Never “Verify Your Email.”

No email service will send you a message asking you to provide your address and password, or other financial data. They just won’t.

yahoo

This email is bogus. Note the red circle next to the “click to validate” link – that’s a warning from WOT (Web of Trust) that indicates the website is not to be trusted.

If you’re foolish enough to click the link, which goes to http://bookinghh.myfreesitehost.com/smluptt/wadohjom.htm (NOT a Yahoo website), you’ll get this:

Yahoo2

If you fill out this information, scammers now have access to your email account, and they will use it to steal information or send out criminal spam.

Never do this. Be careful out there.

The Old Wolf has spoken.

PayPal Scam: Your account has been limited.

I’ve mentioned phishing scams before, in a number of places. This email arrived yesterday,

phishing

Note the red flags on this one:

  1. A sender’s address that is not “Paypal.com”
  2. Poor formatting
  3. Incomplete text

The attachment they mention gives you this:

Phishing2

If you are foolish enough to provide this information, it will be sent not to PayPal but to http://162.213.154.42/~oilreol/service.php:

NetRange 162.213.152.0 – 162.213.155.255
CIDR 162.213.152.0/22
NetName FUC-US-2001
NetHandle NET-162-213-152-0-1
Parent NET162 (NET-162-0-0-0-0)
NetType Direct Allocation
OriginAS AS26272
Organization FortaTrust USA Corporation (FUC-9)
RegDate 2013-06-10
Updated 2013-12-17
Ref http://whois.arin.net/rest/net/NET-162-213-152-0-1
OrgName FortaTrust USA Corporation
OrgId FUC-9
Address 3701 NW 82 Ave.
City Doral
StateProv FL
PostalCode 33166
Country US
RegDate 2012-03-08
Updated 2014-07-02
Ref http://whois.arin.net/rest/org/FUC-9
OrgAbuseHandle IPADM602-ARIN
OrgAbuseName IP Admin
OrgAbusePhone +1-305-898-0033
OrgAbuseEmail ipadmin@fortatrust.com
OrgAbuseRef http://whois.arin.net/rest/poc/IPADM602-ARIN
OrgNOCHandle IPADM602-ARIN
OrgNOCName IP Admin
OrgNOCPhone +1-305-898-0033
OrgNOCEmail ipadmin@fortatrust.com
OrgNOCRef http://whois.arin.net/rest/poc/IPADM602-ARIN
OrgTechHandle IPADM602-ARIN
OrgTechName IP Admin
OrgTechPhone +1-305-898-0033
OrgTechEmail ipadmin@fortatrust.com
OrgTechRef http://whois.arin.net/rest/poc/IPADM602-ARIN

This information does not mean that FortaTrust itself is necessarily behind the phishing attempt, but someone could be using their servers in spurious ways.

Whatever the case, be careful out there. PayPal and other legitimate financial institutions will never ask you for sensitive financial data by email.

The Old Wolf has spoken.

Scam – RE: It’s OK…….Call (202) 241 6918

An email that arrived yesterday from “Victor Brown.” The interesting thing is that I called this Washington, DC number and got a recording with a decidedly African accent. The message I left is not suitable for public consumption.


From: Victor Brown <victorbrown08@yahoo.com>
Subject: RE: It’s OK…….Call (202) 241 6918

To: ldncntr@mail.com

I have sent you some emails concerning your unclaimed compensation funds but have not gotten favorable reply from you. Why? If you are no longer interested in your unclaimed approved funds, let me know and it would be reassigned to the next batch of claimants or reverted to the coffers immediately for domestic appropriation.

What have I done to you that you have decided to destroy all the good work I have done for you to bring your funds release process to completion? I have done everything humanly possible to complete your funds release process but you are becoming unconcerned, unyielding and uncooperative lately. Why have you decided to ruin this transaction after I have virtually completed the entire release process?

Why haven’t you complied as I directed so that we can get this done within 6 hours and you get your approved funds without hindrance? Why are you delaying? I have expended resources to bring this transaction to this conclusive end but your silence is discouraging. 753 out of the 755 persons in our last 3 Batches Payment Schedule have received their entitlements but I have been waiting to hear from you for days as you promised by no word till now.
Are you ok? All is set to get this transaction completed for you get your funds as soon as I hear from you.
Please get back to me and comply so that the transaction can be completed as scheduled.

Yours Faithfully,
Victor Brown
NW Washington, D.C. 20008
Telephone: (202) 241 6918
Email: vicbrown@consultant.com


It goes without saying that this is a Nigerian 419 email. What I found interesting is that the USA has forwarding numbers similar to the famous UK redirect prefix “44 70″.

Please be careful out there, and make sure your loved ones are protected from this kind of criminal activity. There is no money waiting in Africa for anyone.

The Old Wolf has spoken.

A grandson I never knew I had…

Cross-posted from Livejournal

Clams1

In October of 2009, while feasting on clams at Cap’n Cat’s Clam Bar and Tavern in Westville, NJ, *Urp! Excuse me!*, I got my first phone call ever from my grandson. He was in trouble, oh so much trouble. Car accident. Thank Mogg, he wasn’t hurt badly. And I knew what was coming next: would I be able to wire him $3,000 via Western Union to help him with expenses?

Well, I shut this drone down in a hurry – although I was surprised that he called back right after I had told him to shove his scam where the sun don’t shine. He probably wanted to return the favor, but I didn’t bother to answer.

How this scam works is beyond me. They call elderly people, and open the call with “Hello, Grandpa”? (or Grandma). They never identify themselves by name. If the person responds, “Is this (Tommy)”? they immediately say yes, and they have a name to work with. They’re invariably in trouble. Sometimes overseas. Accident, arrested, what have you. Just need a loan to help them get fixed, bailed out, pay doctor bills, etc. Just wire the funds via Western Union.

This guy didn’t sound Nigerian. He was definitely North American. How he got my cell number is beyond me, because I’m not listed anywhere. And at the time I only had two grandchildren, both girls, aged 3 and 6, although now I do have a beautiful grandson, but he’s still under a year old.

To all within the sound of my voice: If anyone wants money via Western Union or bank transfer, hang up.

If you think a relative may truly be in trouble, verify who you’re talking to with some questions that only the relative in question could answer. Better yet, get a number where you can call them back and then verify the matter with another relative. If a kid’s in jail, a night in the pokey never hurt anyone… it will give you time to check the facts first.

Edit: Here’s a complete rundown of how the scam works, from the Michigan Attorney General.

The Old Wolf has spoken

Gasp! My $2,500,000 is gone!

Subject: IF YOU FAIL TO SEND THE $40 THIS WEEK YOUR $2.500, 000.00 IS GONE
From: IMF OFFICIAL <imfpublicaffairs01@gmail.com>

To: undisclosed-recipients:;

INTERNATIONAL MONITORING FUND NATIONAL HOUSE OF ASSEMBLY COMPLEX
SENATE HOUSE – UPPER CHAMBERS WUSE DISTRICT, COTONOU/BENIN REPUBLIC
Our Ref: FGN /SNT/STB

IF YOU FAIL TO SEND THE $40 THIS WEEK YOUR $2.500, 000.00 IS GONE

I have to inform you again, that we are not playing over this, I know my reason for the continuous sending of this notification to you, the fact is that you can’t seem to trust any one again over this payment for what you have been in cantered in many months ago, but I want you to trust me, I cannot scam you for $40 it is for bank processing of your payment, the fees of $40 is clearly written to you before, I did not invent the bill to defraud you of $40 it is an official bank payment processing fee, and the good part of this, is that you will never, ever be disturbed again over any kind of payment, this is final, and the forms from there becomes effective once we submit your payment application processing fee and pay the form fee of $40 I don’t want you to loose this fund this time, because you may never get another such good opportunity, the federal government is keen and very determined to pay your overdue debts, this is not a fluke, I would not want you to loose this fund out of ignorance, I will send you all the documents as soon as bank payment processing fee is paid, you have to trust me, you will get your fund, find a way to get $40 you will not loose it,instead it will bring your financial breakthrough, find the money and send it to our bursary.

The reason why am sending you this IS because I want you to receive your USD2.5M immediately we are trying to round up for this payment program.The processing charges which was initially on the high price has been cut down by the payout bank considering the poor economic situations that make it difficult for the middle class citizens to meet up with the processing charges of their entitlement. Upon the confirmation of your processing charges you will get your $2.500, 000.00 into your account within 15hrs.

Here is the payment information through western union money transfer or money gram money transfer finally my advice to you is not to abandon this transaction because of the requirement of ($40) Account Officer Info:

Send the fee through Western Union or Money Gram only.

Receiver’s first Name: Joe Mba

City:::::::::::::: Cotonou
Country: ::::::::Benin Republic
Text Question: ::::::code
Answer::::::::code
Amount required: :::::::$40
Sender’s Name:::::
MTCN Number#:
Sender’s address:

As soon as the payment is received today, you will receive your $2.5M the same today without any delay.

Best Regards
Mrs. Waziri Lukman


Suffice it to say this is just another Benin scam; and as usual, the takeaway is that all such letters promising  you money from Africa are criminal enterprises designed to get your money. It’s interesting that these boys are scratching for the tiniest sums, but of course anyone who pays them will be asked for more, and more, and more until their funds are gone or until they catch on.

NEVER SEND MONEY BY WESTERN UNION OR MONEY CARD OR ANY OTHER SUCH SERVICE TO SOMEONE YOU DO NOT KNOW. IF YOU DO, YOUR MONEY WILL BE GONE FOREVER.

The Old Wolf has spoken.

Phishing: Watch those URLs

Today in my Yahoo! mail account:

Yahoo

If you click that “Sign In” link, you get taken to

http://www.oficinadentalpr.com/includes/drpbx/db/obfuscated.php

which is apparently a dental office in Brazil. (I tried contacting them to let them know that their website had been compromised, but their contact page seems to be malfunctioning.)

Edit: As of today, the entire “Oficina Dental” account has been suspended. Either they got infected and their ISP suspended them on general principles, or the whole page was a sleazy front for this scam operation. We’ll never know.

At any rate, this is what you get:

Yahoo2

Which leads you to the regular “Enter your critical personal information and credit card and bank data” page.

The ongoing lesson: Don’t click embedded links in emails. Just don’t.

The Old Wolf has spoken.

Malware download from “eBay GMBH” (German Ebay)

Clearly not from the German version of eBay, but posting this here just in case anyone gets the same email and Googles for it.

Rechnung für [redacted] noch offen: Nummer 19879661
Sent By: Inkasso Ebay GmbH   On:Apr 04/22/15 12:59 AM
Forderung an [redacted].22 04.2015-Inkasso Ebay GmbH.zip (130 KB) | Download

Sehr geehrter Kunde [Redacted], Ihr Kreditinstitut hat die Kontoabbuchung zurück buchen lassen. Sie haben eine ungedeckte Forderung bei der Firma Ebay GmbH.

Aufgrund des bestehenden Zahlungsrückstands sind Sie verpflichtet außerdem, die durch unsere Beauftragung entstandenen Kosten von 43,90 Euro zu tragen. Wir erwarten die vollständige Zahlung bis zum 24.04.2015 auf unser Bankkonto. Namens unseren Mandanten fordern wir Sie auf, die offene Forderung sofort zu begleichen. Bei Fragen oder Unklarheiten erwarten wir eine Kontaktaufnahme innerhalb des gleichen Zeitraums.

Bitte beachten Sie, dass keine weitere Mahnung erfolgt. Nach Ablauf der Frist wird die Akte dem Gericht und der Schufa übergeben. Eine vollständige Kostenaufstellung, der Sie alle Buchungen entnehmen können, ist beigefügt.

Mit freundlichen Grüßen

Inkasso Voigt Marlon

Achtung: Dies ist ein Betrug. Keine angehängten Dateien öffnen!

Summary: I have an open invoice because of a declined charge with Ebay Germany. If I don’t pay immediately, a collection company will come after me and I’ll be reported to the General Credit Protection Agency. Notice that ZIP file up there in red, supposedly an invoice. Unzip it, and there’s another zip file. Unzip that, and there’s a file called

[redacted] Forderung 22.04.2015 – Inkasso Ebay GmbH.com (meaning, supposedly, a demand for collection.)

That’s a .COM file, or rather a simple executable file… in other words, a program. These are BAD NEWS for anyone who is foolish enough to open them. They’re just as bad as .EXE files. NEVER OPEN AN EXE OR COM FILE UNLESS YOU KNOW EXACTLY WHAT IT IS AND WHOM IT’S FROM.

Interestingly enough, I ran a virus check on this file and it came up with nothing. However, submitting it to VirusTotal.com came up with this:

viruses

In other words, it’s a nasty. The anti-virus programs indicated came up with multiple offenders for this file – one example that I followed for illustrative purposes was Packed.Win32.Katusha.o, which is a Trojan that can connect to a remote IRC server once it has infiltrated a PC. Packed.Win32.Katusha.o will download harmful files from the server that will damage the infected machine even further.

If you run this insidious program, you have just opened wide a door to the criminal element, and your computer will be infected with keyloggers, other trojans, made part of a botnet of spamming computers, infected with the dreaded CryptoLocker, or who knows what else. It will, at the very least, cause you inconvenience, and at the very worst destroy all your files, give criminals access to your personal data and/or your email accounts, and cost you lots of money. These people are horrible individuals. They want only one thing – to make money at your expense, and they don’t care how they do it.

Don’t ever fall victim to them.

The Old Wolf has spoken.