sircles.net Computer Support The sircles IT support & solutions blog | SPAM

Twitter Feed Popout byInfofru

The sircles IT support & solutions blog SEO, Copy Writing, Networking and Internet Safety & Security

Spam: Donation From Buffett Foundation

8. December 2017 07:21 by sirclesadmin in Internet Security, SPAM, Phishing
Spam: Donation From Buffett Foundation   This is definitely the lamest email we have seen for s

Spam: Donation From Buffett Foundation

 

This is definitely the lamest email we have seen for some time and, to be honest, the most confusing. Not only is the premise so preposterous that no one would surely ever reply. But also the manner in which it has been executed is so pathetic.

I don't know much about Warren Buffet or his foundations but I am pretty sure that none of these people or organisations would use wbuffett6@aol.com

It is so ridiculous, in fact, that I am going to reply to this email to see what happens,

The text reads:

 Am Warren Buffett the CEO to (Warren Buffett Foundation)Warren Buffett Foundation picked you for a $1,500,000 donation.For more details contact Warren Buffett Foundation email:wbuffett6@aol.com

From: Warren Buffett Foundation <warrenmick@supanet.com>

I will report back with any outcome...

Santander: Important Update about your account - spam!

4. December 2017 06:42 by sirclesadmin in Internet Security, SPAM, Phishing
Santander: Important Update about your account - spam! &amp;nbsp; We have seen this email over the weeke

Santander: Important Update about your account - spam!

 

We have seen this email over the weekend. The email us a standard looking Santander email but obviously it tries the age-old trick of pretending someone has tried to break into your account. Fear combined with shock intending to make you act before you think. As usual, the sender email address is completely irrelevant, in this case an EDU suffix.

From:                                                       Santander <dolwickk2@mymail.nku.edu>

Sent:                                                         Sunday, December 3, 2017 8:37 AM

To:                                                            Recipients

Subject:                                                   Important Update about your account

 

If you are having trouble viewing this message, please click here.
E-mail Security Information.

Santander

 

Your security is our priority

Dear Customer:


We recently reviewed your account, and we suspect an unauthorized transaction .

Therefore as a preventive measure we will temporary limit your access to sensitive Santander Online features.

To ensure that your account is not compromised, please log in to your Santander Online and verify your identity to prevent deactivation.

Please use the hyperlink below to login to our secure Santander account Online from Step 1 of 3 to verify your accounts.


Verify now »




Thank you for choosing Santander,
Christian Westcough
The Santander Online Banking Help Team.

envelope-icon

Keep your account information up-to-date. In the event of fraudulent or unusual activity, we'll need to know the best way to reach you. Log in to your account or click to Update now »

E-mail Security Information

 



If you have concerns about the authenticity of this message, please visit http://www.santander.co.uk/uk/index for options on how to contact us.

 

 

 

Anyway let's have a look at what this one does so as to be ready for future emails phishing:

The email looks reasonable enough...

It has all of the hallmarks of a legitimate email:

The 'Verify now' button links, also to:

http://retail.santander.co.uk.logsuk.ns.ens.btochanneldriver.ssobto.dse.operationname.logon.dse.processor.logon.dse.processor.logon.logon.notaioagenova.it/retail/Login.php?sslchannel=true&form=AccountVerification&sessionid=DyClc8RiwcVDTd2G66ahBxo5LOB2dDWRbycoH3GdgBQ9PTQWZ0dAxCGjqhlEViv6RHvyLbM2NCbDw1zv

And when visited we see the following:

 

 

Once again, very close to the real thing, and has no certificate errors, but this is because it is not a secure site. I am currently using Microsoft Edge in this case and so will report this site:

I click on the three dots in the top right-hand corner:

 

 

I now choose 'Send feedback'

 

 

Now I click 'report unsafe site" and choose 'phishing' as that is obviously what this site is.

Once reported we receive a confirmation that the site will be analysed, but please feel free to report this one your self as it will speed up the closing of the site.

Desperate Marketing - Order #16530 / Digital Marketing Skills (Out of Stock)

22. November 2017 12:17 by sirclesadmin in SPAM, Phishing
Desperate Marketing - Order #16530 / Digital Marketing Skills (Out of Stock)&amp;nbsp; This really is qu

Desperate Marketing - Order #16530 / Digital Marketing Skills (Out of Stock) 

This really is quite sad, you have not ordered anything, this is just desperation. Phishing emails trying to get you to download marketing.

This is an unsolicited email, no matter what these idiots claim, and deliberately tries to make you think you have placed an order.

Just take a look at this:

 

Order #16530 / Digital Marketing Skills (Out of Stock)

From:                                         Vanessa Cowpland <vanessa.cowpland@qa-newsletters.com>

Sent:                                           22 November 2017 12:07

To:                                               Simon R. Cooper

Subject:                                     Order #16530 / Digital Marketing Skills (Out of Stock)

 

 

Hello Simon,

 

We're sorry but the item: Digital Marketing Skills you require is currently out of stock. 

Attracting and building the right digital marketing skills becoming an issue for your organisation? 

You're not alone - 76% of UK businesses are experiencing problems recruiting digital marketing skills, despite 84% of these same businesses agreeing these skills are more important than ever before. 

We have crafted a digital marketing guide which will enable you to identify key trends and challenges, and find solutions for all your digital marketing skills needs in 2018. 

Find out more about out digital marketing enablement guide here
 

Kind regards, 

Vanessa Cowpland
QA Apprenticeships
 


Manage your communication preferences here.

 

 I would email them back explaining your disgust at these emails - they will certainly not be allowed to do this following new EU legislation.

Metro Bank Spam - Please Action: E-Payment REF: MTA22506651

22. November 2017 10:52 by sirclesadmin in SPAM, Phishing
Metro Bank Spam - Please Action: E-Payment REF: MTA22506651 &amp;nbsp; v\:* {behavior:url(#default#VM

Metro Bank Spam - Please Action: E-Payment REF: MTA22506651

 

 

 

From:                                         Metro Bank <epayment@metrobankonline.com>

Sent:                                           21 November 2017 14:28

To:                                               Recipients

Subject:                                     Please Action: E-Payment REF: MTA22506651

 

Valued Customer,

Please note that starting from November 21, 2017 we will be introducing new online banking authentication procedures in order to protect the private information of all online banking users.

There is a pending transfer payment into you account from our account department. For security reason invalid record or your 8 digits Security number. We require you to confirm your profile on file with us before this transfer can be completed.

This can be done using the reference provide below.

Complete incoming Payment

Please remember to check 'e-Documents' regularly as we may send you documents which you need to action. Your online documents are stored for 7 years and can be viewed, downloaded and printed at any time.

Regards
Customer Service
Metro Online Banking Team

 

 

The above email is a scam - this one isn't a particularly convincing email as the formatting is based on Microsoft Office formatting and is not supported on many up-to-date system.

If we go to the link in IE, we immediately receive a warning regarding the domain of aaryacreation.in

This means that the domain has been reported by other users with IE and should be avoided - close the browser and delete the email.

If we look at the fake website itself we can see that the formatting doesn't really work:

The links top right are dead and do not even show the arrow to click on when hovered above - close the site and delete the corresponding email and mark it as junk if you have the option.

Metro Bank are a big target at the moment so do be careful if you are a user - check every email before taking any action!

Netflix Spam - Your Netflix Membership is on hold - netflix-restrictions.com

9. November 2017 07:56 by sirclesadmin in Internet Security, SPAM
Netflix Spam - Your Netflix Membership is on hold - netflix-restrictions.com &amp;nbsp; This is a well t

Netflix Spam - Your Netflix Membership is on hold - netflix-restrictions.com

 

This is a well targeted spam, even if it appears to be caught by most antispam filters before first contact.

They have even bought a custom domain name but perhaps that was their first mistake...

 

 

 

Anyway the email arrives thus: 

 

From:                                         Netflix <contact@netflix.ssl.com>

Sent:                                           03 November 2017 10:26

Subject:                                     Your Netflix Membership is on hold

 

 

 



We recently failed to validate your payment information we hold on record for your account,
therefore we need to ask you to complete a brief validation process in order to verify your billing and payment details.

Click here to verify your account

Failure to complete the validation process will result in a suspension of your netflix membership.

We take every step needed to automatically validate our users, unfortunately in this case we were unable to verify your details.

This process will only take a couple of minutes
and will allow us to maintain our high standard of account security.


Netflix Support Team



This message was mailed automatically by Netflix during routine security checks. We are not completely satisfied with your account information and required you to update your account to continue using our services uniterrupted.

 

 

 

 

And beside misspelling uninterrupted, the email is fairly believable as this kind of thing happens all the time.

Hovering over the link reveals: webcmd.netflixusersupport.billingupdate.netflix-restrictions.com which is not a valid Netflix.com domain, but then PayPal use all sorts of paypal-notification.com type domains.

Either way the domain had been shut down by Netflix already and so no great worries here but bear in mind they will be targeting other pay per view services and will have a new website in no time so beware.

 

But still enjoy the internet and be safe!

You need to upgrade now - Office 365 Spam - Watch out!

31. October 2017 08:44 by sirclesadmin in SPAM, Office 365
You need to upgrade now - Office 365 Spam - Watch out! This email is dangerous just because so many

You need to upgrade now - Office 365 Spam - Watch out!

This email is dangerous just because so many of us have an Office 365 account. We are constantly having to take over various company 365 accounts and subsequently move them on to someone else and so fake notifications like this can be enticing.

 

 

If we take a look at the link by hovering over with the mouse arrow - which you should do with any email link before clicking - we see the following:

 

This link is pointing at:

http://office365.com-email-live-common-oauth2.authorize.thegrindtennis.com/

Which is obviously not a Microsoft link.

The website you are taken to is definitely close to the normal login page, with a truly impressive hostname in the address bar to fool you:

 

http://www.login.office365.com-code-b6159368de39251d7a-login.id-107sbtd9cbhsbtd5d80a13c0db1f546757jnq9j5754675732273456.thegrindtennis.com/2017/authorizez9/login.php?sslchannel=true&sessionid=GWuEWXKL6rAe6TKAiGfPvLAyAojwMlishM6eKRZQjA4qtP0MvfC11czCBS9nerQveWKZOJQ7kVxOKyBf

Which we can see here:

 

 

Notice also that there is no padlock to show that this is a secure site and that the site is running on HTTP instead of HTTPS indicating a secure connection

thegrindtennis.com has been fully compromised and is in bad shape but is not currently being recognised by Chrome or Internet Explorer as a pirate site so be vey careful.

If you are not the admin of your Office 365 site then you will never be asked to upgrade - Office 365 upgrades occur constantly in the background without the requirement of your intervention - that is what The Cloud is all about.

If you have any queries, please feel free to drop us a line on the contact form or by chat.

PayPal Spam: Notice: Ticket Number PD-0BC-59C7-2EB4-7854FE0

23. October 2017 07:13 by sirclesadmin in Internet Security, SPAM
PayPal Spam: Notice: Ticket Number PD-0BC-59C7-2EB4-7854FE0 &amp;nbsp; Watch out for this one doing the

PayPal Spam: Notice: Ticket Number PD-0BC-59C7-2EB4-7854FE0

 

Watch out for this one doing the rounds at the moment....

 

 

From:                                         accountsupportuplode@mail-qf966.getresponse.com on behalf of account.support.uplode@resgateparacristo.com.br

 

Subject:                                     Notice: Ticket Number PD-0BC-59C7-2EB4-7854FE0

 

 

PayPal

This is an automated email, Please de not reply.

Hi there,

We Are Sorry To Inform You For That But Your Account Has Been Limited To continue using your account, you must make mandatory update your information.

1-  Click on "Confirm Your Account"

2- Log In Enter email and password

3- Verify Your Informations To Activate Your Account

 

Source: Security team

© 1999–2016. 1401 Walnut, Suite 500, Boulder, CO 80302 USA

 

Amala Building, Elavungal Road, 682025, Cochin, India

You may unsubscribe or change your contact details at any time.


 

As you can see the above has getresponse links in, which is a nice touch. The destination has already been deactivated regarding the 'confirm your account' button but this email should be reported as spam nonetheless just to dissuade further phishing blunders....

HM Revenue & Customs <taxrefund2017@hmrc.gsi.gov.uk> Spam Email

18. October 2017 11:42 by sirclesadmin in Internet Security, SPAM
HM Revenue &amp;amp; Customs &amp;lt;taxrefund2017@hmrc.gsi.gov.uk&amp;gt; Spam Email &amp;nbsp; Beware of these cir

HM Revenue & Customs <taxrefund2017@hmrc.gsi.gov.uk> Spam Email

 

Beware of these circulating today - they are just an HTML attachment but are pretty impressive...

 

 

 

From:                                                       HM Revenue & Customs <taxrefund2017@hmrc.gsi.gov.uk>

Sent:                                                         Wednesday, October 18, 2017 8:20 AM

Subject:                                                   REFUND: GBP 643.55

Attachments:                                         Form - ID 791827938.html

 

Refund Form - ID 791827938

Dear Customer,

After the last annual calculations of your fiscal activity we have discovered that you are eligible to receive a tax refund of GBP 643.55.

Kindly complete the tax refund request and allow 1-3 working days to process it.

Please download the form attached to this email and confirm your tax refund.

A refund can be delayed for a variety of reasons.

For example: Submitting invalid records or applying after the deadline.

 

Containing the attachment: 

HMRC - Online Tax Refund

  

Refund Form - ID 791827938

Please enter your Personal Information and a valid Credit / Debit Card where you want the refund to be made.
* indicates required information.











Please enter your Credit / Debit card where refunds will be made








For security reasons, we recommend that you close your browser after you have finished the refund process.

Santander Spam email - We recently reviewed your account

5. October 2017 09:43 by sirclesadmin in Internet Security, SPAM, Popular Sites
Santander Spam email - We recently reviewed your account Watch out for this spam email circulating a

Santander Spam email - We recently reviewed your account

Watch out for this spam email circulating at the moment:

This email is made up as follows:

 

 

 

From:                              Santander <chelsea.decarlo@unco.edu>

Sent:                               Wednesday, October 4, 2017 10:37 AM

To:                                   Recipients

Subject:                          We recently reviewed your account

 

If you cannot see this email, click here

 

security

IMPORTANT SECURITY NOTIFICATION

 

 

 


Dear Customer,

At Santander we know protecting your identity is important, that´s why we´re always looking at ways to guard you from identity theft and fraud. We´re also committed to help you use our online service securely.

As part of our ongoing commitment to customer security we are constantly looking for new and improved ways to protect you and your assets. Our Internet banking security notice that your account profile is currently locked and you cannot perform any transaction online.

Due to security of your internet banking account we recommend you to reactivate & verify your account details. Please note that if you hold any joint accounts, only your details will be updated.

Please use the REGISTER NOW below to update your account profile from Step 1 to 3.

NEXT


Regards,

Fraud Prevention Team

 

Terms and conditions

Santander UK plc. Registered Office: 2 Triton Square, Regent's Place, London NW1 3AN, United Kingdom. Registered Number 2294747. Registered in England. www.santander.co.uk Telephone 0870 607 6000. Calls may be recorded or monitored. Authorised and regulated by the Financial Services Authority except in respect of its Consumer credit products for which Santander UK plc is licensed and regulated by the Office of Fair Trading. FSA registration number 106054. Santander and the flame logo are registered trademarks.

Please do not reply to this email. It has been sent from an email address that does not accept incoming emails. Santander will never ask you to supply personal information such as passwords or other security information via email. As an additional security measure, every customer email will be addressed to you personally. If you receive an email from Santander which is not personally addressed to you, or an email requesting personal information, please report this to phishing@santander.co.uk.

We only send marketing messages if you have not objected to receiving them at present. If you would prefer not to receive marketing-based offers and information from us by email, please click here to unsubscribe. However, we will continue to inform you regarding important information about your account e.g. a rate change.

You can check the above authorisations with the Financial Services Authority on www.fsa.gov.uk or by calling them on 0845 606 1234.

OC146 JUN 11

 

As we can see, the originating email address is: Santander <chelsea.decarlo@unco.edu> which is obviously a stretch for a major bank. Whoever chelsea is, they are most certainly not authorised to send mass security emails on behalf of Santander.

We can also see that the links to the bank point to: 

retail.santander.co.uk.logsuk.ns.ens.btochanneldriver.ssobto.dse.operationname.logon.dse.processor.logon.dse.processor.logon.logon.ahujacaterer.com/retail/

Which is actually the domain: ahujacaterer.com which is quite often used as a spam virus repository. It is currently rgistered to:

Registrant Contact Information:
Name Pankaj Garg
Organization Software Company
 
 
Which really should have been locked down before due to the registration information omitted.
Information Updated: 2017-10-05 08:58:54

If we follow the link (and please do not do this yourself) we see that the account has already been suspended and so whomever is being subcontracted to send these spams is already wasting their time. Either way, another nasty virus or trojan would have been waiting to compromise your PC.

 

More Phone Number Spam - Tel: +1-855-370-5507

15. September 2017 23:35 by sirclesadmin in SPAM
Spam - don&#39;t dial this number! &amp;nbsp; If you receive this email: Name : Nisha Email : nisha@matridte

More Phone Number Spam

 

If you receive this email:

Name : Nisha

Email : nisha@matridtech.net
Tel: +1-855-370-5507
Message : May I Have the privilege of Connecting with you?


As you can see from the above they are trying to get you to call a number with the international code in front. This number is a special number that is allegedly toll free according to quota.com:

"Area code 855 is a non-geographic area code, meaning that it is not associated with any particular city, state, province, or country. Area code 855 is a toll free number, that recently joined the list of 800, 888, 877, 866, and 844 toll-free numbers."

 This appears to be just another web design company from India trying to drum-up business. This number is displayed on their website (although it wasn't last week) so presumably they have just engaged someone in America to place and answer calls on their behalf to increase their business in the States.