sircles.net Computer Support The sircles IT support & solutions blog | SPAM

Twitter Feed Popout byInfofru

The sircles IT support & solutions blog SEO, Copy Writing, Networking and Internet Safety & Security

LinkedIn Spam - LinkedIn Impostor Sites

20. February 2018 15:02 by sirclesadmin in SPAM, Phishing
LinkedIn Spam - LinkedIn Impostor Sites   Watch out for phishing emails trying to steal your Li

LinkedIn Spam - LinkedIn Impostor Sites

 

Watch out for phishing emails trying to steal your LinkedIn details that have been circulating, such as:

Although the footer and other parts look acceptable, the email is arriving from Kevin Lee.Bolles <Lee.Bolles@mail.com> which is probably not the name of one of your connection but it is obvious that they are banking on the fact that many of us have thousands of contacts on Linkedin and so wouldn't know.

if you download the pictures then the email appears as above. The links in the footer are genuine LinkedIn destinations but are forwarded via Google to stop LinkedIn seeing where the origin of the link was.

If you click on the 'View Message' link, you arrive here: https://nickolasjames000.000webhostapp.com/link/Sign%20In%20to%20LinkedIn.htm

Which looks thus:

They are looking to take your login details...

If you look you can see the free web hosting sign bottom right.

If you enter some details, the site just spins as if busy:

Either way we obviously do not recommend any other action than reporting this site and reporting the email as spam to your providers. Have a safe browse.

sircles.net

Final Reminder <info@gace.org> Notice Trendy Media Inc,

19. February 2018 07:54 by sirclesadmin in SPAM, Phishing
Final Reminder &amp;lt;info@gace.org&amp;gt; Notice Domains being &#39;registered&#39; with search engines is a cons

Final Reminder <info@gace.org> Notice Trendy Media Inc,

Domains being 'registered' with search engines is a constant bugbear.

Any company with a propensity for corruption that has any understanding of the internet seems to jump on this bandwagon and so they never really stop arriving.

Somehow this incarnation are managing to send from GACE.org without being shut down but apart from that smack of a one-man-band in Florida who has decided to make money no matter what the moral cost.

A usual there is an ambiguous email of this nature:

 

From:                                                       Final Reminder <info@gace.org>

Sent:                                                         Monday, February 19, 2018 5:44 AM

To:                                                            Support

Subject:                                                   new-computer-games.info notice

 

Notice#: 194687

Date: 02/18/2018

 

Domain Owner,

 

Address
 

Domain Name: new-computer-games.info

Registration Period: 03/12/2018 to 03/12/2019

Price: $ 67.00

Term: 1 year

 

Dear Domain Owner,

 

Your domain new-computer-games.info registration is pending. Failure to complete this order by 02/26/2018 may result in the cancellation of this solicitation (making it difficult for your customers to locate you, using search engines on the web). We do not register or renew domain names.

Secure Online Payment

A link which actually takes you to: http://www.newcomputergamesinfo.registerfor.win/?d=new-computer-games.info&p=03-12-2018 calling itself Trendy Media Inc in Florida.
 
 
This is not a domain that the recipient even owns in this case.
 
These emails should be marked as spam and reported as such to your email providers.
These sites should be reported as fraudulent.
No action to be registered with search engines is required - Google will find you soon enough!

Your request to reset your iCloud password from another device Case : DQYERH

26. January 2018 13:59 by sirclesadmin in SPAM, Phishing
Spam Warning: [ Notification Alerts ] Your request to reset your iCloud password from another device

Spam Warning: [ Notification Alerts ] Your request to reset your iCloud password from another device Case : DQYERH

 

We have seen these arriving with the big email providers - this one came into Hotmail:

With the email itself appearing as:

 

 

New login attempt

From:                                                       AρρIelD. <029627663l1653@maillegal.info>

Sent:                                                         Friday, January 26, 2018 7:28 AM

To:                                                            simon_cooper@hotmail.com

Subject:                                                   January 26, 2018, RE: [ Notification Alerts ] Your request to reset your iCloud password from another device Case : DQYERH

 

 

Dear simon_cooper@hotmail.com,

Suspicious Activity.

We detect unusual login attempts in your Apple ID from other IP location, please verify your identity to your account, if you do not verify your identity today, your account will be locked for the protect account and the Apple Community.

Sign-in Details :

  • Date and Time : 26 Jan 2018 (GMT)
  • Location : Italy - Padova
  • OS : (iPhone; CPU iPhone OS 11_2_1 like Mac OS X) AppleWebKit/604.4.7

To continue enjoy our service.
Please update your account information and verify your identity in your account.

Verify Your Account

 

*We will unlock your account when we finish your account validation.



Sincerely,
Apple Support

If the button above does not work, try copying and pasting the URL into your browser. If you continue to have problems, please feel free to contact us

Copyright©2018 Apple Inc. All rights reserved.

 The actual 'Verify Your Account' link goes to: https://t.co/54QLMCJNlm which forwards you to the following:

https://appleid-accountofficial.approvedaccount.com/,/Login.php?sslchannel=true&sessionid=QRcWpaX5MMs4AUQyFXZ8l8xNStOsgdH64T3u41zRN1VnWMWCJVK54iSWLHp2U69Z0ct4d3W05So1ElDo

Which does a rather impressive rendition of the Apple website:

 

 

except for the missing image bottom right, really rather good.

Obviously DO NOT ENTER ANY PASSWORDS OR DATA into this site as it is a scam.

No matter what you enter, you are told your ID is blocked and are taken to:

 

Please excuse any bad language we may occasionally leave with these sort of people, but they are expecting to get innocent peoples' banking details. NEVER ENTER BANK DETAILS INTO ANY SITE ORIGINATING FROM AN EMAIL!

Google Chrome opened the site and so we have reported it to Google.

Microsoft Edge has already blocked this site as at 26/1/2018

Please be careful everybody as no one deserves your money for free.

 

 

 

 

Spam Warning: Shipment status changed for parcel #1188!

24. January 2018 16:12 by sirclesadmin in Viruses and Malware threats, SPAM
Spam Warning: Shipment status changed for parcel #1188! &amp;nbsp; You may receive the following: Spam W

Spam Warning: Shipment status changed for parcel #1188!

 

You may receive the following:

Spam Warning: Shipment status changed for parcel #1188!

A parcel was sent to you on 19/01/2018 via U.S. Postal Service Economy.

The following optional services were used:  Shipment status via email

You can view the tracking number and the delivery information on the tracking invoice enclosed below :

http://www.usps.com/shipping/trackandconfirm.htm ?action=download&trk_id=4209676728001104401363764606  

Thank you for shipping with USPS

******************************************************** ***************
NOTE:
 This e-mail was generated by USPS (www.usps.com)
 at the sender's request. 

Please contact 
 the sender of this e-mail or the U.S. Postal Service if you have 
 questions about the package delivery.

If you receive this message then it IS SPAM. The link above takes you to a file to download which can be harmful to your computer.

Following this being published, the file appears to have been removed.

Please Action: Barclays Cloud It

21. December 2017 13:43 by sirclesadmin in SPAM, Phishing
v\:* {behavior:url(#default#VML);} o\:* {behavior:url(#default#VML);} w\:* {behavior:url(#default#VM

 

Spam Warning - Please Action: Barclays Cloud It

This email has been circling...

 

From:                                         Barclays Bank <eservice@barclaycardus.com>

Sent:                                           13 December 2017 08:07

To:                                               Recipients

Subject:                                     Please Action: Barclays Cloud It

 

You have 2 new documents available in Barclays Cloud It to kindly view please follow step 1 of 2 .
View Now

Barclays PLC


The link goes to: http://puenteanil.com/bac/ which displays the following:
 
And so obviously has been shut down, either way this email should be reported as spam and then deleted...
 
 

Spam: Donation From Buffett Foundation

8. December 2017 07:21 by sirclesadmin in Internet Security, SPAM, Phishing
Spam: Donation From Buffett Foundation &amp;nbsp; This is definitely the lamest email we have seen for s

Spam: Donation From Buffett Foundation

 

This is definitely the lamest email we have seen for some time and, to be honest, the most confusing. Not only is the premise so preposterous that no one would surely ever reply. But also the manner in which it has been executed is so pathetic.

I don't know much about Warren Buffet or his foundations but I am pretty sure that none of these people or organisations would use wbuffett6@aol.com

It is so ridiculous, in fact, that I am going to reply to this email to see what happens,

The text reads:

 Am Warren Buffett the CEO to (Warren Buffett Foundation)Warren Buffett Foundation picked you for a $1,500,000 donation.For more details contact Warren Buffett Foundation email:wbuffett6@aol.com

From: Warren Buffett Foundation <warrenmick@supanet.com>

I will report back with any outcome...

Santander: Important Update about your account - spam!

4. December 2017 06:42 by sirclesadmin in Internet Security, SPAM, Phishing
Santander: Important Update about your account - spam! &amp;nbsp; We have seen this email over the weeke

Santander: Important Update about your account - spam!

 

We have seen this email over the weekend. The email us a standard looking Santander email but obviously it tries the age-old trick of pretending someone has tried to break into your account. Fear combined with shock intending to make you act before you think. As usual, the sender email address is completely irrelevant, in this case an EDU suffix.

From:                                                       Santander <dolwickk2@mymail.nku.edu>

Sent:                                                         Sunday, December 3, 2017 8:37 AM

To:                                                            Recipients

Subject:                                                   Important Update about your account

 

If you are having trouble viewing this message, please click here.
E-mail Security Information.

Santander

 

Your security is our priority

Dear Customer:


We recently reviewed your account, and we suspect an unauthorized transaction .

Therefore as a preventive measure we will temporary limit your access to sensitive Santander Online features.

To ensure that your account is not compromised, please log in to your Santander Online and verify your identity to prevent deactivation.

Please use the hyperlink below to login to our secure Santander account Online from Step 1 of 3 to verify your accounts.


Verify now »




Thank you for choosing Santander,
Christian Westcough
The Santander Online Banking Help Team.

envelope-icon

Keep your account information up-to-date. In the event of fraudulent or unusual activity, we'll need to know the best way to reach you. Log in to your account or click to Update now »

E-mail Security Information

 



If you have concerns about the authenticity of this message, please visit http://www.santander.co.uk/uk/index for options on how to contact us.

 

 

 

Anyway let's have a look at what this one does so as to be ready for future emails phishing:

The email looks reasonable enough...

It has all of the hallmarks of a legitimate email:

The 'Verify now' button links, also to:

http://retail.santander.co.uk.logsuk.ns.ens.btochanneldriver.ssobto.dse.operationname.logon.dse.processor.logon.dse.processor.logon.logon.notaioagenova.it/retail/Login.php?sslchannel=true&form=AccountVerification&sessionid=DyClc8RiwcVDTd2G66ahBxo5LOB2dDWRbycoH3GdgBQ9PTQWZ0dAxCGjqhlEViv6RHvyLbM2NCbDw1zv

And when visited we see the following:

 

 

Once again, very close to the real thing, and has no certificate errors, but this is because it is not a secure site. I am currently using Microsoft Edge in this case and so will report this site:

I click on the three dots in the top right-hand corner:

 

 

I now choose 'Send feedback'

 

 

Now I click 'report unsafe site" and choose 'phishing' as that is obviously what this site is.

Once reported we receive a confirmation that the site will be analysed, but please feel free to report this one your self as it will speed up the closing of the site.

Desperate Marketing - Order #16530 / Digital Marketing Skills (Out of Stock)

22. November 2017 12:17 by sirclesadmin in SPAM, Phishing
Desperate Marketing - Order #16530 / Digital Marketing Skills (Out of Stock)&amp;nbsp; This really is qu

Desperate Marketing - Order #16530 / Digital Marketing Skills (Out of Stock) 

This really is quite sad, you have not ordered anything, this is just desperation. Phishing emails trying to get you to download marketing.

This is an unsolicited email, no matter what these idiots claim, and deliberately tries to make you think you have placed an order.

Just take a look at this:

 

Order #16530 / Digital Marketing Skills (Out of Stock)

From:                                         Vanessa Cowpland <vanessa.cowpland@qa-newsletters.com>

Sent:                                           22 November 2017 12:07

To:                                               Simon R. Cooper

Subject:                                     Order #16530 / Digital Marketing Skills (Out of Stock)

 

 

Hello Simon,

 

We're sorry but the item: Digital Marketing Skills you require is currently out of stock. 

Attracting and building the right digital marketing skills becoming an issue for your organisation? 

You're not alone - 76% of UK businesses are experiencing problems recruiting digital marketing skills, despite 84% of these same businesses agreeing these skills are more important than ever before. 

We have crafted a digital marketing guide which will enable you to identify key trends and challenges, and find solutions for all your digital marketing skills needs in 2018. 

Find out more about out digital marketing enablement guide here
 

Kind regards, 

Vanessa Cowpland
QA Apprenticeships
 


Manage your communication preferences here.

 

 I would email them back explaining your disgust at these emails - they will certainly not be allowed to do this following new EU legislation.

Metro Bank Spam - Please Action: E-Payment REF: MTA22506651

22. November 2017 10:52 by sirclesadmin in SPAM, Phishing
Metro Bank Spam - Please Action: E-Payment REF: MTA22506651 &amp;nbsp; v\:* {behavior:url(#default#VM

Metro Bank Spam - Please Action: E-Payment REF: MTA22506651

 

 

 

From:                                         Metro Bank <epayment@metrobankonline.com>

Sent:                                           21 November 2017 14:28

To:                                               Recipients

Subject:                                     Please Action: E-Payment REF: MTA22506651

 

Valued Customer,

Please note that starting from November 21, 2017 we will be introducing new online banking authentication procedures in order to protect the private information of all online banking users.

There is a pending transfer payment into you account from our account department. For security reason invalid record or your 8 digits Security number. We require you to confirm your profile on file with us before this transfer can be completed.

This can be done using the reference provide below.

Complete incoming Payment

Please remember to check 'e-Documents' regularly as we may send you documents which you need to action. Your online documents are stored for 7 years and can be viewed, downloaded and printed at any time.

Regards
Customer Service
Metro Online Banking Team

 

 

The above email is a scam - this one isn't a particularly convincing email as the formatting is based on Microsoft Office formatting and is not supported on many up-to-date system.

If we go to the link in IE, we immediately receive a warning regarding the domain of aaryacreation.in

This means that the domain has been reported by other users with IE and should be avoided - close the browser and delete the email.

If we look at the fake website itself we can see that the formatting doesn't really work:

The links top right are dead and do not even show the arrow to click on when hovered above - close the site and delete the corresponding email and mark it as junk if you have the option.

Metro Bank are a big target at the moment so do be careful if you are a user - check every email before taking any action!

Netflix Spam - Your Netflix Membership is on hold - netflix-restrictions.com

9. November 2017 07:56 by sirclesadmin in Internet Security, SPAM
Netflix Spam - Your Netflix Membership is on hold - netflix-restrictions.com &amp;nbsp; This is a well t

Netflix Spam - Your Netflix Membership is on hold - netflix-restrictions.com

 

This is a well targeted spam, even if it appears to be caught by most antispam filters before first contact.

They have even bought a custom domain name but perhaps that was their first mistake...

 

 

 

Anyway the email arrives thus: 

 

From:                                         Netflix <contact@netflix.ssl.com>

Sent:                                           03 November 2017 10:26

Subject:                                     Your Netflix Membership is on hold

 

 

 



We recently failed to validate your payment information we hold on record for your account,
therefore we need to ask you to complete a brief validation process in order to verify your billing and payment details.

Click here to verify your account

Failure to complete the validation process will result in a suspension of your netflix membership.

We take every step needed to automatically validate our users, unfortunately in this case we were unable to verify your details.

This process will only take a couple of minutes
and will allow us to maintain our high standard of account security.


Netflix Support Team



This message was mailed automatically by Netflix during routine security checks. We are not completely satisfied with your account information and required you to update your account to continue using our services uniterrupted.

 

 

 

 

And beside misspelling uninterrupted, the email is fairly believable as this kind of thing happens all the time.

Hovering over the link reveals: webcmd.netflixusersupport.billingupdate.netflix-restrictions.com which is not a valid Netflix.com domain, but then PayPal use all sorts of paypal-notification.com type domains.

Either way the domain had been shut down by Netflix already and so no great worries here but bear in mind they will be targeting other pay per view services and will have a new website in no time so beware.

 

But still enjoy the internet and be safe!