May 29, 2013

Get web hosting with Hostgator, at 20% off, via my links

May 30, 2013

I am an affiliate for Hostgator, which is a premier web hosting company in the USA. I was just informed that they are putting all of their (new) hosting packages on sale, at 20% off (51% off sale has ended). This discount applies to your first invoice, which can cover up to 3 years.

Hostgator offers a wide variety of hosting packages, ranging from shared accounts, to reseller, to VPS, to dedicated servers. With this current promotion, a 3 year contract for shared hosting would cost as little as $3.96 a month (prepaid), for the Hatchling Plan, or $6.96/month for the Baby Plan, or $10.36/month for the Business Plan - which includes a private SSL certificate and IP address (a must for serious e-commerce stores). VPS (Virtual Private Server) accounts start at only $19.95/month and dedicated servers can be leased for as low as $174/month.

Read the details and compare all hosting plans here.

These minimum prices are all based on a 3 year initial period. The rates are slightly higher for shorter terms. After the initial contract is up, you would have to renew at the going rate for your plan (the same with almost all web hosts.). If your hosting is coming up for renewal and the price is more than you are prepared to pay, this 20% off deal may be exactly what you were looking for.

Facebook Twitter LinkedIn Pinterest Instapaper Google+ Addthis

back to top ^

May 26, 2013

Spam and email threat roundup for May 19 - 26, 2013

May 26, 2013

This past week has seen the return of Russian fake pharmacy spam, including the long-dead "Canadian Pharmacy" name. There was a short lull in this type of spam while other categories of junk email were being deployed; mostly pump and dump stock scams.

Russian pharmacy spam (and all other types) is sent from zombie computers that have become infected and involuntarily made part of spam "botnets." The bot-masters who own these botnets rent them out to spammers who are affiliates for various underworld networks that promote all manner of counterfeit goods (watches, handbags, shoes), illicit prescription drugs, Chinese weight-loss herbs, Russian, Ukrainian and Asian "dating" networks, money mule recruitment (e.g. work at home scams), Nigerian 419 scams, pump and dump stock scams, and malware in attachments or in the destination websites of hostile hyperlinks.

The Russian pharmacies are all template websites run by affiliate spammers, hosted on Russian domains, which end in the extension .ru. There are also some Ukrainian hosted fake pharmacies and dating scam websites hosted on domains ending in .com.ua. If you are able to read the actual destination of a link before you click on it, by hovering, or in plain text, if it ends in .ru, it is hosted on a Russian server, or on an account registered to a Russian citizen. I hope that my readers will not want to subsidize Russian cybercriminals who sell counterfeit drugs or other illicit goods on Russian websites.

Also making a comeback this weekend is an emerging (returning, I believe) pump and dump stock scam revolving around a sub-penny stock with the symbol: BYSD. This stock appears to have been pump and dumped at least once before and is being pumped again, today. Beware of spam messages making outrageous claims about the Bayside Corp stock. It is going nowhere anytime soon, and the only news they have released is to announce a new CEO. Some group has bought up a huge block of their junk stock at .006, or so, and is trying to sucker unsavvy investors into buying thousands of shares at a penny, plus, driving up the price, until the scammers dump all their shares and leave the rest of the investors holding an empty bag.

Not to be left out entirely was the malware spam email messages. I intercepted several different varieties of malicious attachment or link scams. These included spoofed DHL, eFax, fake invoices, fake postal notifications and CashPro digital certificates. All of these led to, or contained the Blackhole and other exploit attack kits.

I almost forgot to mention that there have been a bunch of Nigerian 419 scams, but not as many as there used to be.

Last, but not least, I wrote about a Comcast phishing scam that came my way, which I forwarded as source code to Comcast Security Assurance.

All of the scams and spam I write about are detected and deleted by my email screening program, MailWasher Pro. The types of spam are categorized by spam filters that I personally write and publish in formats compatible with both the old and new versions of MailWasher Pro.

Facebook Twitter LinkedIn Pinterest Instapaper Google+ Addthis

back to top ^

May 21, 2013

PHISHING SCAM: "Upgrade your Comcast Account now!"

May 21, 2013

PHISHING ALERT FOR COMCAST CUSTOMERS

If you are a Comcast Internet service customer and use a Comcast email account, you too may receive a targeted email scam similar to the one I received tonight, with the subject: "Upgrade your Comcast Account now!" The important portion of the body text follows.

Service Update

Dear Comcast Customer,

You are required to update your Comcast Account by subscribing to our Security Center.
v
If you not perform the update now (sic), your account will be placed on hold.

In order to update your account click here.

There is a hyperlink around the words click here that go directly to a compromised web hosting account where one will find images and words stolen from a real Comcast login page. There is a login form that asks Comcast customers to type in their Comcast user name and password to confirm their identity. Anybody doing so will be handing over their Comcast Internet and Xfinity credentials to cybercriminals in Europe. This will allow them to login to your account and gain access to everything you have inputted, including personally identifiable information and billing details.

This appears to be a targeted attack against Comcast.net email account holders. I have many other domain accounts and none of them has received this scam message. I pray that this information gets in front of your eyes before the phishing email does and stops any of you from mistakenly thinking this is a legitimate message from Comcast.

Savvy email recipients will quickly notice two things that are very wrong with this email. They should cause your antennas to raise up, like they did for me.


  1. Mistake #1: The salutation is "Dear Comcast Customer" rather than addressing you by your person first and last name, as you gave when you signed up for Comcast services. It would be the same name that appears on your monthly bill.

  2. Mistake #2: If you not perform the update now,... A professional Internet, cable TV and phone service company does not release email messages with such grammatical mistakes. But, spammers and phishers in foreign, non-English speaking countries commonly make these spelling and grammar mistakes when scamming us.

HTML Tricks used

Unbeknownst to most recipients of this email scam, there are two huge sections of invisible text that has been inserted into the message body in an attempt to fool anti-spam filters. The text is a long excerpt from a document pertaining to a data transfer limit of 250 gigabytes that Comcast had imposed on certain residential customers a couple of years ago, but has since suspended. It is hidden from view by appending it to a horizontal rule tag, in such a manner that it is not displayed in the message. However, all HTML code, including purposely hidden text, is detectable to any tool that is able to read the source code in plain text.

Most email clients are capable of displaying the source code, by means of some option. In my case, I screen all incoming email with MailWasher Pro, before downloading anything to my desktop email client, Windows Live Mail. As soon as my bullshit detectors noticed the two aforementioned foobars, I switched from email preview to source code. After scrolling down past the hidden text in the horizontal rule element, I found the link that led not to Comcast, or Xfinity, but to a strange (Turkish) domain; kaancelikkapi.com. Inputting this domain and the sub-directory and file names I copied from the email revealed a Comcast credentials phishing page. I have reported it to the web host via SpamCop.

Facebook Twitter LinkedIn Pinterest Instapaper Google+ Addthis

back to top ^

May 15, 2013

Pump & dump scammers invent more fake news for GTRL

May 15, 2013

If you have been following my recent Pump and Dump expose, you are aware that the people running the email scam campaign pumping up GTRL have been lying, in order to draw in (sucker) more investors. Today, they ramped up their lies another notch and are falsely claiming that Get Real USA is being bought out. Not so!

If you search for any actual news from Get Real USA (GTRL), all you will find is this recent notice, posted by them on May 9, 2013:


The Company affirms that it has not participated in, condoned nor given permission to any company or individual to send unsolicited e-mail, text messages or any other communications involving the Company, its common shares or any of its products, that individuals may have received over the past week. Investors are cautioned not to rely on the statements made in these types of campaigns, when considering the Company as an investment. The Company does not endorse the use of these emails or promotions to create a market for its stock. Frank Weber President and CEO stated that neither the company management, company board of directors or anyone associated with Get Real USA has been authorized to issue any such communications and all recipients of such should disavow any and all of such communications.

If you watch the Intraday chart for GTRL you will see that the pump and dumpers are selling off huge volumes of shares every couple of hours, of each trading day. The black skull and crossbones scam warning is still present on the upper right side of the page!

If you are thinking about joining the feeding frenzy created by fake news and email hype, you should be prepared to lose your money. Never bet on somebody else's numbers game, especially when they are professional con men! If Get Real stock should ever rise to the levels claimed in the email scams, it won't be due to a pump and dump scam, but due to actual success by the company, which will be accompanied by official news reports, through legitimate investor channels. At this time the Company is actively warning potential investors to stay away from their (penny) stock and the scammers running it.

At the (soon-to-come) end of this spam campaign, GTRL stock will be lucky to be trading where it was before the scammers got a hold of it. If that happens, the company may be damaged.

Facebook Twitter LinkedIn Pinterest Instapaper Google+ Addthis

back to top ^

May 9, 2013

Pump & dump penny stock scam leads to an otcmarket skull & crossbones

May 9, 2013

I just had to write this brief follow-up to an article I began on Monday, May 6, 2013. I have been outing spammers running pump and dump scams on penny stocks, exposing the way they invent fake news reports and make stock value projections that don't jive with reality.

The scam being perpetrated this week involves a penny stock with the symbol GTRL. The company has already placed an unmissable notice on its landing page, indicating that they are in no way involved with this stock pump and dump spam campaign.

Nonetheless, the idiots behind this latest onslaught of botnet sent pump and dump scam emails are doing their damnedest to try to enlist up more suckers into purchasing GTRL penny stocks. Almost all of the spam messages in my junk folder, since last weekend, are classified as Pump And Dump Scams, by the anti-spam filters I write for MailWasher Pro users and myself.

Those who fall for the terrible English grammar and spelling mistakes in those spam messages would probably go to a place like otcmarkets.com to purchase large blocks of stock in the spammed company. Well, tonight I humored myself and visited the otcmarkets quotes page for GTRL (Get Real Media - a film company). On the right side of the closing price, which is down 18.52% from the measly opening price of a $.0135, to just .011, for all potential fools to see, is a black skull and crossbones symbol! Hovering over that skull symbol (on a desktop or laptop computer, not a smartphone) results in the following overlayed text display:

Buyer Beware! There is a public interest concern associated with the company, which may include a spam campaign, questionable stock promotion, known investigation of fraudulent activity committed by the company or insiders .....
Clicking on the skull and crossbones (as a smartphone/tablet user must do to read the details) takes you to a web page that details the reasons why that company's stock has earned a "Caveat Emptor" warning.

I just thought this information might save somebody their hard earned money, as the scammers behind this spam campaign dump all of the shares they bought earlier this year when the stock was selling for under 1 cent. The late barrage of spam messages midweek, trying to drum up more buyers, testifies to their sense of failure to turn the profit they had hoped for. It also reveals that more and more people are wisening up to how these scams work and are avoiding them completely. Hopefully, my articles are helping some of those wisened up people to avoid foolishly parting with their money in pump and dump scams.

Facebook Twitter LinkedIn Pinterest Instapaper Google+ Addthis

back to top ^

May 7, 2013

How pump and dump scammers lie to sucker investors

May 7, 2013

Yesterday, May 6, 2013, I published an article on this blog exposing the latest pump and dump scam making the rounds. The scam involves a true "Penny Stock" that is only worth 1 to 1.5 cents US. Despite there being no news from the company, GTRL, scammers have been pumping the hell out of it since the middle of last week.

While there has been no news from the company itself, other than a warning about the pump and dump scam using their symbol, there has been a flurry of fake news coming via the botnet used to send out this spam blast. This news and reports about the trading value increases in GTRL are all phony. I will expose this below.

In the spam messages I intercepted last night and this morning, the scammers claim, with poor spelling and grammar, that the stock is rising in value quickly and will soon reach a certain extraordinary high. Take a look at their (false) claims, after which I will show you what the actual trading charts reveal to be the facts.

Pertinent headers:
Subject: This Company Opens with GREAT BUY Opportunity!
Date: Tue, 7 May 2013 09:00:50 +0400

[BODY]

G_T_R L made me two times my investment today! G_T_R L climbed up 2 cents
and its hiting to 5 cents now! We signaled you it would climb to 12 cent
soon!

And this one...

Subject: This Stock featured on CBS News
Date: Tue, 7 May 2013 14:18:21 +0700

GT_RL brought me double my portfolio on Monday... GT_RL hit up two cent and
its soaring to 14 cent shortly. We alerted you it must rise to 13 cents
soon!

The reality

If you go to the Nasdaq stock quote page for GTRL, you can see how much it has been and is currently trading for, over any period from intraday, to 10 years. If you set the time period to 1 month, you'll see that until the middle of April this year, it was trading for about $.006; 6/10ths of one cent. Then, around April 20 something caused the value to increase sharply and suddenly. There was no news out of the company itself, so the only logical conclusion one can reach is that some people decided to buy large blocks of shares in this stagnant company. These are the speculators who later employed Eastern European spammers to run the current pump and dump scheme.

If you look at the Intraday chart for GTRL, you can plainly see that the stock opened at 1.50 cents, never reached more than 1.51 cents, then began to drop to its current value of 1.41 cents per share. This represents not a gain, but a loss of 5.37%. This stock never hit 5 cents, or even 2 cents. It has been and still is a "Penny Stock." Despite the claims in the spammed email blast, it is not going up to 13 or 14 cents, It may bounce between 1 and 1.5 cents or so, then tank, as do all pump and dump stocks.

Don't allow yourself to be tempted by anything that arrives via spammed email messages. If you wish to invest in the stock market, either use a broker, or study the ins and outs until you fully understand how it works. If you jump in blindly, due to the excitement created by scammers, you will lose big time. Remember, a fool and his money soon will part.

Facebook Twitter LinkedIn Pinterest Instapaper Google+ Addthis

back to top ^

May 6, 2013

GTRL disavows current penny stock email scams

May 6, 2013

Since the predicted demise of the SCXN penny stock pump and dump scam, one week ago, a new stock scam has been making the rounds in its place. The new pump and dump of the week has the symbol GTRL (Get Real USA).

GTRL is a true "Penny Stock" - with a trading value of just one cent, last week. Since the pump and dump scam began trading today, the price increased a few percentage points to about 1.5 cents. The (Eastern European) scammers who bought up thousands of shares at a penny, in advance, are hoping to pump up the value to 5 or 6 cents, then dump all of those shares.

According to the text in the email scams, this company is about to make a major announcement that will cause the value of its worthless stock to shoot up. This is total nonsense. The only news published on the actual Get Real Movies website is a disclaimer of them having anything to do with the current stock scam. The following is quoted from the Get Real landing page...


NOTICE! It has come to the management's attention that the GTRL trading symbol has been associated with certain spam emails. The company is working to discover the source of the emails at this time.

GET REAL USA AND ITS OFFICERS, DIRECTORS, CONSULTANTS OR ANY OF ITS AFFILIATES HAVE NOT AUTHORIZED ANY EMAILS TO BE SENT ON THE COMPANY'S BEHALF.

Please do your own due diligence and consult with your financial adviser prior to making any decision related to the purchase of Get REAL USA securities. GTRL is considered to be a "penny stock" . Visit the company's most recent public disclosure statements and relevant company information at: www.otcmarkets.com


If you were tempted into purchasing stock in GTRL, as a result of the ongoing email scam campaign, you are going to become a loser as more of the speculators bail out with their measly quarter of a penny profit per share. Hopefully, the scammers behind this don't profit as much as they had planned.

As for the email messages being spammed out to pump up the stock, they are poorly composed, as by people with a poor command of the English language. Each message makes a different outrageous claim about the expectations of the stock. All of the predictions about news releases from the company are false. This, like the SCXN pump of the past two weeks, is a scam.

Before you invest in any stock, penny or regular, do research about the actual company and read any recent news releases from them. Never believe anything you read in a spammed email message.

If you must take chances with stocks, keep this in mind: Chance favors the prepared mind.

Facebook Twitter LinkedIn Pinterest Instapaper Google+ Addthis

back to top ^

Blog Links

Sponsored Message

I recommend Malwarebytes to protect your computers and Android devices from malicious code attacks. Malwarebytes detects and blocks spyware, viruses and ransomware, as well as rootkits. It removes malware from an already infected device. Get an 18 month subscription to Malwarebytes here.

If you're a fan of Robert Jordan's novels, you can buy boxed sets of The Wheel Of Time, here.

As an Amazon and Google Associate, I earn commissions from qualifying purchases.


CIDR to IPv4 Address Range Utility Tool | IPAddressGuide
CIDR to IPv4 Conversion



About the author
Wiz FeinbergWiz's Blog is written by Bob "Wiz" Feinberg, an experienced freelance computer consultant, troubleshooter and webmaster. Wiz's specialty is in computer and website security. Wizcrafts Computer Services was established in 1996.

I produce this blog and website at my own expense. If you find this information valuable please consider making a donation via PayPal.

Follow @Wizcrafts on Twitter, where I post short updates on security issues, spam trends and things that just eat at my craw.

Follow Wizcrafts on Twitter


Malwarebytes' Anti-Malware is the most frequently recommended malware removal tool in malware removal forums, like Bleeping Computers. It is extremely effective for removing fake/rogue security alerts, Bots, Spyware and the most prevalent and current malware threats in the wild. Learn about Malwarebytes Anti-Malware.


MailWasher Pro is an effective spam filter that protects your desktop email client. Using a combination of blacklists and built-in and user configurable filters, MailWasher Pro recognizes and deletes spam before you download it. MailWasher Pro reveals the actual URL of any links in a message, which protects you from most Phishing scams. Try it free for 30 days.





Creative Commons License This weblog is licensed under a Creative Commons License.
The content on this blog may be reprinted provided you do not modify the content and that you give credit to Wizcrafts and provide a link back to the blog home page, or individual blog articles you wish to reprint. Commercial use, or derivative work requires written permission from the author.
Powered by Movable Type

back to top ^