Spams

Today I got a scam text message from +1 (604) 339-2192, telling me to deposit email money transfer at et-lnterac-xxx (see screenshot). Notice how the scammer changed the letter I to lowercase l (L). I am not sure if the number is spoofed or not, or if the cellphone is compromised and used as a bot. Basically the scam message claims that CRA (Canada Revenue Agency) has sent me $297.00 and that I should deposit the money.

Text message from +1 (604) 339-2192

Then I checked the whois data, but it seems to be fake.

whois data

The address is in Toronto but the originating number is from Richmond, BC.

I'm usually too lazy to check it because I already know it's a scam. But this time I checked it because I'm bored, and when I checked the address, it goes to this site. Now, the only time somebody can create a subdomain record on a CPanel-based server is when they have access to the CPanel itself, so even if the application (e.g. Wordpress or any other script hosted there) is compromised, unless the person has the username & password for CPanel, they won't be able to create a subdomain record. Another possibility is if the scammer has compromised the whole server and got himself a root account. Who knows.

Then I proceeded to check the index files. Ahh, I can see now what the scammer has uploaded because he forgot to disable index in .htaccess.

More scam

Then I tried clicking the INTERAC e-Transfer_fichiers folder as I was just curious to see what's there.

Interac scam

Very interesting. Then I clicked td, rbc2, bmo, sco. Here's what came up - a fishing page trying to get users to post their credentials for TD, Royal Bank of Canada, Bank of Montreal, and ScotiaBank.

Here's the Scotia one (check out the URL in the address bar):

Scotia Bank scam

Here's the TD scam (check out the URL in the address bar):

TD Scam

There you go.

If I go to the main domain, apparently the site is from India (country code +91):

Hope this can help some people. Be careful and stay safe.

 

Continue Reading
 Read More

This morning I received a scam spam message from (917) 690-6874. Becareful because this is not a legitimate text from BestBuy.ca. It tries to fool the receiver by adding "BestBuy.ca" subdomain.

The page then redirects to Ziinga.com. Read the following about fraud by Ziinga

http://www.scambook.com/company/reports/59339/Ziinga.com

http://www.consumeractiongroup.co.uk/forum/showthread.php?332397-ziinga.com-Help-Needed

The WHOIS information for ziinga.com:

Domain: ziinga.com
Registrar: Eurodns S.A.

Registrant:
Company: Flamingo Intervest Ltd.
Name: Nikdar Masih
Address: OMC Chambers, Road Town
City: Tortola
Country: VIRGIN ISLANDS, BRITISH
Postal Code: P.O. Box 3152
TextWon.com SCAM claiming from BestBuy.ca


Administrative Contact:
Company: Flamingo Intervest Ltd.
Name: Nikdar Masih
Address: OMC Chambers, Road Town
City: Tortola
Country: VIRGIN ISLANDS, BRITISH
Postal Code: P.O. Box 3152
Phone: +35625572557
Fax:
Email: nodomainnames@gmail.com

Technical Contact:
Company: Flamingo Intervest Ltd.
Name: Nikdar Masih
Address: OMC Chambers, Road Town
City: Tortola
Country: VIRGIN ISLANDS, BRITISH
Postal Code: P.O. Box 3152
Phone: +35625572557
Fax:
Email: nodomainnames@gmail.com

Original Creation Date: 2009-09-30
Expiration Date: 2015-09-29

Status:
clientTransferProhibited

Nameserver Information:
Nameserver: ns1.mydyndns.org
Nameserver: ns2.mydyndns.org
Nameserver: ns3.mydyndns.org
Nameserver: ns4.mydyndns.org
Nameserver: ns5.mydyndns.org

59QMY8Y3PY9G Continue Reading
 Read More
This is only my 3rd week in Canada, but I've been getting several phone calls from a US listed number and everytime I pick up an automated female voice says "Congratulations! You've just won a cruise to the Carribean! To claim your prize, please press the 9 key!"Obviously it's a scam... and just so you know the phone numbers are:
  • 1-702-466-3253 (Nevada)
  • 1-856-676-0951 (New Jersey)
  • 1-201-210-6106 (New Jersey)
Continue Reading
 Read More

Latest

Scam text message from +1 (604) 339-2192

24.Jun.2017
Today I got a scam text message from +1 (604) 339-2192, telling me to deposit email money transfer

Disable free SSL from CPanel

26.Jan.2017
Recently, CPanel has been providing domain validated SSL certificate for free. However, it is quite

Windows 2012 Server RC Evaluation ISO direct link

2.Aug.2012
I've been wanting to download the latest version of Windows 2012 but for some reasons I keep getting

Scam from TextWon.com/Ziinga (claiming to be BestBuy) sent by (917) 690-6874

3.Jul.2012
This morning I received a scam spam message from (917) 690-6874. Becareful because this is not a

Oracle VM Server on Lenovo W520 with i7-2860QM and 32GB RAM, 1.5TB RAID

2.Jul.2012
I've been curious about Oracle VM Server and wanted to try it for my own home lab. I've had the

Ubuntu 12.04 on Lenovo W520 with Intel RAID - don't waste your time

24.Jun.2012
I think Ubuntu 12.04 is a big failure. It's unstable and buggy to the point where I think it just

iOS 6 - How to get turn-by-turn navigation for older iPhone (3G, 4)

13.Jun.2012
iOS 6 - How to get Siri and turn-by-turn navigation for older iPhone (3G, 4): Sell your old iPhone

Bitrig - copycat of OpenBSD

13.Jun.2012
Another day and yet another open source project got forked. Bitrig has decided to copycat OpenBSD&nb

Mobile Vendor Trend - 2012

11.Jun.2012
What Google Trends is telling you:

GMail - Temporary Error (500) - Numeric Code 93

17.Apr.2012
At the mercy of Google when all my data (Google Apps) is in the cloud:It has been down for the last

Drive Genius 3 - Defrag Failed

28.Mar.2012
I'm one of the folks who bought MacUpdate Spring 2012 Bundle, which includes Drive Genius 3. I've

Netflix has been down for several hours (November 27, 2011)

27.Nov.2011
I believe Netflix is currently down ... it has been down since 5pm. At first, I thought I forgot

How to install CentOS 6 from a USB drive with UNetbootin

23.Nov.2011
I believe I'm one of the poor souls who tried to install CentOS 6 64-bit on a laptop with no DVD

Funniest Race Start Fail Ever!

9.Nov.2011
This is definitely the funniest race start fail ever! LOL  

Simple Bash Script to use OS X 10.4 as a firewall

25.Oct.2011
There was an unused Apple desktop machine running OS X 10.4 sitting around, so I decided to use