Fake Email Messages About Potentially Lucrative Emails That Have been Quarantined

Here’s another one of those fake emails. This one is relatively new in its approach. The Subject line says “WARNING!!! (4) Messages Quarantined” and it comes from “MAIL SERVER ad***@to*****.com.”

WHAT TO DO

Delete! Delete! Delete! And delete it from your trash folder so it is completely out of your computer system. Do not click on any of the links! It goes to some obscure address like “https://cdn-s.de/cgi-bin/index.php?xxxxxxx”  (I do not post the  whole link because someone might click on it from this post). It looks like this is a code that goes to your domain server’s coding folder where it will propagate serious damage.

If you have time, please report the fake email (and all other suspicious email) to the Federal Trade Commission. Help protect the rest of the world.

This email was sent to my technical support address. So I assume it was meant to go to someone who had access to the inner workings of a website.

Notice how the top line of the messages (supposedly quarantined) looks like it has something to do with a payment? Notice also how there are several links to “Release”? These are catchy words/phrases to tempt you into seeing what you might be missing.

 

*********************

Here is the rest of the actual message:

Dear Mail User [su*****@wy***********.com]

The links go here:

Important: Some incoming messages have been placed in your Personal Quarantine.

This pending messages will be deleted automatically after 7 days.

Few of your quarantined messages are listed below along with the actions that can be taken.
To see all quarantined messages view   su*****@wy***********.com" target="_blank" rel="noopener noreferrer">your email quarantine and release to inbox
Quarantined email
Recipient: Subject: date:
Release (su*****@wy***********.com) Remittance Payment Advice For MT103 30/04/2020
Release (su*****@wy***********.com) Re: Re: Contract 30/04/2020
Release (su*****@wy***********.com) Re: SALES ORDER CONFIRMATION 30/04/2020
Release (su*****@wy***********.com) Payment Invoice N96A4456 30/04/2020
Deliver all Messages


Note : This message was sent by the system for notification only.  
 Please do not reply

If this message lands in your spam folder, please move it to your inbox folder for proper interrogation:

This mail is protected to [YOUR REAL ADDRESS]
Ⓒ 2020 Cyber Security Alert . All Rights Reserved.

 

***************

 

Here’s a variation of the same evil scheme:

The links go to this Denmark server:
https://cdn-s.de

Subject: ITsupport Mail Quarantine Notification

Email Notification:

ImportantSome incoming messages have been placed in your Personal Quarantine.
This pending messages will be deleted automatically after 7 days.

Deliver all mails to your Inbox: Visit your Webmail Quarantine CenterCLICK HERE

Few of your quarantined messages are listed below along with the actions that can be taken.

Envelope From: sa***@mi**************.com
Subject: Inquiry
Time: Mon, 04 May 2020 08:49:14 -0700
Envelope From: ko**************@ou*****.com
Subject: RE: Order Confirmation
Time: Mon, 04 May 2020 08:53:51 -0700
Envelope From: an**************@sm*.com
Subject: L90GZ SN/679577
Time: Mon, 04 May 2020 08:55:24 -0700

****************
Another Variation:

An email stating you purchased something and this was debited from your bank. The link goes to a fake website that appears to have no homepage but actually has a mischievous .ASPX file.

Subject:  Credit card purchase confirmation

Hello
Find attached an ACH confirmation which was processed from your bank account.
Regards

Fake Emails from Domain Service

I’ve recently been getting so many emails from this company: Domain Service (or whatever company they decide they want to be).

HOW THEY OPERATE

They send out emails to unsuspecting domain name owners. They get the victim’s email addresses from the listed registered owners of different domain names. Then they send out these bogus warnings that their domains will be lost if they do not renew their subscription. They pose as the authorized company of said domain when actually, they have nothing to do with the domain and actually want to steal it from the victim.

They say they can do it for a huge sum — many times more than the actual cost of the domain name. The victim pays and that’s the last they hear of them.

If you ever receive an email like this, simply trash it and then delete your Trash content. Better still, report it to the Department of Justice. If you want to be sure about the email, contact your website manager or domain register and they can confirm the email’s authenticity.

vvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvv

SAMPLE

Here’s a sample of one of the emails I received:

 

Important notice

Notice#: 393989

Date: 04/27/2020

Domain Expiration

Domain: [NameOfDomain.com] (whatever your domain is)

Expiration date: 05/05/2020

To: [The Victim, Victim’s Company]

[Victim’s Address]

Domain Name: Registration Period: Amount: Term:
[NameOfDomain.com] 05/19/2020 to 05/19/2021 $86.00 1 Year

Secure Online Payment

Domain Name: [NameOfDomain.com]

Attn: [Victim’s Name]

 

This important notification notifies you about the notice of your domain frtsgv.org optimization submission. The information in this email may contain legally privileged information from the notification processing department of the Registration Office for our traffic generator. We do not register or renew domain names. We are selling traffic generator tools. This information is intended for the use of the individual(s) named above.
If you fail to complete your domain name registration frtsgv.org search engine optimization service by the expiration date, may the dismissal of this search engine optimization domain name notification notice.

Process

Secure Online Payment

to complete your payment

Failure to complete your domain name registration [NameOfDomain.com] search engine optimization service process may make it difficult for customers to find you on the web.

Act immediately

This domain registration for [ search engine service optimization notification will expire 05/05/2020.

Instructions and Unlike Instructions from this Newsletter:
You have received this message because you elected to receive notification. If you no longer wish to receive our notifications, please unlike here. If you have multiple accounts with us, you must opt out for each one individually to unlike receiving notifications. We are a search engine optimization company. We do not directly register or renew domain names. This is not a bill. You don’t need to pay the amount unless you accept this notification. This message, which contains promotional material strictly along the guidelines of the Can-Spam act of 2003. We have clearly mentioned the source mail-id of this email, also clearly mentioned our subject lines and they are in no way misleading. Please do not reply to this email, as we are not able to respond to messages sent to this address.

Help Paradise & Butte County Fire Victims

WYNK is working with the Bailey Romero Law firm. They have a heart for the victims of the 2019 Paradise and Butte County fire. Although the tragedy does not share the regular headlines anymore, there are countless families still in limbo.

There’s a lot of blame shifting going on — who’s responsible? Who pays for what? In the center of the controversy is the Pacific Gas and Electric (PGE) that filed for bankruptcy on January 29, 2019. What that means is the victims will need to absorb all the loss. The Bailey Romero Law firm have started a funding campaign to help. You can contact them for more details.

Southern California Office: 12518 Beverly Boulevard, Whittier, CA 90601

530-409-0027

If you know anyone who needs legal help we highly recommend the team of Judge Steven Bailey (Ret.) and Attorney Martha Romero. They are seasoned attorneys and know the ins and outs of the legal system.

iDNS (Internet Domain Name Services) – Fake! Scam!

I reported iDNS to the post office a few months ago warning them that this company was doing improper … yes, even fraudulent activities. Technically they are still within the legal bounds but in actuality, they are deceptive in their approach. They are scam artists! And I can prove it. Read on.

If you own a domain and you get a letter from iDNS watch out! The letter comes with a warning  — “Domain Name Expiration Notice” which will scare the non-techies to send their credit card information to them.

The letter looks like this:

iDNS-Fake

If you get this in your mailbox (not email box) relax. These guys just got your information through easily accessible data. That’s all the “authenticity” they can boast of. This is why they are able to fool a lot of people.

If you read the small print it says in Bold letters ” This notice is not a bill.” Then it reveals what they want you to do. They want you to TRANSFER your web hosting to them for 4 times the price you would normally pay.

They also include a return envelope (not even with a stamp — ie. you have to pay for your response letter to them so that they can screw you!) that is addressed to:

iDnsFake

Internet Domain Services Inc
925 Bergen Ave., Suite #289
Jersey City, NJ 07306-3018

Obviously, you will want to burn that letter. Please warn all your friends.