Electronic Intuit  Message - Spam Alert!

watch out for this spam QuickBooks message:

INTUITNEWTEST

Reporting Fraudulent Websites with your Browser

When you receive an email that has links to a fraudulent site, you should report that site, to your browser provider so that other users can be saved from falling into the intended trap.

When you are sent to a site that the email tells you is giving you something, and when you arrive you are asked to make a payment, that is a form of misrepresentation; which is phishing. You should report phishing sites to Google:

https://safebrowsing.google.com/safebrowsing/report_phish/?hl=en

The advantage of reporting to Google is that they will adjust Google Chrome to warn people, and that is currently the most popular browser on Earth.

If the site you are sent to by a suspicious email tries to download a file to your computer (no matter what the file pertains to be) then it is most likely a malicious software site. These pages should be reported by pasting the URL in the browser address bar into the following Google page for malicious software sites:

https://safebrowsing.google.com/safebrowsing/report_badware/?hl=en

You can also read about Google's preventative measures programme against harmful internet use here:

https://safebrowsing.google.com/

If you are using Microsoft Edge or Internet Explorer, you can also report fraudulent sites. 

You can open the old style Internet Explorer by pressing the Windows Button + R and entering iexplore and pressing OK.

From the Safety menu, point to SmartScreen Filter, then click Report Unsafe Website.

Select one or both of the following check boxes you feel to be appropriate:

• I think this is a phishing website
• I think this website contains malicious software

If you are using Firefox, or if you wish to report the site to Mozilla to help more people, you can report fraudulent sites to Mozilla here:

https://www.mozilla.org/en-US/about/legal/fraud-report/

Here you can choose from:

• Domain name
• Collecting personal information
• Charging for software
• Logo misuse (phishing)
• Distributing modified Mozilla/Malware

And choose which products are affected.

In general it is always worth checking that the site is secured - by seeing if there is a padlock in the browser address bar or that the https has gone green etc. - and that the domain is correct. The domain must be the last item in the address bar before the first / (forward slash) as many fraudulent domains trick us by using facebook.com-uerjfnf0e837e3e0d0y.uzbxyn.com/webapp/ye.js or facebook.com.wifubd97fidn9.interstrartter.net/webapp/ku.js similar. Notice that the facebook.com is followed by a hyphen or a dot instead of the forward slash / that represents the end of the domain.

💸 Incoming BitCoin Transfer - You received 0.881110 BTC!

The following email has been reported as currently active:

Hello,

You just received 0.881110 BitCoin incoming transfer from Info.

Sender: info@sthildas.oldham.sch.uk

Receiver: recipient email

Amount: 0.881110 BTC

Deadline: 23-05-2018 13:19:28

Transfer has been made from account holder:

c23cb46b19164de4ea6667a27c7c95bab1a6509b76a9fae2856d7a8cf72b950e

Accept the transfer now:

http://www4.bitcoin-gb.tk/claim/uk4njQORyWgrV0hS

Only 7 days remaining to accept your BitCoin transfer! If you do not accept this transfer, the money will be returned to sender.

To claim your BitCoin please visit the link below:

http://www4.bitcoin-gb.tk/claim/uk4njQORyWgrV0hS

Best regards,

Roxana Rigby

Bitcoin Account Manager

The link forwards you to:

https://cryptocode.online/

Whenever there is a supposed quick way to increase capital, con-people quickly associate themselves with the name in the hope of riding the excitement in order to rip people off. Any crypto currency such as Bitcoin is a huge risk to invest in and should be treated with EXTREME caution. This website is not an investment site, but an attempt at taking money based on the reputation of Bitcoin - do not enter your name, report this site as fraudulent using your browser, and mark this email as spam and/or phishing.

The intent of this email is fraudulent, and so it is safe to assume that the website is fraudulent also. Any testimonials are contrived and should not be believed.

You can report fraudulent websites with the help of this page which tells you how to report fraudulent or malware websites.

Virus alert... from Mail Admin #

You may receive the following:

The link above points to: 

http://lauratimmermans.ca/Drupal/server/upload/scan%202018/scan%202018/scan/auth.php?%20email=recipient@emaildomain.com

Where recipient@emaildomain.com is replaced by your email address which enables the website to look fairly realistic:

Which is a link to a compromised website that will ask for your email password - UNDER NO CIRCUMSTANCES SHOULD YOU EVER ENTER YOUR EMAIL PASSWORD INTO AN UNKNOWN SITE!

The above obviously has all sorts of fake associations to antivirus companies along the bottom, but the only point of this is to get your email account login password.

The 'Start Scan' button will show a progress meter, just to convince you that the site is real and give them time to login to your email and steal your data.

This website has been reported to the owners and to Google and Microsoft.

Please mark this email as spam and inform your email provider that this email should be blocked.

Spam: Important Information from NatWest

Beware of these email purporting to be from Natwest:

 GOOGLE/MICROSOFT/MOBILE AWARD PRIZE

This is often a thankless task, corresponding about confidence tricksters and unsolicited email or trojan attacks, but every so often you see something so brilliant or funny, that it really does brighten your day.

This example barely even constitutes an email, it is so terse and unkempt, but it is the attachment that is worth bringing to light:

Firstly, I love the way that the subject implies that this email has been forwarded, as if they have received a spam email and liked it so much that they want to try it out on someone else.

I also love the statement of the funds - United States Dollars - as if they are mined on another planet and flown here under heavy intergalactic-guard.

Best of all though, I love the blinding mishmash of trademarks, signatures and barcodes at the bottom, ensuring any innocent bystander will be overwhelmed with its authority.

The file is attached as a BMP file - an uncompressed bitmap - presumably in order to circumvent firewalls??? Sure a PDF would have made for a more believable choice, but I suppose they are more easily read by text analysis in search of keywords.

The email is below:

Spam - 💸 BitCoin Transfer - You received 1.225999 BTC!

This is out there today:

Containing:

Hello,

You just received 1.225999 BitCoins incoming transfer from Admin.

Sender: admin@digital-notes.co.uk

Receiver: support@berkshirecomputersupport.co.uk

Amount: 1.225999 BTC

Deadline: 14-03-2018 08:47:26

Transfer has been made from account holder:

93f8a344845dec17a47ea1d168f3bdc7ddcd3e60a06433f18c9cc8d546576e09

Accept the transfer now:

http://f.bitcoin-uk.ml/claim-now/zEQkqAbVymHYvO

Only 7 days remaining to accept your BitCoin transfer!

If you do not accept this transfer, the money will be returned to sender.

To claim your BitCoin please visit the link below:

http://f.bitcoin-uk.ml/claim-now/zEQkqAbVymHYvO

Best regards,

--

Raisa Figueroa

Bitcoin Account Manager

The shortcut lead you to: https://crypto-code.xyz/?tid=10259c54399cc945385a70597fd4a3&aff_id=3593&pop=0

Now with all sites that tell you that you are a lucky chosen few, these people are confidence tricksters and no one ever gives away anything worth keeping unless they are your friend.

Report this website as fraudulent and these emails as spam. They have lied about sending you the Bitcoins so they are lying about everything else.

-------------------------------------

 Another variant:

Good afternoon,

Your incoming BitCoin transfer is still waiting for your acceptance.

Sender: 349504625c1aa05936385d819a4a579da5b15f8c6a1a3818c0a6c0b959f38511

Sender Email: admin@nlmcc.org.uk

Amount: 0.767837 BTC

Deadline: 11-03-2018 16:05:50

Accept the transfer now:

http://uk5.bitcoin-uk.ga/accept-transfer/YPx79WODu8GwZBI0

Only 3 days remaining to accept your BitCoin transfer!

If you do not accept this transfer, the money will be returned to sender.

To claim your BitCoin please visit the link below now:

http://uk5.bitcoin-uk.ga/accept-transfer/YPx79WODu8GwZBI0

If not accepted, this transfer will be returned to sender in 72 hours.

Register your free account and receive your BitCoin now.

Use our platform to trade BitCoin automatically.

Join the BitCoin revolution!

Best regards,

--

Samatha Caraballo

Bitcoin Account Manager

CITY SIGN & GRAPHICS LTD Phishing Spam

You may see this fake invoice from the above company:

Invoice 1717 from CITY SIGN & GRAPHICS LTD

Spam - New Private Message from Jeremy. Facebook Toya <toya-651@c.privmsg.tk>

We are seeing this one today:

Invoice for [Your Website Page Title]

You may receive this email, or one similar:

Oddly, they seem to be using MailChimp as their transport - not sure how that happened as MailChimp are very strict about these matters.

Now the download link for the invoice points to: https://sangamhotel.com/Invoice%20for%20company.zip which downloads a zip file.

The file is called 'invoice for company' and is a JS Javascript file.

This file is dangerous and should not be opened.

This email should be reported as spam to mailchimp and possibly even to the CIA

We have also seen this same email with the files stored at:

And the subscription links to be:

We are also seeing these as arriving from the company name: Nixon Hire, as below:

In the email above the site has already been disabled and so the logo is no longer working...

HTML is below:

Once again the subscription points to mailchimp:

https://nixonhire.us6.list-manage.com/profile?u=49ab97c4aa&id=1a1758171e&e=270c72add7

https://nixonhire.us6.list-manage.com/unsubscribe?u=49ab97c4aa&id=1a1758171e&e=270c72add7&c=e43f84ff25