If you get an email that seems to be from GoDaddy with the subject “Complete required actions”, do not open it, and for goodness sake do not click on the links in it!
If you’ve received an email with the subject “NOTIFICATION – Storage Full” (it may also have your email address in the subject), or an email which comes from, apparently, firstname.lastname@example.org, don’t open it! It’s a phishing scam trying to scam you out of your personal information!
There is an evil new phishing spam going around that is using Google Docs to do its dirty work. The subject is along the lines of “(Someone) has shared a document on Google Docs with you” – in many of the samples it is ‘Brett Schager has shared a document on Google Docs with you.” Many of the samples are also sent “to” email@example.com (you receive it because you are in the bcc: field).
Members of USAA insurance and banking programs have been receiving email that appears to come from USAA (which stands for United Services Automobile Association), but which are actually phishing scams. The scam email comes from the nonexistent domain usaaservice.com (such as from “USAA.ServiceAccount@usaaservice.com”).
Bank of America, Wells Fargo, and Key Bank are among bank accounts being phished, SMiShed and vished by scammers who are sending SMS text messages to users, directing them to call hijacked Holiday Inn Express phone numbers which the scammers have disguised to make them sound like automated banking systems. So far this current crop has happened primarily in the Houston area.
“Emergency! Your phone is HACKED!!” says the subject of the email that appears to come from Tech Crunch. But in reality, this email is spam, with a link that almost certainly goes to malware, so don’t open or click on it!
Today, September 3, 2014, a new spoofed GoDaddy phishing spam started showing up in people’s inboxes. “Your account contains too many directories”, it tells you (for example, in our sample the subject is “Status Alert: Your account contains more than 9740 directories”).
Here is the full text of one of the newest Wells Fargo Phishing Spam, which started showing up this month (May, 2014). This one comes with an attached HTML file named “Wells Fargo Instruction Form.html”. Whatever you do, don’t download or open it!
A new batch of phishing emails, supposedly from TigerDirect.com, went out this week. Using social engineering to make you think that a costly order has been placed in your name, the email seeks to create a sense of urgency that will cause you to click on the links contained in the email, which of course go to the phishing site.
If you get an email saying that your password on Pinterest was successfully changed, and you know that you didn’t change your Pinterest password, don’t go running to Pinterest, and definitely don’t click any links, before reading this!
A couple of weeks back, the hacker group Rex Mundi blackmailed AmeriCash Advance, demanding that the payday lender give the group around $20,000. If AmeriCash Advance didn’t pay up, Rex Mundi would publish the thousands of loan-applicant records it stole from the payday lender. Now, a couple of weeks later, AmeriCash Advance hasn’t paid the extortion fee, so Rex Mundi did in fact publish all those loan-applicant records. This is a newsworthy story in its own right, but what really makes it important is that it reveals how utterly unsecured so much of our private information (Social Security numbers, credit card numbers, banking data, etc.) is. And our private information and other data are not just vulnerable to skilled hackers – it’s vulnerable in general because it is often so poorly protected.
Google is hard at work on a lot of things, including one of the most important and difficult things of all: improving Internet security. Five years ago, Google introduced Safe Browsing, an effort designed to protect Internet users – people who browse with Chrome, Firefox, or Safari, as well as anyone who searches the Web with Google – from malware and phishing. Through this effort, Google detects, among other things, 9,500 malicious sites every day. Allow us to repeat that: Google detects 9,500 malicious sites every day.
A rash of fake Verizon Wireless account notifications hit the Internet this week, showing outrageous charges that are, supposely, hitting your bill. They have the subject line of either “Thank You for your Verizon Wireless Payment” or “Your Bill Is Now Available”. Of course, the links take you to all sorts of spam and scam sites, so don’t be taken in. Here are some examples of the fake notices, with links to places such as http://integrallisambiental.com.br/k5CGsJe6/index.html, http://pliki.unigroup.pl/MFQanBuj/index.html and http://www.mayphe.com.br/DyXEBK63/index.html.
“TWITTER: Someone has a crush on you!” the subject of the email says as it announces that someone has a Tweetcrush on you. “You have been sent a Twitter Crush,” it goes on to say. Bologna. It’s a phishing scam, pure and simple. But, it’s a pretty compelling one, given how ‘authentic’ the site, which is hosted at ktwitteri.com, looks, where they steal your Twitter username and password.
Two massive spam runs were unleashed on the Internet today, and odds are very good that you will receive at least one of the two. Either you will be offered the opportunity to “Buy Cheap Watches (Rado,Rolex) and other products!”, or you will be told that you have received an “Electronic Federal Tax Payment System Notification number” (with some number appended at the end). Or, perhaps you’ll be extra-popular and receive both spams.