu 3$ from the App Store on a computer or device that had not previously been associated with that Apple ID.

This download was initiated from Morocco.

If you initiated this download, you can disregard this email. It was only sent to alert you in case you did not initiate the download yourself.

If you did not initiate this download, we recommend that you go to iforgot.apple.com to change your password, then see Apple ID: Security and your Apple ID for further assistance.

Regards,
Apple

TM and Copyright ı 2014 Apple Inc. 31-33, rue Sainte Zithe, L-2763 Luxembourg.
All rights reserved / Keep Informed / Privacy Policy / My Apple ID

The problem here is that in the email message, that “iforgot.apple.com” was a front for a redirect to another website, “dejewelady.com” (which has now been taken down), which redirected to a phishing page designed to gather personal information, passwords, and credit card data.

There are people working behind the scenes to protect the innocent – later in the day, this warning showed up at the top of the email:

Be careful with this message. Similar messages were used to steal people’s personal information. Unless you trust the sender, don’t click links or reply with personal information.

The links in the email had been disabled, and as indicated, the phishing website had been taken down. But it pays to be careful. It is rarely adviseable to click links in emails directly, but rather enter them yourself in the URL window.

Be careful out there.

The Old Wolf has spoken.

How to attract more spam

Posted on by The Old Wolf

nospamcan

Got this in my mailbox today, from the spammer or spamming group which has been very active in the last couple of months:

From: Ford Fall Clearance <fordmakesthebest@host1.everyonehugecarclearance.net>
Subject: Re: Ford Dealers are Slashing-Prices. All Models Must Go..
To: <redacted>

FORD SEPTEMBER AUTO CLEARANCE
——————————————————————
<redacted>

Don’t miss out on the “Ford End-of-Summer Saving Event”
Limited-time special pricing on select Ford models
Compare offers to find the lowest price here:
http://xxx.everyonehugecarclearance.net
(Use the link above to view this message in your browser)
————————————–
message id 4335021

Click that link (which I have obfuscated so it goes nowhere) and you will be taken to the website of iMotors.com:

spam1

The spam email was from “Ford,” so this particular page focuses on Ford vehicles, but you can select any make and model, and I’m sure the “affiliate marketer” has pages for every brand which they blast out on a daily basis.

So, let’s put in some bogus information here – notice that the phone number and the email are both for the Federal Trade Commission. Enver Hoxha was the communist dictator of Albania for decades.

Spam2

That should generate some interesting emails and phone calls at FTC headquarters. Notice that by submitting your information, you agree to be called, robo-called, emailed, texted, etc. by anyone and everyone in the universe.

So what did I get for submitting my information?

Spam3

That’s right: Nothing. Even if I select my make and model on this page, and click “Search,” I still get the same result. Nothing.

But wait, there’s more.

Spam4

Now you get to give them a mailing address, so that your junk mail will increase by a factor of 100.

But don’t stop now! There are more deals ahead!

Spam5

Look at all this information they want you to hand them, including your birth date and social security number.

NEVER GIVE OUT THIS INFORMATION TO RANDOM WEBSITES!

That’s not just advice, that’s a command. Just don’t ever do it. You’re inviting identity thieves like a porch lamp invites moths.

I run an online business (several, actually) and part of our privacy policy reads like this:

We don’t know how it would be possible for anyone to hate spam more than we do.  In the same breath, we are aware of the challenges and inconveniences associated with identity theft.  As a result:

  • Your information will never be sold, traded, given away or otherwise divulged to anyone, and we do not purchase names from other companies.
  • We do not keep any financial data (i.e. credit card numbers) on file.
  • We do not buy information or names from others.
  •  We do not advertise by spamming. Ever.

Unfortunately many businesses do not subscribe to such policies, and you can be guaranteed that anything you respond to in your email that was unsolicited or from a company you have never done business with will result in an even greater flood of spam, or possibly criminal misuse of your information.

Be careful out there.

The Old Wolf has spoken.

My First German Scam Email

Posted on by The Old Wolf

The phishermen are casting a wide net.

Here’s my first phishing email in German, with headers:

Return-Path: majorapp@bronco.websitewelcome.com
Received: from imta34.emeryville.ca.mail.comcast.net (LHLO
imta34.emeryville.ca.mail.comcast.net) (76.96.28.168) by
resmail-po-420v.sys.comcast.net with LMTP; Tue, 15 Jul 2014 13:17:57 +0000
(UTC)
Received: from bronco.websitewelcome.com ([192.185.82.92])
by imta34.emeryville.ca.mail.comcast.net with comcast
id SdHw1o0041zWx2w0adHwbd; Tue, 15 Jul 2014 13:17:56 +0000
X-CAA-SPAM: 00000
X-Authority-Analysis: v=2.1 cv=P/wD2Ewu c=1 sm=1 tr=0
a=KztXjUqHRyz9kbsNwKbgzg==:117 a=8FReB3YSAAAA:8 a=C_IRinGWAAAA:8
a=GGcpBh7Jt_oA:10 a=trIDVAjzH2wA:10 a=rKpt8qlD2zIA:10 a=aYsrNlUn7DwA:10
a=IkcTkHD0fZMA:10 a=cc8bsT4k8mMA:10 a=srLljQ7VAAAA:8 a=QpSK2HJ8AAAA:8
a=QAZS5B4ip-KZLdxwkisA:9 a=8PHepCJaBy8WvsX-:21 a=QEXdDO2ut3YA:10
a=_W_S_7VecoQA:10 a=6xz8xM_uv-EA:10
Received: from majorapp by bronco.websitewelcome.com with local (Exim 4.82)
(envelope-from <majorapp@bronco.websitewelcome.com>)
id 1X72cF-0004OT-QT
for [redacted]; Tue, 15 Jul 2014 08:17:55 -0500
To: [redacted]
Subject: Amazon.de Kundenservice
X-PHP-Script: majorappliancesinfo.com/ for 93.93.69.158
From: accountcheck@amazon.de <accountcheck@amazon.de>
Content-type: text/html; charset=utf-8
Reply-To: accountcheck@amazon.de
Message-Id: <E1X72cF-0004OT-QT@bronco.websitewelcome.com>
Date: Tue, 15 Jul 2014 08:17:55 -0500
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname – bronco.websitewelcome.com
X-AntiAbuse: Original Domain – comcast.net
X-AntiAbuse: Originator/Caller UID/GID – [3638 32003] / [47 12]
X-AntiAbuse: Sender Address Domain – bronco.websitewelcome.com
X-BWhitelist: no
X-Source-IP:
X-Exim-ID: 1X72cF-0004OT-QT
X-Source: /opt/php54/bin/php-cgi
X-Source-Args: /opt/php54/bin/php-cgi /home/majorapp/public_html/wp-content/themes/twentyten/images/headers/sistems.php
X-Source-Dir: majorappliancesinfo.com:/public_html/wp-content/themes/twentyten/images/headers
X-Source-Sender:
X-Source-Auth: majorapp
X-Email-Count: 9
X-Source-Cap: bWFqb3JhcHA7emV2eW9zMjticm9uY28ud2Vic2l0ZXdlbGNvbWUuY29t

Wir brauchen Ihre Hilfeaufgrund der steigenden Zahlungsausfalle mittels Lastschrift- und Rechnungszahlung,
ist es in Zukunft leider nicht mehr moglich, eine Zahlung bei Amazon.de mit diesen Zahlungsarten ohne hinterlegte Kreditkarte zu tatigen. Daher ist es notwendig, dass alle Kunden eine Kreditkarte als Zahlungsmittel hinterlegen.

Sollten Sie bereits eine Kreditkarte hinterlegt haben, bitten wir Sie, die bereits hinterlegte Kreditkarte zu verifizieren. Sollten Sie noch keine Kreditkarte besitzen, legen wir Ihnen gerne die Amazon VISA-Kreditkarte ans Herz. Nutzen Sie zur Verifizierung bitte den folgenden Link: Zum Sicherheitsverfahren – http://amazon.acountingdatacheck.com (Notice that this is not a valid Amazon.de URL)

Bitte beachten Sie, dass Sie Ihr Amazon.de-Kundenkonto ohne hinterlegte Kreditkarte in Zukunft nicht mehr nutzen konnen.

Mit freundlichen Grußen,
Ihr Amazon.de Kundenservice

In short, they’re saying that I can no longer use my current credit card and need to add a couple more. The bogus link takes you to a bogus Amazon page
bogus
where you get to divulge all of your credit card and banking data.
Please be careful out there. So many evil and unprincipled drones want your money, and will stop at nothing to get it.
The Old Wolf has spoken.

Phishing Spam

Posted on by The Old Wolf

Phishing

Of course, the pox-ridden drones don’t even read their own email, but sadly there are just enough people out there who will fall for their phishing scam and log in to the fraudulent page, happily providing not only their PayPal info but also credit card numbers and pins, their vital information including date of birth and social security number, and then – once they have become the victim of identity theft, will spend years trying to clean up their records.

Oh, and my name’s not “Sean.”

Please be careful out there.

The Old Wolf has spoken.

It’s only a Done Deal if you give these scammers your credit card number

Posted on by The Old Wolf

donedealscam

Notice the legitimate address for DoneDeal up there? It’s http://www.donedeal.ie, the home page of a legitimate Irish commercial site.

No surprises, then, that when the email leads you to http://recza.com.mx/donedealone/[obfuscated], red flags wave, sirens blare, and bells ring. Why would DoneDeal be using a web host in Mexico?

Of course, they wouldn’t. This is a phishing scam, pure and simple. I’ve received two in the last couple of days, the second pointing to a different website after the first one was shut down. You fill out an innocent-looking survey (and if you believe that they will pay you €150.00 for that 30-second effort, I have a bridge I’d like to sell you) and then you’re taken to a page where you enter your credit card details and other critical personal information:

Survey2

Most of my readers here know how to recognize a phishing scam from miles away, but most of us have loved ones and friends who may not be computer literate. Protect them; educate them; teach them NEVER to give out their financial data online unless they know what they’re doing.

DoneDeal knows about these bottom-feeders; whether they can do anything about them is debatable, but forewarned is forearmed.

The Old Wolf has spoken.

Going on a phishing trip

Posted on by The Old Wolf

Scam Warning: Free Shipping Problem

Scam Email

This email appeared in my inbox overnight. It’s a scam, of course, but sadly many people will be taken in by it.

Why is this a scam?

  • First of all, I haven’t ordered anything from Walmart, ever.
  • Next, the mail was sent from “8020salestraining.com,” not “walmart.com.”
  • Third, notice the secondary text “Wallmart,” an obvious mis-spelling.
  • Fourth, notice the lousy English: “you must fill this form,” “you will be paid your money back.”
  • Lastly, if you happen to click the “this form” link, you are downloading a zip file called “WalmartForm_Richfield_84701.zip” – and if you unpack that, you get “WalmartForm_Richfield_84701.exe

That last one is the biggest red flag of all: the first rule of safe computing is NEVER RUN ATTACHED EXE FILES. That’s a program, and it will either gather financial details and forward it to scammers, or install malware/adware/viruses/trojans on your system, or something else, or all of the above. Many people don’t enable the display of file extensions, so they would never know they’re opening a malicious program.

There are more scams out there than you can shake a stick at. Practice safe computing – never download or open attachments unless you are sure you know from whom they are coming. Be careful with your financial details. Never send banking or credit card information via email. Avoid sending money to anyone unknown via Western Union or Money Card. And never pay money to collect a prize, especially from a contest you have not entered.

Be careful out there.

The Old Wolf has spoken.

Beware of Phishing – it’s still rampant

Posted on by The Old Wolf

Be very careful about clicking links in emails, even if they seem to come from a legitimate source.

Notice the email below, which I received this morning – red flags are marked in color, with explanatory notes:

From: “Customer Central” <ycghjpn@comcast.com> [1]

Subject: Services Cancellation Notice ID:NNQMEYR on November 29, 2012

Dear Comcast Member,

The credit card we have on file for your Comcast Internet service was declined when we attempted to bill you on 11/29/2012 for your most recent service fees. For this reason, your service could be suspended.
Please visit our Account Information page:

bork://account.comcast.net.1r9.is-into-cars.com/bin/index.php?forceAuthn=1&continue=%2fSecure%2fHome.aspx&s=ccentral-cima&r=comcast.net [2]

Update your credit card information as soon as possible. Once your credit card information is updated, you will be charged immediately, as soon as payment is received. [3]

*************************

E-mail ID: 87326473233
Online Session PID: 8374334

*************************

Sincerely,

Comcast Customer Care

This email arrived the day before my actual credit card was set to expire. While the message looks convincing to the untrained eye, it’s phonier than a 7-dollar bill.

Things you can do to protect yourself:

  1. If you get an email like this, either call your supplier’s customer service number or go directly to their website.
  2. Never click embedded links in an email, it’s just not “safe computing.”
  3. Never open attachments in an email unless you know exactly what they are, even if they appear to come from your dearest friend.

There are countless scumbags out there, and they want your money and your information. Be safe, be careful, and watch out for your loved ones.

The Old Wolf has spoken.

Footnotes

[1] Email from a legitimate source will never have alphabet soup as part of the email address.
[2] Look at that URL up there: account.comcast.net.1r9.is-into-cars.com. A web address for a legitimate concern will not have jumbles of letters or numbers, or extraneous words in it. This website had been taken down by the evening, but I’m guessing the douchebags got a few uneducated people to enter their information with the millions of emails they sent out. The URL led to a very realistic-looking website with a login request. As is my wont, I went there and entered scathing obscenities for my username and password.
[3] This is lousy English. “you will be charged immediately, as soon as payment is received” makes no sense. If your payment is received, there is no need to charge you.