December 26, 2013

Email scams circulating during Christmas season 2013

December 26, 2013

It has been a month since my last blog article. During that time I have been pursuing other interests that demand much of my time. We all need to do what we must to earn a living and pay our bills. That said, here is a roundup of the security threats ans scams coming to you via your email inboxes during the Christmas shopping season of 2013, in order of the danger posed to recipients.

The most dangerous email threats are those with links leading to malware attacks, or Trojan downloads, or with file attachments containing malicious payloads. Examples of such threats that I have captured this month are as follows.

  1. Costco Wholesale scam, claiming a failed delivery, spoofing "Costco Shipping Manager" as the sender, but with a totally non-Costco email domain. The message body states that the delivery of a Costco order (e.g.: COS-0034851919) was canceled due to an incorrect address.The scammer asks you to complete a form and send it back to them. The link provided goes to a compromised website where a zip file conceals an executable file that is a malicious Trojan installer.
  2. BBB Fraud. This recurring fraud spoofs the Better Business Bureau, showing the sender as: Better Business Bureau with account names like: [email protected]. The subject is akin to: FW: Complaint Case 158402349343. As in most of these scams, the body text starts off with: "The Better Business Bureau has received the above-referenced complaint from one of your customers regarding their dealings with you." The ones I saw this month contained hostile zip file attachments (e.g.: Case 463252349343.zip) containing Trojan installers.
  3. Dun & BradStreet Fraud. This scam is directly related to the BBB fraud mentioned above and is sent by the same spam gang. The sender is spoofed as: "Dun & BradStreet ([email protected])." The subject is something like: "FW : DNB Complaint - 0582564." Using similar language as the BBB scams, the body text contains this come-on: "Dun & Bradstreet has received the above-referenced complaint from one of your customers regarding their dealings with you." They also contain hostile file attachments, with names like: "Case_0582564.zip."
  4. My CV Scam. This scam attempts to fool employers or hiring agencies into opening a hostile file attachment, which the sender claims contains their resume in "CV" format. I doubt that anybody in the USA would be stupid enough to fall for the horrible language used in these scams, with text like this: "Hello, I sent you my detailed CV. I hope you will like me I am the winner of different beauty contests. My photos are added as images in the document, I need this job very much. Waiting for your soonest reply, Kisses, Chloe Mason"

The next most serious threat via email is the infamous Nigerian Penal Code 419 (Advanced Fee Fraud) scam. The bait in the latest 419 scam had the subject: "Re: FROM FEDERAL BUREAU OF INVESTIGATION (FBI)." The body text contained this scam come-on:


I am Special Agent Jason Gale from the Federal Bureau of Investigation (FBI) Intelligence Field Unit, we Intercepted two consignment boxes at JFK Airport, New York, the boxes were scanned but found out that it contained large sum of money ($4.1 million) and also some backup documents which bears your name as the Beneficiary/Receiver of the money, Investigation carried out on the diplomat that accompanied the boxes into the United States, said that he was to deliver the fund to your residence as overdue payment owed to you by the Federal Government of Nigeria through the security company in the United Kingdom.

This is followed by a paragraph of legal mumbo jumbo and USC codes about money laundering, That is followed by this threat: "You are required to reply back within 72hours or you will be prosecuted in a court of law for money laundering," Anybody who is scared into replying will be dealing with highly trained con artists from Nigeria. If you believe them, you may well be scammed out of your life savings.

The next category is starting to disappear after being the primary form of spam for a long time last summer. This is the good old pump and dump penny stock scam. The last one I received had this subject: "Huge News Out After Closing Bell!" The scam message starts off with: "Settlement Attained! R-G-T_X To Acquire Original Joint Venture." They go on to list the symbol: R-G-T_X (Not how it is supposed to be typed! There should be nothing between the letters!), with its current price of about 1.4 cents a share. The scam is to fool as many people as possible into purchasing this penny stock in huge volumes, driving up the hype and the price per share. When the price peaks, the scammers sell off all of their shares, turning a profit at the expense of all the later investors. This is a scam that was already exposed in Dynamoo's Blog, in November 2013. Anybody doing their due diligence would learn in a minute or two that the claim about he acquisition of "Joint Venture" is wrong. The company did not acquire another one called Joint Venture; they entered into a joint venture with another company! Evidently, the scammers live in Europe and did not fully understand the press release of October 2013.

Returning the the list is spam for counterfeit Chinese watches. "A fool and his money soon will part" describes what happens to some of the people buying knock-offs from China. Don't do it. You're not going to impress anybody with a fake brand name watch, especially when it loses time and stops working.

Finally, the most prevalent category of spam was for fake/counterfeit Viagra, all being sold on Russian domain websites. The threat in these emails is financial loss for undelivered or seized goods (they are illegal to import into the USA from abroad), dangerous chemical compositions and concentrations in those actually delivered and giving your credit or debit card and mailing address to criminals in the former Soviet Union. In almost all cases, the sender contains a misspelled version of Viagra (and sometimes Cialis), such as this: "CiialisViiagra" - with a subject like: "Today 70% OFF for ALL customers!" The links end in .ru, which is Russia.

I publish spam filters to detect and delete all these scams, that can plug into the anti-spam program MailWasher Pro. MailWasher users can download my filters for free, although the occasional donations are greatly appreciated. Those not using MailWasher Pro will have to make do with the spam or junk email filters provided by their email client, or web mail provider.

Despite the availability of spam filters and detection algorithms, the best defense is to know a scam when you spot it. Think before you click. Don't allow yourself to be panicked into opening a dangerous file attachment, or clicking on a link that probably leads to an exploit kit or outright Trojan download. Use common sense to figure out why the person or company shown as the sender is contacting you, of all people. You are not the beneficiary of a dead Nigerian millionaire. If the BBB, or Dunn and Bradstreet has a complaint against your company, it will arrive by physical mail via your post office, not by email, sent to: To whom it may concern.

I hope you all had a safe holiday season. Merry Christmas ya'll

Posted by Wiz at 1:45 AM |

Facebook Twitter LinkedIn Pinterest Instapaper Google+ Addthis

back to top ^

Blog Links

Sponsored Message

I recommend Malwarebytes to protect your computers and Android devices from malicious code attacks. Malwarebytes detects and blocks spyware, viruses and ransomware, as well as rootkits. It removes malware from an already infected device. Get an 18 month subscription to Malwarebytes here.

If you're a fan of Robert Jordan's novels, you can buy boxed sets of The Wheel Of Time, here.

As an Amazon and Google Associate, I earn commissions from qualifying purchases.

CIDR to IPv4 Address Range Utility Tool | IPAddressGuide
CIDR to IPv4 Conversion



Search


About the author
Wiz FeinbergWiz's Blog is written by Bob "Wiz" Feinberg, an experienced freelance computer consultant, troubleshooter and webmaster. Wiz's specialty is in computer and website security. Wizcrafts Computer Services was established in 1996.

I produce this blog and website at my own expense. If you find this information valuable please consider making a donation via PayPal.

Follow @Wizcrafts on Twitter, where I post short updates on security issues, spam trends and things that just eat at my craw.

Follow Wizcrafts on Twitter

Malwarebytes' Anti-Malware is the most frequently recommended malware removal tool in malware removal forums, like Bleeping Computers. It is extremely effective for removing fake/rogue security alerts, Bots, Spyware and the most prevalent and current malware threats in the wild. Learn about Malwarebytes Anti-Malware.

MailWasher Pro is an effective spam filter that protects your desktop email client. Using a combination of blacklists and built-in and user configurable filters, MailWasher Pro recognizes and deletes spam before you download it. MailWasher Pro reveals the actual URL of any links in a message, which protects you from most Phishing scams. Try it free for 30 days.

Categories

Tag Cloud

Recent Posts

Popular Posts

Archives

Subscribe to this blog's feed
Creative Commons License This weblog is licensed under a Creative Commons License.
The content on this blog may be reprinted provided you do not modify the content and that you give credit to Wizcrafts and provide a link back to the blog home page, or individual blog articles you wish to reprint. Commercial use, or derivative work requires written permission from the author.
Powered by Movable Type

back to top ^