sircles.net Computer Support The sircles.net IT support & solutions blog | All posts by admin

Twitter Feed Popout byInfofru

The sircles.net IT support & solutions blog SEO, Copy Writing, Networking and Internet Safety & Security

More Phone Number Spam - Tel: +1-855-370-5507

15. September 2017 23:35 by sirclesadmin in SPAM
Spam - don't dial this number!   If you receive this email: Name : Nisha Email : nisha@matridte

More Phone Number Spam

 

If you receive this email:

Name : Nisha

Email : nisha@matridtech.net
Tel: +1-855-370-5507
Message : May I Have the privilege of Connecting with you?


As you can see from the above they are trying to get you to call a number with the international code in front. This number is a special number that is allegedly toll free according to quota.com:

"Area code 855 is a non-geographic area code, meaning that it is not associated with any particular city, state, province, or country. Area code 855 is a toll free number, that recently joined the list of 800, 888, 877, 866, and 844 toll-free numbers."

 This appears to be just another web design company from India trying to drum-up business. This number is displayed on their website (although it wasn't last week) so presumably they have just engaged someone in America to place and answer calls on their behalf to increase their business in the States.

Metro Bank Spam Email - Your online accounts review notification

8. September 2017 15:59 by sirclesadmin in Internet Security, SPAM
Metro Bank Spam Email - Your online accounts review notification Watch out for this circling this we

Metro Bank Spam Email - Your online accounts review notification

Watch out for this circling this week: 

 

Barclays Online Banking - December Newsletter

From:                                         Metro Bank  <pirrung.derek@uwlax.edu>

Sent:                                           08 September 2017 15:56

To:                                               Recipients

Subject:                                     Your online accounts review notification

 

 

 

 

Metro Online

 

 

Dear valued customer,

Upon intensive reviews on your profile we notice that you need to resolve important security issues on your Metro Online banking account to prevent temporal deactivation .

It is therefore recommended that you complete this process your security is important to us

Please follow step 1 of 2 & 3 carefully to review your Metro Online accounts.


Log in to Metro Online

 

 

  

 

 



Iain Kirkpatrick
Commercial Banking



<![if !supportLineBreakNewLine]>
<![endif]>

Metro Bank PLC. Registered in England. Metro Bank PLC is authorised and regulated by the Financial Services Authority (FSA). Registered No 1026167.

 

 

Data Protection
Under the Data Protection Act you have a right of access to certain personal records. Should you wish to exercise this right please write to the Data Protection Team, Metro Bank PLC, Knutsford, Cheshire WA16 9EU, quoting ref. APP99. A fee will be charged for this service.

Personal Banking website
Internet communications are not guaranteed to be secure or virus-free. The Metro Bank PLC does not accept responsibility for any loss arising from unauthorised access to, or interference with, any Internet communications by any third-party, or from the transmission of any viruses. Replies to this email may be monitored by the Metro Bank PLC for operational or business reasons.

Confidentiality
This email and any attachments are confidential and intended solely for the addressee, and may also be privileged or exempt from disclosure under applicable law. If you are not the addressee, or have received this email in error, please notify the sender immediately, delete it from your system and do not copy, disclose or otherwise act upon any part of this email or its attachments. Any opinion or other information in this email or its attachment, that does not relate to the business of the Metro Bank PLC, is personal to the sender and is not given or endorsed by the Metro Bank PLC.
<![if !supportLineBreakNewLine]>
<![endif]>

 

The shortcut entitled 'Log in to Metro Online' actually points at http://personal.metrobankonline.co.uk.metrobankretail.servletcontroller.myaccounts.internetbanking.estatement.boneinfoods.com/archive/login.php?&gsTI9r8r905sfeUCUkLTOvNtp8acZ6YfzRYIj6at6fVmuQZobKh0f5tFdDRcKQsjHr21xcuEsq0WgZks

Which seems to be a domain that gets compromised often. 

The site is a great mimic of the real site but do not enter any details obviously as it is an impostor:

 

 

49699367 - True Telecom Invoice for August 2017 Spam Email

5. September 2017 06:47 by sirclesadmin in Internet Security, SPAM
49699367 - True Telecom Invoice for August 2017 Spam Email &amp;nbsp;

49699367 - True Telecom Invoice for August 2017 Spam Email

This email has a randomly generated number at the beginning of the subject and is impersonating your telecom provider - a good bet as companies often have lots of different telephone and internet providers and this bill has a chance of getting through if you are not careful. It is always worth having a 'live supplier' file so that everyone knows who should be paid and who should not:

 

 

True-telecom.com are a genuine telephone company that have no connection to these emails and this email attempts associating their good name with this scam.

The email tries to get you to open a dangerous file in two ways - firstly by attaching the file with a .7z attachment which will require 7zip to open (this seems an odd tactic as most people won't have this software, and if they call the IT people to install it then they will most likely smell a rat) and by clicking the 'View your bill online' link which takes you to the same file, but as a download:

 

Telephone Bill

From:                                         billing@true-telecom.com

Sent:                                           04 September 2017 17:08

To:                                               Customer Services

Subject:                                     [SPAM] 49699367 - True Telecom Invoice for August 2017

Attachments:                          2017-08-49699367-Bill.7z

 

       

Dear Deborah Day

We have attached your latest True Telecom bill for August 2017.
View your bill online

To be able to read your invoice file you will require the Adobe Acrobat PDF viewer. You August already have this installed,
if not please visit the Adobe website and download their free viewer.

Payments made by direct debit will be collected 14 days from the date of the Bill.

If you wish to contact us, please do not hesitate to get in touch with one of our friendly customer services agents.

Telephone: 0800 840 40 60
Fax: 0844 779 2253
Email: customerservice@true-telecom.com

Please be advised that this is an unmonitored email address.

With Kind Regards,

The True Telecom Team

www.True-Telecom.com

 

 

True Telecom Ltd is registered in England and Wales No. 08225783.

Head Office address: Ground Floor,Lakeview West, Galleon Boulevard, Crossways Business Park, Dartford, Kent, DA2 6QE

 

This communication together with any attachments transmitted with it ("this E-Mail") is intended only for the use of the addressee and August contain information which is privileged and confidential. If the reader of this E-Mail is not the intended recipient or the employee or agent responsible for delivering it to the intended recipient you are hereby notified that any use, dissemination, forwarding, printing or copying of this E-Mail is strictly prohibited. Addressees should check this E-mail for viruses. The Company makes no representations as regards the absence of viruses in this E-Mail. If you have received this E-Mail in error please immediately delete, erase or otherwise destroy this E-Mail and any copies of it. Any opinions expressed in this E-Mail are those of the author and do not necessarily constitute the views of the Company. Nothing in this E-Mail shall bind the Company in any contract or obligation. The Company only guarantees service in accordance with the service charter. The company accepts no liability for failure of hardware after the termination point. For the purposes of this E-Mail "the Company" is the trading name of True Telecom Ltd. True Telecom Ltd (Registered in England & Wales No. 08225783)

       

 

The red-dead.fr link has been disabled in the above. As we can see from the image below, the link takes you to a download of the same attachment that has been sent with the email:

 

 

We have seen variants with the following links that contain the same dangerous download:

  • ventadepajaros.es
  • studiotoscanosrl.it
  • rogames.ro
  • pack-lines.com
  • activ-conduite.eu
  • weekendjevliegen.nl

 

Under no circumstances open the attachment or open any of these links. If you are a customer of True Telecom then please be extra careful and contact them directly before opening any emails.

Fake Adobe Flash Upgrade updatenewversion.powerfulupgrades.bid

4. September 2017 16:28 by sirclesadmin in
These types of misleading criminal websites really are the very pits of internet usage. They are try

These types of misleading criminal websites really are the very pits of internet usage. They are trying to install their horrible adware root-kits onto your browser in order that you are unwittingly clicking their ads all the time so that they can receive revenue that they did not really earn.

In this example they are firstly trying to fool you with their email:

 

 

 

From:                                         Shipping Status <mmCU571U@calina.parkmeadowsrentals.pro>

Sent:                                           18 April 2017 17:44

To:                                               sircles@outlook.com

Subject:                                     (1) Inbox Message

 

This message is from a trusted sender.

Open immediatly


Confirmed - Your Walmart $1,000 Gift Card.

 

 

Every shortcut goes to foodtrucking.com where they fire yet another advert or download con, in particular, this one is rather nasty:

 

 

If you click download or later you will download an installer that will ruin your browser forever with horrible bias search results of nonsense aiding and abetting these disingenuous people.

If you are asked to update your Flash plug-in Always check the domain in the address bar says adobe.com/with no other dots or words after the .com except when after a / slash.

Fake XERO invoice emails

4. September 2017 11:02 by sirclesadmin in
&amp;nbsp; Invoice INV-00076 from Property Lagoon Limited for Gleneagles Equestrian Centre

We have been seeing these arrive recently:

Invoice INV-00076 from Property Lagoon Limited for Gleneagles Equestrian Centre

 

 

 
 
 
 
 
 
 
 

 


 

 

 

 

 

 

Purchase Order No_18081994 - Fake Invoice PDFs with Spam URL Links

Purchase Order No_18081994 - Fake Invoice PDFs with Spam URL Links &amp;nbsp;

Purchase Order No_18081994 - Fake Invoice PDFs with Spam URL Links

We have seen some fake purchase order emails today that have been modified in order to circumvent our latest advice on receiving bills by email. PDFs are the usual, preferred method but they can also be used to send links to potentially hazardous material and so, to clear up any confusion:

Do not open links from questionable senders in any format!

 

 

 

From:                                         De la Rosa, Samuel <samuel.delarosa@swissport.com>

Sent:                                           30 August 2017 00:57

Subject:                                     Purchase Order No_18081994

Attachments:                          Purchase Order No_18081994.pdf

 



Dear Sir/Madam,

We are pleased to place an order with you which you will find attached.Please confirm the receipt of this order by email and let us have your order acknowledgement.
Do not hesitate to contact us if there are any questions regarding this order.

Best regards,

De La Rosa,Samuel
Customer & Technical Service

 

The email contains a PDF:

 

 

Now the PDF includes a link to an external page:

 

 

There is no reason to send a PDF which contains this link - this is just to avoid detection of the link in the email. If you click on the link on a Windows PC using IE you receive a warning:

 

 


Firstly, remove the tick from this box - never trust any link from anything!!!

A PDF link can be as dangerous as any other link!!!

 

Now do we recognise this domain? http://roarr.org It is an .ORG domain in this case, but unless you recognise the domain, click BLOCK and send the email to JUNK

If you decide to open this particular link, you will receive:

 

 

This has been reported to Microsoft as a dangerous domain - DO NOT OPEN!!!

 

If we continue, against all advice, we can see that it is an impersonation of DocuSign:

 

 

Always check the domain in the address bar at the top against what you are seeing - this is obviously a spam site trying to get your email address and password CLOSE THIS PAGE AND DELETE THE EMAIL!!

 

iPhone IOS, iPad or Mac OSX to DrayTek Vigor 2860 or 3900 via VPN Connection

25. August 2017 07:19 by sirclesadmin in Hardware, Network Security, Troubleshooting, VPN
iPhone IOS, iPad or Mac OSX to DrayTek Vigor 2860 or 3900 via VPN Connection The newer Mac and IOS v

iPhone IOS, iPad or Mac OSX to DrayTek Vigor 2860 or 3900 via VPN Connection

The newer Mac and IOS versions no longer support the Microsoft PPTP versions and so connecting to your office or home has become more difficult unless you are using MAC OSX Server or similar. Here we are going to go over how to connect your IOS or OSX device to your DrayTek router so that you can use your local LAN or browse the internet as if you were back at home.

If you are looking for a service to connect you to the UK for internet browsing whilst abroad, please feel free to enquire about our UK VPN dial-in services.

First of all log in to your router control panel as normal, in this case we are looking at a 3900, but the 2860 is the same:

 

 

Firstly, we are using an L2TP over IPSec connection in this instance, so let's make sure that the services are being supported. Go to VPN and Remote Access and then Remote Access Control and make sure that the L2TP and IPSec services are enabled, as below:

 

 

Next we need to set-up the IPSec pre-shared secret. To do this we go to IPSec General Setup and enter the shared secret that all of the IPSec sial-in users will need to have:

 

 

In this example we are leaving the incoming internet port as WAN1 and the internal network DHCP profile as LAN1 but you should configure these as appropriate for your network.

Now if you are using the router's DHCP services then you can skip the next step but in this example the 3900 is part of a Windows server network and the servers provide DHCP and so we are going to configure the router to pass on the DHCP from the server as the users will need to access the server network remotely. To this end we go to PPP General Setup and click the L2TP tab at the top:

 

From the above I am selecting to enable DHCP and choosing the DHCP Server Location as LAN1 as it is in this case. I then enter the DHCP Server IP Address with the Windows Server providing the DHCP services. 

 

Go to User Management and then User Profiles and select Add:

 

 

Enter the details of the user and click the tick box to enable the VPN. Scroll down to the PPTP/L2TP/SSL section and enable L2TP Dial-in for this user and then click Apply:

 

 

Now you can set-up your IOS or OSX Apple clients:

Go to Settings then General and select VPN and Add new VPN configuration:

 

 

Change the VPN type to L2TP

 

 

 

 

Now enter the details you entered for the VPN user:

 

 

 

Once you have entered the details, click Done.

Now go back to the settings page, find the VPN option and click the slider on the right to start the VPN:

 

 

Once the VPN has connected you will be able to see the VPN icon at the top of your screen:

 

 

 

Phone number email spams

24. August 2017 10:46 by sirclesadmin in Viruses and Malware threats, SPAM
Phone number email spams Watch out for these emails trying to get you to phone an expensive number:

Phone number email spams

Watch out for these emails trying to get you to phone an expensive number:

Name : Sophie Morgan

Email : morgan.sophie@writeme.com

Tel: 8712771062

Message : Please call me on +44 8712771062

If you email the address above you receive:

Subject: Auto-Reply

Hi, unfortunately I am unable to reply to your e-mail at the moment.

Please call me on +44 8714340521 Kind regards Sophie Morgan

The phone number is simply an expensive telephone call from which they will pocket a few pence - DO NOT CALL THIS NUMBER!!!

 

The postal address Address: Wye St, London SW11 2HB, UK and email: jessica.mitchell@post.com now seem to be prevalent with this spam post. It is simply an adjustment to avoid spam filtering, but the phone number is not so easily changed as it is obviously a custom-registered number to send them money. Our advice is to filter based on the phone number, with and without +44.

One of the most annoying issues with this is that the numbers cannot be easily identified or the owners tracked down and held responsible as reverse look-up on these numbers relies on the number having been published in the first place and there is no publicly available register such as with domain names (although these are largely suppressed now - wrongly, in our opinion) and so there is little immediate action that can be taken.

The latest versions of these emails are now appearing as:

 

Name :  Nisha

Email :  nisha@matridtech.net

Tel:  +1-855-370-5507

Message :   May I Have the privilege of Connecting with you?

As you can see from the above they are US numbers in this example.

 

If you have any questions regarding spam or require any assistance, you can use the messenger icon at the bottom of the screen or contact us at https://www.sircles.net 

 

Natwest Spam Emails with Microsoft Word Attachments

Natwest Spam Emails with Microsoft Word Attachments &amp;nbsp; You may receive the following: &amp;nbsp;

Natwest Spam Emails with Microsoft Word Attachments

 

You may receive the following:

 

 

 

From:                                         New post NatWest Bank <noreply@natwest94.ml>

Sent:                                           Monday, August 21, 2017 10:07 AM

To:                                               Support

Subject:                                     NatWest

Attachments:                          NatWest258345907_2243.doc

 

View Your August 2017 online

 

Financial Activity Statement Keep track of your account with your latest

Online Financial Activity Statement from NatWest Bank.

 

Please download and view Microsoft Word attachment

 

So check out your statement right away, or at your earliest convenience.

 

Thank you for managing your account online. Sincerely. NatWest Bank

 

 
These emails are simply to persuade you to open the attachment:
DO NOT CLICK 'ENABLE EDITING' as this will compromise your system!

ADP Payroll adp.payroll.invoice@finemanrealty.com http://THOMASWYOUNG.ME spam

2. August 2017 16:19 by sirclesadmin in
v\:* {behavior:url(#default#VML);} o\:* {behavior:url(#default#VML);} w\:* {behavior:url(#default#VM

Beware of the following ADP Payroll impersonation spam email:

 

From:                                         ADP Payroll <adp.payroll.invoice@finemanrealty.com>

Sent:                                           02 August 2017 15:51

To:                                               Support

Subject:                                     ADP Payroll Invoice 10273250 for month  07/01/2017 - 07/31/2017

 

Your ADP Payroll invoice is ready and has been enclosed below, for your review. 

To view your ADP Invoice, please click below:

 

 

NOTE: Microsoft Office must be installed on your PC system.

 

Thank you for choosing ADP Payroll.

 

Important: Please do not respond directly to this e-mail. The originating e-mail account is not monitored.