sircles.net Computer Support The sircles IT support & solutions blog | SPAM

Twitter Feed Popout byInfofru

The sircles IT support & solutions blog Internet Safety & Security, Windows Tweaks and Server Fixes

SPAM: yourdomain.com Final Extension

19. June 2018 10:14 by sirclesadmin in Online Fraud, SPAM
SPAM: yourdomain.com Final Extension   Another domain renewal scam is circulating this week. Th

SPAM: yourdomain.com Final Extension

 

Another domain renewal scam is circulating this week.

The format is the same as usual - danger, danger danger, about to expire, your domain, final warning etc.

Then right at the bottom it says something like:

Failure to make payment may result in account closing (making it difficult for your customers and your friends to locate you, using search engines on the web).

So it is actually a service to submit you to search engines.

 

Well there is only really one search engine unfortunately, although Ecosia's plan is a good one, so there is no need to pay someone to submit your pages. Google are quite capable of finding you themselves.

 

The email arrives as:

 

- ACT IMMEDIATELY -

FINAL EXTENSION

PURCHASE EXPIRATION DATE: 06.26.2018

 

Final Extension

 

LAST OVERDUE NOTICE FOR DOMAIN

Notice#: 049436077

your domain

Date: 06.19.2018

 

DOMAIN: yourdomain.suffix

ACCOUNT BALANCE: $0.00

 

PLEASE CLICK ON

 

TO CARRY OUT YOUR PAYMENT

 

PAYMENT

OVERDUE

!

 

Your Name

Address

Town

Region, Post Code, Country

 

Domain Name:

Registration Period:

Price:

Term:

YourDomain.suffix

Today to One year away

$84.00

1 Year

 

 

PLEASE CLICK ON

 

PAYMENT

OVERDUE

FOR


yourdomain.suffix

ACT TODAY!

 

Dear Your Name,

This is the final billing notice to complete this order by 1 Week failure to make payment may result in account closing (making it difficult for your customers and your friends to locate you, using search engines on the web).

 

 

PLEASE NOTE:

This Email contains information intended only for the individuals or entities to which it is addressed. If you are not the intended recipient or the agent responsible for delivering it to the intended recipient, or have received this Email in error, please notify immediately the sender of this Email and then completely delete it (including any attachments). Any other action taken in reliance upon this Email is strictly prohibited, including but not limited to unauthorized copying, printing, disclosure, or distribution. The sender bears no responsibility for any loss, disruption or damage to your data or computer system that may occur while using data contained in, or transmitted with, this Email. Any views expressed are personal unless otherwise stated. unlike here Providing false information will result in suspension of the customer's account.Thank you for your cooperation.

 

 

 

 

The unsubscribe link points to: http://yourdomain.com.onlineadvice.top/unsubscribe/

The secure payment link links to: http://yourdomain.suffix.onlineadvice.top/?d=yourdomain&y=06.27.2018

Report the website onlineadvice.top as spam and the website it takes you to: seockaccepted.org should be reported as a phishing site.

Report the email as spam.

Many thanks.

 

 

 

SECURITY ALERT - Tesco Bank Spam Scam

12. June 2018 07:33 by sirclesadmin in Fraud, Online Fraud, SPAM
SECURITY ALERT - Tesco Bank Spam Scam   Beware of these fake Tesco spam emails:   v\:*

SECURITY ALERT - Tesco Bank Spam Scam

 

Beware of these fake Tesco spam emails:

 

From:                                         TescoBankOnline@mail.net

Sent:                                           11 June 2018 16:24

To:                                               Recipient

Subject:                                     SECURITY ALERT

 

 

SECURITY ALERT  

You are receiving this email because we noticed an attempt to sign in to your account from an unrecognised device. Our system has blocked this sign in attempt as a security measure. 


In order to safeguard your account information we have temporarily restricted your access to certain features within our online banking system. To restore full access please click the link below to validate your account information.

Please note:
 Failure to restore full access can lead to permanent suspension of access to our online banking service.

==================================================
Get Started ⇨
==================================================

Best regards,


Tesco  Online Banking Team

 

The 'Get Started' link actually takes you to: https://newsforeveryone.top/tescoOnline/index.php

Cloud Flare have already labelled this site as phishing:

 

 

 

Electronic Intuit Message - Spam Alert!

6. June 2018 17:06 by sirclesadmin in Online Fraud, SPAM, Phishing
Electronic Intuit  Message - Spam Alert!   watch out for this spam QuickBooks message: &n

Electronic Intuit  Message - Spam Alert!

 

watch out for this spam QuickBooks message:

 

INTUITNEWTEST

From:                                         Intuit Inc. <quickbooks@paolasrestaurant.com>

Sent:                                           Wednesday, June 6, 2018 5:02 PM

To:                                               Accounts Team

Subject:                                     Electronic Intuit  Message

 

 

 

 

  

 

Number:

2209

Payment Due Date

06/07/2018

BALANCE DUE

$3,420.00

Dear Customer,

This bill notice is being provided to you by Intuit Inc. from Veri Facts Inc. Please click the button above to find an invoice

 

intuit test

Intuit, Inc. 2014-2018 All rights reserved. TurboTax and Mint are registered brand names and trademarks of Intuit Inc. Conditions, support and service are subject to modification with out notice  Privacy Terms

The 'Pay Here' link actually points to: http://minerco-corp.net?5YpI5=QIUBNYQASHUBQYUDP which has already been shut down so no need to report this site.

Do report this email as spam to your email provider though and keep vigilant.

You and your family can live in United States - Spam Alert!

5. June 2018 07:32 by sirclesadmin in SPAM
You and your family can live in United States - Spam Alert! &amp;nbsp; The following email has been seen

You and your family can live in United States - Spam Alert!

 

The following email has been seen this week in several places but has reared it's ugly head before as well:

One of the concerning things about this email is that they have a quality TLD (Top Level Domain) to assure the surfing public that the site is legitimate.

 

GreenCard

From:                                        Green Card Britain <dontreply@royalmesa.net>

Sent:                                         Monday, June 4, 2018 6:54 PM

To:                                            Support

Subject:                                    You and your family can live in United States

 

Join the Formal American Green Card Loterry Program

 

Diversity Immigrant Visa Lottery

 

 

 
 
 
 

55,000 people will enjoy USA citizenship.

Check if you are eligible for one.

Find out Here

Quick appliance within 5 minutes

Read additional information, go here

We wanted to take a moment to thank you for being a member of our subscribers.

We have enjoyed this year immensely and truly appreciate you for being a part of our community and newsletter.

We wish you and your family a wonderful year of health, happiness and prosperity.

 

 

 

 

Be Well!

      

You’re receiving this email because you signed up on our websites, attended one of our previous events or bought one of our products. To manage your email preferences please click here.

report spam

 
 

The 'Find Out Here' link points to: http://cleverelite.com/link.php?M=1211686&N=309&L=75&F=H which, in turn forwards us to: https://usalws.com/register/?ASEM and we see:
 
 
As you can see the USALWS.com domain sits well and is fairly convincing.
Web users who have typed in their real details report that they are inundated with calls asking for personal information so definitely do not enter any details into this form.
 
Lottery is spelt with one R and two T's and so this email definitely originates in a non-English speaking country - 'Join the Formal American Green Card Loterry Program' is not a good sign to see at the top of any email.
 
Do not click unsubscribe - they may get your email address - it points at http://pmtarock.com/unsubscribe.php?C=dc949d983862fda3a57fff732ecd5e6f&L=5&M=1211686&N=309
 
Do not click report spam - they may get your email address - it points at http://pmtarock.com/spam_report_en.htm 
 
 

💸 Incoming BitCoin Transfer - You received 0.881110 BTC!

17. May 2018 07:24 by sirclesadmin in Internet Security, Fraud, SPAM, Phishing
&#128184; Incoming BitCoin Transfer - You received 0.881110 BTC! &amp;nbsp; The following email has been report

💸 Incoming BitCoin Transfer - You received 0.881110 BTC!

 

The following email has been reported as currently active:

 

Hello,

You just received 0.881110 BitCoin incoming transfer from Info.

Sender: info@sthildas.oldham.sch.uk

Receiver: recipient email

Amount: 0.881110 BTC

Deadline: 23-05-2018 13:19:28

Transfer has been made from account holder:

c23cb46b19164de4ea6667a27c7c95bab1a6509b76a9fae2856d7a8cf72b950e

Accept the transfer now:

http://www4.bitcoin-gb.tk/claim/uk4njQORyWgrV0hS

Only 7 days remaining to accept your BitCoin transfer! If you do not accept this transfer, the money will be returned to sender.

To claim your BitCoin please visit the link below:

http://www4.bitcoin-gb.tk/claim/uk4njQORyWgrV0hS

Best regards,

Roxana Rigby

Bitcoin Account Manager

The link forwards you to:

https://cryptocode.online/

Whenever there is a supposed quick way to increase capital, con-people quickly associate themselves with the name in the hope of riding the excitement in order to rip people off. Any crypto currency such as Bitcoin is a huge risk to invest in and should be treated with EXTREME caution. This website is not an investment site, but an attempt at taking money based on the reputation of Bitcoin - do not enter your name, report this site as fraudulent using your browser, and mark this email as spam and/or phishing.

The intent of this email is fraudulent, and so it is safe to assume that the website is fraudulent also. Any testimonials are contrived and should not be believed.

You can report fraudulent websites with the help of this page which tells you how to report fraudulent or malware websites.

Virus alert... from Mail Admin adminso90a@maraco.com

15. May 2018 10:13 by sirclesadmin in Internet Security, SPAM, Phishing
You may receive the following: &amp;nbsp; /* Style Definitions */ table.MsoNormalTable {mso-style-n

Virus alert... from Mail Admin #

 

You may receive the following:

 

 

Dear: recipient@emaildomain.com

We suspect that there might be some virus activities in your email account that is affecting our email server's deliveribilty performance.

And we demand that you take immediate action to scan and delete these threats from your email account.

To keep your account safe, please follow the URL below to run a quick email scan.

Scan- recipient@emaildomain.com

 


If you ignore this notice, your account might be suspended to protect our server from further damage.


Source: Email Security Team

 

The link above points to: 

http://lauratimmermans.ca/Drupal/server/upload/scan%202018/scan%202018/scan/auth.php?%20email=recipient@emaildomain.com

 

Where recipient@emaildomain.com is replaced by your email address which enables the website to look fairly realistic:

 

Which is a link to a compromised website that will ask for your email password - UNDER NO CIRCUMSTANCES SHOULD YOU EVER ENTER YOUR EMAIL PASSWORD INTO AN UNKNOWN SITE!

 

The above obviously has all sorts of fake associations to antivirus companies along the bottom, but the only point of this is to get your email account login password.

 

The 'Start Scan' button will show a progress meter, just to convince you that the site is real and give them time to login to your email and steal your data.

 

This website has been reported to the owners and to Google and Microsoft.

 

Please mark this email as spam and inform your email provider that this email should be blocked.

 

Natwest Spam: Incomplete Security Information

Natwest Spam: Incomplete Security Information &amp;nbsp; &amp;nbsp;

Natwest Spam: Incomplete Security Information

 

You may receive the following message, purporting to be from Natwest:

 

From:                                                       NatWest <info@ipconnect.de>

Sent:                                                        Date

To:                                                            Recipient

Subject:                                                   Incomplete Security Information

 

 

 

 

 

 

 

 

Incomplete Security Information

 

 

 

 

 

Hello,


Information we use to determine the security of your account is missing we need you to confirm as soon as possible.

 

Details:
You are required to review and update missing information*

We have temporarily suspended your online access to prevent any loss to your balance until you securely submit missing information: Click below to continue

RESTORE MY ACCOUNT

 

 

Thank You,
The NatWest Accounts team

 

*The location is approximate and determined by the IP address it was coming from.

This email can't receive replies. For more information, visit the NatWest Accounts Help Center.

 

 

 

 

You received this mandatory email service announcement to update you about important changes to your NatWest product or account.

© 2018 NatWest Inc.,

 

 

  
 
The link in the message tries to take you to: http://www.betonruettler.at/statistik/nwolb/index.php
 
Please mark as spam - the website appears to have already been fixed and the bad content removed... :)
 
 
 
 

Disability Action Alliance - DAA Receipt#

Disability Action Alliance - DAA Receipt# &amp;nbsp;

Disability Action Alliance - DAA Receipt#

 

 

From:                                                        invoice@culqi.net on behalf of Disability Action Alliance – DAA <invoice@culqi.net>

Sent:                                                         Date

To:                                                             Recipent

Subject:                                                     Receipt # 8453985   Receipt # 9599113

 

 

Payment Receipt

YOUR PAYMENT HAS BEEN PROCESSED

Your payment has been received, please find attached your PDF invoice.

   

Spam: Receipt # 255247

Spam:&amp;nbsp;Receipt # 255247 &amp;nbsp; Beware of these fake receipts: Payment Receipt YOUR PAYMENT HAS B

Spam: Receipt # 255247

 

Beware of these fake receipts:

Payment Receipt

YOUR PAYMENT HAS BEEN PROCESSED

We send  Google.Docs document.

Link points to: https://www.ethereumpower.io/itr_inv_doc.zip

Which obviously downloads a inv doc.zip file to corrupt your computer or add a root kit etc.

We have reported the Google link and the website as well as marking the email as spam - please do the same if you receive one of these.

Spam: Receipt # 255247

Spam:&amp;nbsp;Receipt # 255247 &amp;nbsp; Beware of these fake receipts: Payment Receipt YOUR PAYMENT HAS B

Spam: Receipt # 255247

 

Beware of these fake receipts:

Payment Receipt

YOUR PAYMENT HAS BEEN PROCESSED

We send  Google.Docs document.

Link points to: https://www.ethereumpower.io/itr_inv_doc.zip

Which obviously downloads a inv doc.zip file to corrupt your computer or add a root kit etc.

We have reported the Google link and the website as well as marking the email as spam - please do the same if you receive one of these.