secretemailsystem.com phishing

Today we are looking at a site that will do quite literally anything to defraud you. First of all, w

Today we are looking at a site that will do quite literally anything to get money out of you.

First of all, we only came across this site because of some spam that came into the website email inbox:

OK, so it is a phishing scam as we can see from clicking the links in the video below: https://secretemailsystem.com/ROO/email@domain.suffix 

And once a browser has been used once, it is blocked with cookies:

So what is this website they are sending us to to phish for our credentials so that they can defraud our company? What is secretemailsystem.com? Let's have a look.  What was even more weird was that the account was suspended while we were looking at it:

 

But as we feel this site will reappear under another domain name, we shall continue this expose as they are actually trying to defraud sircles with a phishing attack and so, they just deserve it.

Well let's have a look. Firstly, let's have a look at their website itself, as it is a large page and has many points and details included:

Well their email link appears to be mattbacak@gmail.com which seems odd for such a large website.

OK so we can see it is heavily forced upon the reader as urgent - there is a script on the date:

<script>
var d = new Date();
d.setDate(d.getDate()+1);
var days = ["Sunday", "Monday", "Tuesday", "Wednesday", "Thursday", "Friday", "Saturday"];
var months = ["January", "February", "March", "April", "May", "June", "July", "August", "September", "October", "November", "December"];

document.getElementById("demo1").innerHTML = months[d.getMonth()];
document.getElementById("demo2").innerHTML = d.getDate();
document.getElementById("demo3").innerHTML = d.getFullYear();
</script>

Which shows todays date as the closing date every day, as we can see on the website snippet above. This is a sure sign of disingenuous behaviour, and is our first big red flag!

So what is this website about? Well it is about a man that claims he has made a fortune doing something online and is now trying to make money by helping everyone else do it. Does that remind us of anyone? Wait a minute, it is exactly the same pitch as many of the other trader instructors, only this time we are using email marketing as our 'get rich with only 30 minutes work a day' product. This person is called Matt Bacak; he is a very big man giving a very intense to camera piece describing how he would rather have an email marketing business than any other. Now we don't know about you, but we think that email marketing is a good way to generate repeat purchases, but it is definitely not a good way to attract new business. People do not like spam, especially when it comes to being told it will make you a fortune with 30 minutes work a day. This product is not a good one, perhaps that is why Matt Bacak is running Office 365 phishing scams from his website. 

Now at this point we do not know if his site was suspended because of the phishing scam, or because the host has received complaints about his core business, or he has simply scammed enough people with this domain and has moved on to a new domain to avoid any more refund requests. What we can be sure of though, is that this email marketing scam has been around a long time and that the video simply smells of a scam.

So what is the Secret Email System?

Well we are told that:

The Secret Email System is a counterintuitive approach to creating an running an online business, specifically the freedom life-style business model, that allows you to build a sustainable and profitable long term business that gives you the freedom, fun and adventure.

We achieve this by creating a “business machine” that works for you 24/7 where your only job is to oversee the system, not to create products, services where you have to chase new clients or deliver to them.

And as a result…this frees you up to live and enjoy your life while the business works for you – this is the Secret Email System.

OK so they are selling a good feeling as most sales pitches do. They are selling you freedom, fun and adventure, through an e-book that tells you how to do everything. This all sounds fine. It starts to get concerning when they start talking about a business machine that runs 24/7 and makes you money while you sleep. The concern doesn't come from any business related issues, more from the way that this product is starting to sound like autotrading, that it makes you rich no matter what you do, which is never true. This is another red flag to us.

 

Now there are a lot of bold claims on this site:

This is a lot of media to have been included on for this site to remain so unknown.

  • CBS
  • Investors Business Daily
  • NBC News
  • MarketWatch
  • Yahoo
  • Google
  • BBC News
  • The Wall Street Journal
  • YouTube
  • Forbes
  • iTunes (????)
  • Lifetime Networks
  • USA Today
  • The Straits Times
  • Entrepreneur
  • Amazon
  • FaceBook

No Financial Times or Economist? Oh dear.

Well we can be fairly sure that this is complete nonsense as the BBC News do not feature products like US morning TV. 'Bobs bowling alley are featuring a new deal for burgers' is not news to the BBC and Matt's email business will not have been featured. This is another red flag to us.

As of the next day, the site is back under the same domain name, so we will take the action of reporting the phishing site to their host. The directory appears to be gone, but it seems unlikely that this site was hacked with such a simple virtual directory in place. There has been no effort to hide this folder. Most likely it was removed because the site was shut down by the host who had recognised or been alerted to the phishing attacks.

We can have a check of the header:

Hop Delay From By With Time (UTC) Blacklist
1 * localhost mail240.atl271.mcdlv.net ESMTP 10/26/2021 4:06:02 PM  
2 3 minutes EHLO 198.2.142.240 10.253.31.92 SMTPs (version=TLS1_2 cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) 10/26/2021 4:09:10 PM
3 0 seconds 10.253.31.92 atlas301.free.mail.gq1.yahoo.com HTTPS 10/26/2021 4:09:10 PM
4 10 hour analyze.sbs 159.223.13.158 AM5EUR02FT023.mail.protection.outlook.com 10.152.8.166 Microsoft SMTP Server 10/27/2021 2:31:27 AM
5 1 Second AM5EUR02FT023.eop-EUR02.prod.protection.outlook.com 2603:10a6:20b:45f:cafe::e1 AS9PR06CA0269.outlook.office365.com 2603:10a6:20b:45f::32 Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) 10/27/2021 2:31:28 AM
6 0 seconds AS9PR06CA0269.eurprd06.prod.outlook.com 2603:10a6:20b:45f::32 VE1PR10MB3038.EURPRD10.PROD.OUTLOOK.COM 2603:10a6:803:108::13 Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) 10/27/2021 2:31:28 AM
7 2 seconds EUR03-VE1-obe.outbound.protection.outlook.com 40.107.5.57 CWLGBR01FT013.mail.protection.outlook.com 10.152.40.102 Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) 10/27/2021 2:31:30 AM
8 1 Second CWLGBR01FT013.eop-gbr01.prod.protection.outlook.com 2603:10a6:401:58:cafe::ab CWLP123CA0038.outlook.office365.com 2603:10a6:401:58::26 Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) 10/27/2021 2:31:31 AM
9 0 seconds CWLP123CA0038.GBRP123.PROD.OUTLOOK.COM 2603:10a6:401:58::26 LOYP123MB3151.GBRP123.PROD.OUTLOOK.COM 2603:10a6:600:e1::16 Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) 10/27/2021 2:31:31 AM
10 1 Second LOYP123MB3151.GBRP123.PROD.OUTLOOK.COM 2603:10a6:600:e1::16 CWXP123MB1878.GBRP123.PROD.OUTLOOK.COM HTTPS 10/27/2021 2:31:32 AM

 

So it seems it was sent from a local computer to mcdlv.net which is a mailchimp domain. We will inform them of this. It is possible that the email originated at the coolmaterial.com website as that is also an online store and so would possibly have mailchimp connections. If so it does not explain why or how they managed to infiltrate the secretemailssystem.com server and used such a short URL.

As one company is in Georgia and the other in New Jersey, collusions would seem unlikely. Either way it is either a poorly-secured website or a phishing scammer. They obviously found out that either one doesn't pay as their website was removed/disabled yesterday.

It may be that Matt is not a scammer and that he was just unlucky, but his first ebook is just a way to get you onto a subscription and if he is so good at making businesses, why does he need that? We do not recommend this marketing course.

VERDICT: SECRETEMAILSYSTEM.COM Is a way to upsell you more expensive courses, so unless you are committed enough to spend at least $200 USD do not buy!

Add comment