Technical support scammers call the wrong person in this video..
The website involved is 24by7technohelp.com (there is another site on the same server called 24by7onlinesolution.com doing the same thing). These sites are hosted on 208.91.199.77 (Confluence Networks, British Virgin Islands). I've had the Confluence Networks range of 208.91.196.0/22 blocked for some time with no ill effects..
More on this story here.
[Via]
Thursday, 24 May 2012
Where's the malware spam?
When malware spam drops, I notice that fake pharma spam pops up instead, and furthermore malware spam runs are hardly ever at weekends when pharma takes over. And yes.. there's been an uptick of pharma spam lately which follows the pattern.
This malware spam run has been going on for months now, with a few breaks of a few weeks each time. I can't believe that anything fundamental has changed. So stay alert!
Monday, 21 May 2012
Synovate / Avios "Share your opinion and win an iPad!" spam
From: Loyalty Research loyaltyresearch@synovate.net
Reply-To: loyaltyresearch@synovate.net
Date: 21 May 2012 08:41
Subject: Share your opinion and win an iPad!
Dear Mr Xxxxx,
We are contacting you from Synovate, an independent market research agency and would like to invite you to take part in a survey on behalf of a leading loyalty rewards programme, that you are a member of.
Your name has been given to us in good faith by this company and their loyalty programme name will be revealed to you at the end of the survey.
As a thank you for your participation we will enter you into a prize draw to win a fantastic iPad. Your opinions will be used to improve products and services.
This survey should take less than 20 minutes to complete, and will close on the 30th May 2012
Please click on the link below to begin the survey (CLICK ONCE ONLY):
https://wbint6web.synovate.net/syn.asp?s=XXXXX&p=XXXXX&i=XXXXX&w=XXXXX
Your identity will not be revealed to any third party
All information that we collect is strictly confidential and participation will not lead to any unsolicited mail, phone calls, or e-mails.
Your name will never be associated with your specific responses as they will be combined with those of other respondents. You can view our privacy policy at: http://www.synovate.com/legal/
If the survey link does not open, close the browser window then copy and paste the link into the address line of a new browser window and press enter.
If you exit the survey unexpectedly or accidentally close your Internet browser, clicking on the link above will allow you to re-enter the survey and continue where you left off.
If you have any comments or questions about this survey, please e-mail loyaltyresearch@synovate.net and include this survey ID number XXXXX along with any correspondence.
Kind regards,
The Synovate Team
This e-mail is being sent to you by Synovate on behalf of a leading customer loyalty company. Synovate and this company attempt to comply with all governmental laws for commercial e-mail. We have contacted you specifically either because you agreed to be on their mailing list to receive correspondence such as this, or you have previously participated in a survey on behalf of this company. Who this company is will be revealed at the end of the interview. If you do not wish to receive further communication from us, please reply to this email and let us know.
Terms & Conditions
1. The prize is a 16gb iPad with wi-fi
2. The prize draw is open to participants of this survey aged 18 or over resident in the UK, excluding employees and past employees of Synovate or anyone materially connected to the administration of the prize draw.
3. Entry to the draw is by completion and submission of the survey. No purchase is required.
4. Closing date for all entries into the prize draw is 30th May 2012 at 12pm. No responsibility will be taken for entries lost, damaged, incomplete or illegible. Proof of submitting will not be accepted as proof of delivery. Entries may be disqualified if incomplete or illegible.
5. Only one entry per person may be submitted.
6. The draw will take place by 30.06.12.
7. The prize will be awarded to the first eligible entry drawn.
8. The winner will be notified in writing by 06.07.12.
9. The winner will receive their prize by post no later than 20.07.12.
10. If a winner cannot be contacted within 14 days from the draw date, an alternative winner will be drawn.
11. The name and county of the winner will be available to anyone sending a stamped addressed envelope to Ipsos, Prize Draw Winner, c/o Toby Rogers, Minerva House, 5 Montague Close, London, SE1 9AY within 28 days of the published closing date.
12. All entrants to the prize draw will be deemed to have accepted the rules.
13. No alternatives to the prize offered will be given.
The bit that says "Who this company is will be revealed at the end of the interview" is particular appalling as the only way to find out who sold your contact details is to do the suvey! Well, not quite.. because the email address Synovate sent to is only used for registration at Avios (formerly Airmiles). So Avios sold on my contact details for the survey.
Oh well, easily fixed. We just need to change the privacy settings in Avios to stop this happening.. oh wait, third party emails don't appear in the "contact preferences" section of their site at all:
So what does their privacy policy say? Well:
Direct Marketing and who your data may be passed to
Your data may be passed to carefully selected companies that distribute Avios or companies that we think may be of interest to you. We may also pass your details to suppliers that process data on our behalf. On occasion we may use and disclose data on a collective basis for marketing and research cases but will not in such cases provide individual customer data.So, you passed my contact details to Synovate for market research purposes, and there's no apparent opt out. Unless perhaps I do it in writing as you can't opt out on the web site..
How to remove yourself from our communication listingsThis is really shabby marketing. Avios haven't breached their own privacy policy as it allows them to sell your contact details on in this way, but most consumers won't be expecting it. You should never, ever click on an unsolicited link like this (because it could lead to malware) and Avios and Synovate should at least make their relationship clear in the email rather than keeping it as a secret until you do the survey.
If you do not wish to receive promotional mailings, simply inform us by writing to the address below. Please note that you may still receive an Avios statement as part of your membership.
Customer Account Management
PO Box 90,
Birchwood,
Warrington,
WA3 7XA.
And why is this spam? Well, in my opinion the email is unsolicited, Avios members cannot apparently opt-out or control these, and the relationship of the recipient to the sender is unclear. Avios and Synovate serious need to clean up their act IMO.
Friday, 18 May 2012
Myspace "Security updates" lead to fake pharma
Date: Fri, 18 May 2012 13:44:44 -0700
From: "Myspace" [noreply@message.myspace.com]
Subject: Security updates
myspace
We have recently updated our website to improve our security.
Please follow the instructions to ensure your account is enable and not blocked.
If you need immediate assistance, please contact our support team.
Note: It is important that your personal information is accurate and complete. This information may later be used to help verify the owner of the account. We does not sell or provide your personal information to third party companies.
Thank you for using Myspace!
The Myspace Team
http://www.myspace.com/
Have questions? Visit our help page. Myspace, 8391 Beverly Blvd, #349, Los Angeles, CA 90048.
� Myspace Inc. All Rights Reserved.
The link in the email goes to a variety of fake pharma sites, all of which appear to be hosted on 91.212.124.152 in a block registered to one Aleksandr Nikolaevich Nikultsev in the Ukraine. The doesn't seem to be much you would want to visit in 91.212.124.0/24 so blocking the whole lot might be prudent.
These are the sites I can find hosted on 91.212.124.152:
acefsynqe.com
amwafudicbia.com
badgestabmedicine.com
biolpharmacy.com
boquihcu.net
carepharmedical.com
carepharmgroup.com
cialisviagracounterpunch.com
curot.ru
cvaxvaso.com
dietabletouchpad.com
dietprescriptionfat.com
diong.ru
duski.ru
dzepojkarny.com
ecstasyherbal.com
epoth.ru
ettoicbynn.com
familymedicineviagra.com
fdamedicalprescription.mobi
genericsteva.com
healthtabgroup.com
hospitallnessmedical.mobi
kdffg.ru
kdfgd.ru
leibypharmacylevitra.com
levitrabrooklyn.com
levitracontab.com
levitrapause.com
lkdsfh.ru
lkhj.ru
loug.ru
lupp.ru
medicarewelnessdebt.com
medsdietgroup.com
medslevitraleiby.com
medsmedicinegroup.com
movietestworld.com
mymedicaremeds.com
mypharmacyherbal.com
mypharmed.com
mypillhealth.com
mypillmedical.com
mypillsale.com
newcanadatablet.com
newmedpharmacy.com
newpillscare.com
newrxhealth.com
newrxmed.com
newrxmedicine.com
newtabhealth.com
newtabletcare.com
nyctyckap.com
oedy.ru
patientsviagracare.com
phad.ru
pharmacycarepatients.com
pharmacycifrazier.com
pillsmedicalhospital.com
plew.ru
pohjgh.ru
prescriptiondrugslevitra.com
radicalmediadata.com
sdfhsj.ru
sescahpyff.com
sexualevitra.com
sexualpillsmed.com
sexualwelnessmed.com
simjicwar.com
sleaxmobca.com
smoruroy.com
sniggahcar.com
soylovde.com
sreadafet.com
srenusoxhui.com
stationbeta.com
steelevitra.com
storepharm.com
straussrx.com
tamy.ru
tbin.ru
thow.ru
viagrahalfmile.com
vikingsnotdead.com
vjkcvl.ru
vkgtq.ru
walgreenspillsrx.eu
Monday, 14 May 2012
TaxSlayer.com spam / hseclub.net
Date: Mon, 14 May 2012 12:02:23 -0300
From: "Joann Crowley" [alert@taxslayer.com]
Subject: Don't make grave tax mistakes.
View Online | View Mobile | Unsubscribe from TaxSlayer e-mails.
Avoid tax deadline mistakes that delay your tax return
With the tax deadline looming, it is essential to make sure that you prevent any errors on your tax return that could delay the filing and processing of your returns. The IRS recently released a list of their most commonly seen errors.
Read More
FREE TAX ADVICE x96
with TaxSlayer.com
Do you have a tax-related question that you would like to ask someone? Try our newest feature!
Read More Do you need
more time to file?
The deadline for filing your tax return will be April 17th this year. See what you can do if you need more time.
Read More Do you need a last minute deduction?
If you are in need of another tax deduction, you may be able to deduct some or all of your IRA contributions.
Read More
This email was sent to xxxxxxxxx by notification@taxslayer.com.
Click here to unsubscribe from TaxSlayer.com e-mails.
TaxSlayer.com | 610 Ronald Reagan Drive | Evans, GA 30809
Needless to say, this spam isn't from TaxSlayer.com but it leads to malware, this time with a malicious payload at [donotclick]hseclub.net/main.php?page=3d45d0a0fe805ff8 (report here) hosted on 37.59.68.23 (OVH, UK). Blocking that IP will probably do you no harm.
Saturday, 12 May 2012
Nadine Dorries: Where's My Shotgun?
You're not in Florida, Nadine. My MP (who I've never actually seen in the flesh at anything I've been to) Tweets about Reginald D Hunter (after being on Have I Got News For You):
Usually when Tory MPs are involved in online death threats, it's the other way around..
"I have now left the HIGNFY after party. As I looked over my shoulder, Reginald D Hunter was talking to my daughter.#wheresmyshotgunman"
Usually when Tory MPs are involved in online death threats, it's the other way around..
Friday, 11 May 2012
Scamworld: 'Get rich quick' schemes mutate into an online monster
Thursday, 10 May 2012
Fake job and credit check sites to avoid
creditdealmanagement.com
creditlevelreport.com
hotdealsmanagement.com
hotoffermanagement.com
rockingdealmanagement.com
rockingdealmanagements.com
rockingoffermanagement.com
rockingscoremanagement.com
tql-billing.com
The WHOIS details are as follows:
creditdealmanagement.com
Aleje Ujazdowskie 88-44
Warszawa
Warszawa,
PL
00545
name:(Sophie Ellis)
mail:(admin@creditdealmanagement.com)
+022.8260898
+022.8260898
Hot Date
creditlevelreport.com
NA
Torrie Ots admin@creditlevelreport.com
+14122666060 fax: +14122666060
123 6th Street
Pittsburgh PA 64213
us
hotdealsmanagement.com
name:(Sophie Ellis)
Email:(admin@creditdealmanagement.com)
tel-- +022.8260898
fax:(+022.8260898)
Hot Date
Aleje Ujazdowskie 88-44
Warszawa
Warszawa,
PL
zipcode:00545
hotoffermanagement.com
Aleje Ujazdowskie 88-44
Warszawa
Warszawa,
PL
00545
name:(Sophie Ellis)
mail:(admin@creditdealmanagement.com)
+022.8260898
+022.8260898
Hot Date
rockingdealmanagement.com
name:(Niko Irlung)
Email:(admin@rockingoffermanagement.com)
tel-- +022.4860345
fax:(+022.4860345)
Rockinig
Aleje Ujazdowskie 54C
Warszawa
Warszawa,
PL
zipcode:00541
rockingdealmanagements.com
NA
Yawn Paul admin@rockingscoremanagement.com
+14122821060 fax: +14122821060
34G W C Jobs
Pittsburgh PA 64421
us
rockingoffermanagement.com
Niko Irlung admin@rockingoffermanagement.com
+022.4860345
+022.4860345
Rockinig
Aleje Ujazdowskie 54C
Warszawa,
Warszawa,
PL 00541
rockingscoremanagement.com
NA
Yawn Paul admin@rockingscoremanagement.com
+14122821060 fax: +14122821060
34G W C Jobs
Pittsburgh PA 64421
us
tql-billing.com
Aleje Ujazdowskie 87-44
Warszawa
Warszawa,
PL
00540
name:(Dill Nilson)
mail:(admin@tql-billing.com)
+022.8277528
+022.8277528 TQL
Subscribe to:
Posts (Atom)