November spam roundup: Stalkers, property tips, porn, stern words and PayPal

By November 30, 2020Blog

Today we’re rounding up some of the interesting pieces of spam currently in circulation, taking in everything from housing deals to mysteriously free slices of cash. You may have seen some of these already. Hopefully we can help make up your mind about whatever’s lurking in your mailbox.

A full house of spam

Whether by accident or design, you may see spam land in your inbox reminiscent of multiple unrelated scams. It’s quite something when you don’t know if you’re looking at something ransom/blackmail related, or dating, or stolen passwords/data, or a combination of all three.

The title of the email is itself somewhat disturbing at first glance:

I am watching you every day let’s talk here [URL] I live next to you, you recognize me from the photo) after entering, I look forward to meeting you

From the getgo, we have a big stalker vibe going on. It’s a neighbour, and they’re going to…invite themselves in? What are they doing in your house? Why do they want to come in? Have they been watching you? I’ve seen many of those “I have your password and stole your files” mails that open with a line similar to “I’m watching you”. Admittedly, those claim to be watching through a webcam and not your bedroom window, but it’s still enough to set the old panic bells ringing.

Then things get very weird.

Do you like houses? Our spammer does

The tone shifts from vaguely menacing, to “rich intimate fantasies”. It’s also no longer happening in your own home, but one of several random properties close to you. If you ever wanted to meet up with a totally random stranger from the internet, in a dreamlike luxury bungalow which belongs to neither yourself or the message sender, then this is definitely the mail for you.

At this point, you may be asking yourself why you have a bunch of property tips next to what sounds like murderous dating spam. The answer is that spammers are trying to get around blocks/filters. There’s not much point spending time and effort spamming, if nobody ever sees it. If they can make use of valid services and piggyback into your mailbox, they’ll do that instead. Mail services may think twice about stopping messages coming from what are legitimate sources, even if the contents are somewhat dubious.

Skipping the security fence

There’s many ways to attempt a bypass. Splitting Bitcoin addresses and writing in languages other than English, using images, avoiding certain words or hiding the text, or piggybacking on other services. Here, they’re likely trying to take advantage of a legitimate site’s service to blast through detection. The property website in question offers the ability to send property recommendations with no need for sign up. It didn’t work for us in testing so either it only works sometimes, the site owners have switched it off, or the scammers haven’t used it at all. They’re merely imitating it to make it look as though it’s the real thing.

The spam links lead to a number of explicit sites. Whether or not you say you’re over/under 18, you’ll still be taken to graphic pornography games or adult dating websites.

A somewhat innovative method to get round spam traps, but I’m not sure what kind of success rate we’re talking about. Any process which goes from “potentially threatening”, to “houses for sale”, with a splash of “randomly taken to explicit pornography games” can’t have that big a target audience.

Users of Malwarebytes will find they’re protected from the sites linked from the initial mails, and also further clickthroughs/redirections:

adultgames(dot)fun
mojzz(dot)playtillcum(dot)com
mojzz(dot)dateworlds(dot)net
milffinder(dot)com
h90348it(dot)beget(dot)tech  
liksss(dot)beget(dot)tech

The case of the unfriendly 419 spam

Another day, another attempt to part you from money. This 419 style missive takes the form of someone, er, telling you off. A lot. It reads as though you’re halfway through some shadowy, clandestine operation. Did I mention you’re being told off? Because that happens. A lot.

Some salient extracts:

Sometimes, I do wonder if you are really, really with your senses. How Could you keep trusting people and at the end you will lose your hard Earned money, or are you being deceived by their big names? They Impersonate on many offices, claiming to be Governors, Directors/Chairman of one Office or the other.

Their game plan is only just to extort your hard Earned money. Now, the question is how long you will continue to be Deceived? Sometimes, they will issue you fake check, introduce you to fake Diplomatic delivery, UN-existing online banking and they will also fake wire transfer of Your fund with Payment Stop Order and even send you fake ATM cards etc.

If this doesn’t feel like someone winning your confidence, you’d be right. It gets worse:

Anyway, by the virtue of my position I have been following this Transaction from inception and all your efforts towards realizing the Fund. More often than not, I sit down and laugh at your ignorance and That of those who claim they are assisting you, it is very unfortunate That at the end you loose.

Please I beseech you to stop pursuit of shadows and being Deceived. Feel free to contact me immediately as you receive this mail so that I can Explain to you the modus-operandi guiding the release of your Payment. Do not panic, be rest assured that this arrangement will be Guided by your Embassy here in Nigeria.

I do wonder what the success rate is for this one.

Lazy phishers and bad phishing pages

This is possibly the laziest or worst phish page I’ve ever seen. It starts off reasonably enough for a scam, claiming to be from a bank manager telling you there’s vast sums of unclaimed funds.

The main hook of the mail reads as follows:

As the regional Bank Manager of BOA BANK. It is my duty to send a financial report to my head office at the end of each year On the course of the 2019 year report, We discovered an excess profit of Eight Million Us Dollars, Which we have kept in SUSPENSE ACCOUNT without any beneficiary. As an officer of the bank I can not be directly connected to this Fund for Security Reasons, that is why I am contacting you for us to work together to get the said Fund. into your bank account for INVESTMENT in your Country The percentage Ratio is thus: 30% for you, 70% for me and my colleagues.

All you have to do to get the cash is fill out a form. The wheels almost immediately come off when you look at the bottom and see “Create your own Google form”.

When a phish goes off the rails

That doesn’t sound massively encouraging for a bank. All the same, it could be enough to grab some details from the unwary. That’s what I’d normally say, only for clicking the link and seeing this, the top entry for “Most depressing phish attempt in this or any other decade”:

Filling in an “Untitled form”, with an “Untitled question” containing precisely one option to select called “Option 1” and no text entry to go with it? Phenomenal and astounding, can’t see how that is going to work.

While it’s a spectacular bit of embarrassment for the scammers, it’s wonderful news for potential victims. Some serious miracle working will have to take place to part them from their money. We’ll take this as a win.

And finally…

Just a gentle reminder that fake mails claiming to be from PayPal are still doing the rounds. As per the older missives, the mail claims to be from a intl-paypal(dot)com address (it isn’t), and wants you to restore access to your account. The phishing site the mail linked to was already offline as we received it. It reads as follows:

Dear Customer,

Your account has just closed temporarily, because there is suspicious activity on your account. To avoid unwanted things, we took action to close your account temporarily. Immediate update and re-activate your account.

As part of this process, your old security info will be deleted and your contact email

Click the button below to finish update and active your info.

As always, follow the same process for the older spam runs: block, report, and delete.

Never a day goes by without a terrific volume of spam and phishing knocking at your doorstep. With any luck, we’ve given you a few pointers on who to turn away.

Stay safe, everyone!

The post November spam roundup: Stalkers, property tips, porn, stern words and PayPal appeared first on Malwarebytes Labs.

Refer Here for Original Post and Source https://blog.malwarebytes.com/cybercrime/2020/11/november-spam-roundup-stalkers-property-tips-porn-stern-words-and-paypal/

Robert Crossland

Author Robert Crossland

More posts by Robert Crossland