Information Hub‎ > ‎The Bad Guys‎ > ‎

Active Threats

Updated 03/22/2016

What to know information about ownership or support of a web site?  How about what the two or three characters at the end of a domain name means?  Check it out now!
Visit http://TheCTGroups.org/info/TheBadGuys/domains



This list will include attacks that exhibit a higher level of deception thus more challenging to detect the risk.  The Bad Guys are always working had to get you so their tactics and different attacks will increase and thus this will never be an all inclusive listing.  If you use the techniques listed under The Bad Guys, you can discover many of these on your own BUT NEVER CLICK ANYTHING until you check out the REAL link that will be used.

Consider flagging items using your anti-virus/firewall or other software by marking an item as SPAM.
Most of these e-mail senders will change their e-mail address making blocking ineffective; many will be fictional e-mail address to begin with.  Teaching your software what you do not want is far more effective.
Always check your SPAM folder for any "false positives"  (legitimate e-mails that are deemed to be SPAM by your software and the rules provided and/or your items flagged as SPAM).

This is provided as a courtesy and should not be deemed as a universal solution or guaranteed solution as tactics and presentations within e-mails are easy to change and do change as their owners do evolve.  No claim, suggestion or indication of wrong doing, criminal intentions, or criminal activity, is being made.


  • It's an over-heated hypercharged political year already and many unidentified players already engaged so consider avoiding avoid political e-mails and web sites ... they may be hostile.

    Whether you are for Burnie, Donald, Hillary or Waldo the Whacked Out Rabbit, this political
    year is just too tempting not to lure people into evil for their computers, files and anything else.

    For only a few dollars you can create a web site that looks official, sounds official, has creat color pictures or people but it also can send authentic looking e-mails that, when combined, create a high threat for visitors at the web site or recipients of the e-mails.

    It is without question we must be educated and informed voters and obtain information from a variety of sources to determine the actual facts beyond an hourly news cycle.  We have seen government historical web sites "adapted" for political themes or allegations of inappropriate acts by others as they themselves engage in such behavior.  View statements and claims with skepticism until found accurate and participate in the election process not as a member of one party or the other but as an American with the ability to listen, think, and act towards the common good as was done in the American Revolution.  Yet history is something we quickly forget and their hard learned lessons.

       
  • You have problems with your computer ... and we can help you right now!
    This scam died a few years ago but all scams are recycled ... repetitively!

    Isn't it amazing how someone knows your phone number yet knows nothing about you or your computer or your operating system yet they know YOU have a problem that THEY can fix?
    ABSOLUTELY AMAZING ... or is it?


    A caller "suggests" they are with Microsoft and know that your computer has errors that need to be
    fixed.  This is always a save line since many errors are reported internally that have no real impact on the computer user.  From this knowledge they gain credibility with their victim.

    In at least one recorded conversation, they direct the victim to open a session to TEAMVIEWER.com
    This FREE software allows you to have a key and a password generated so that others, when you give them this information, can access your computer with NO APPARENT LIMITATIONS OR SAFEGUARDS.
    This a new twist from their old favorite tool where they generated the key and password and you entered the information (there are many legitimate companies providing "rescue" software for remote support needs).

    So you are happy to provide full unrestricted access to someone you have zero knowledge about, no idea what country they are in, what organization are they working for but we can take a good guess they are not with Microsoft.  Microsoft doesn't make calls.  So what is their potential game plan?

    Unless you go along as their willing victim you may never know but here are some potentials:
    -  They encrypt all of your files they offer the key to decrypt them for some Bitcoins valued at
        around $680 US Dollars EACH (June 2016) and sent to a location you will never find.
        Pay the ransom within 1 hour and you're good.  For each hour delay 20% of your data is lost.
        You do know how to buy Bitcoins quickly and move them somewhere, right?
    -  They look for specific files that contain financial information, personal records, other things of
        potential value and make copies, and possibly deleting them on their way out.
    -  If they really know their stuff, the leave some free software for you to monitor for files of interest
        and send back a copy.  It may only last a few days as these folks are not fond of arrests


  • CNN Frontline
  • Subject:  You WONT BELIEVE latest Trump Bombshell  <your e-mail address>
     (e-mail Title and Subject may change)

    OK, many of us know CNN and their journalistic standards.
    So why would they NOT correctly hyphenate WONT?

    ANALYSIS:
    The first link includes your e-mail address ... not a good indicator for a domain name 
    (main part of the Internet link address) that is not registered!

    No other text or information raising further questions for concern.

    Delete this e-mail before it can cause you problems!


  • Grocery Coupons
    Subject:  Extreme Grocery Savings - just a click away
     (e-mail Title and Subject may change)

    Join Grocery Coupon Network

    ANALYSIS:
    - There are no pictures (however they could be added later easily).
    - A copyright date of 2014 appears at the bottom.  This is a 30 second fix if they catch it.
    - There are 11 distinct areas within this e-mail:
       -  3 areas are text and thus safe
       -  6 areas are text BUT are hiding hyperlinks
       -  3 areas are explicit hyperlinks
       -  ALL hyperlinks route you to the same link
     
    -  Programmers are HIGHLY UNLIKELY to use the same link for very different functions such as:
        -  Join Grocery Coupon Network (or Join Now to Print Coupons and Enter for Your Chance to Win)
        -  Images not loading?
        -  Unsubscribe
        There is a possibility a link may vary by only 1 character or number out of a 100 or more which
        makes it different.  For some company doing mass marketing, this may be the easy way.
        For your protection, you may want to simply exclude that offer from consideration.
        Why?  It makes their job more complex, it opens doors to more defects in their work, it
                 makes adds difficulty and time to fix any problem, it makes auditing performance
                 nearly impossible and is contrary to most good design and program development
                 guidelines.  Why make life more difficult when simple is better and faster?
                 More than 20 characters in a hyperlink for a file becomes suspicious.  This one is over
                 90 characters.

        There is a possibility a link may vary by only 1 character or number out of 100 plus which
        makes it different.  For some company doing mass marketing, this may be the easy way.
        For your protection, you may want to simply exclude that offer from consideration.

        Internic.net (using the "Who Is" tab), reports this web site registration expires Feb 2
    5, 2016
        which can be a "red flag" of a site that has been abandoned and taken over.  The site itself
        
    appears legitimate.  The reason for caution is the extensive length of the file names used in this
        e-mail that redirects you computer to a file that is potentially a threat to your computer or
        
    your personal information.  Programmers are not people who make their lives more complex
        
    than needed thus long file names are highly unlikely.   Doing a web search on the names used
        
    indicate a GroceryCouponNetwork.com does exist but there is no indication any association
        
    between them and the creators of this e-mail have any relationship. 

          ADDITIONAL HIGH RISK E-MAILS LIKE THE GROCERY COUPONS:

            -  Subject:  Cheating Housewives Info
              
e-mail:   cheating-hookups.com <displayed e-mail address varies>
                 Of the 10 lines of text and signature block only 1 line and the signature block do NOT
                 contain explicit or hidden links to the same address.
                 For these reasons, DO NOT DOWNLOAD their pictures.
                 Just the message itself raises serious questions.   DELETE IT!

            -  Subject:  Complimentary Grocery Coupons - Print Yours Today
              e-mail:   Grocery Coupons <information@horoscopal.com>
                 Some companies are paid to distribute coupons.  This is questionable.  If nothing else,
                 notice the address of the company in that they abbreviated Chicago, IL as Chi., IL along
                 with using a 2013 copyright notice in 2016.
  Consider deleting it.

            -  Subject:  {e-mail address},Dr. Oz suggests this weight loss ingredient
              e-mail:   
Dr. Oz Newest Fat Burner <help@myfedloan.org>
                 First why would Dr. Oz need to use such an e-mail address!  Once again, pictures and the
                 text all contain hidden hyperlinks that yet appears to have totally different purposes.
                 At least this group spelled Chicago correctly.  But isn't Oz out of another city?
                 And like the others, the unsubscribe link looks a whole lot like the other links.  DELETE IT!

           -  Subject:  Free Lawyer search - Look for Affordable Lawyers In Your Area
             e-mail:   
Lawyer Connecting <promotion@coaverage.com>
               This has the fingerprints of hyperlinks hidden from view and the length of the links are
               rather long raising potential risks.  However one clear signal is near the bottom where you
               are invited to mail them at a PO Box (not a good sign) with it appears a foreign country
               PO Box designation but fails to list the country.  All signs to DELETE IT!








            -  Subject:  These great yearly predictions will undoubtedly surprise you
              e-mail:   TARA Astrology <promotion@coaverage.com>
                 Appears all the links, whether for information or unsubscribe, are the same plus
                 there are many pictures that require downloading to be visible that may present a risk.
                 If the message itself raises serious questions, DELETE IT!

            -  Subject:  Your credit line is approved
              e-mail:   Horizon Gold Card <mkt@lonelyless.com>
                 Company by same name has entries found via Google indicating this may not be what
                 what people are hoping it is.  If you elect to open this, use very good judgement.
                 Consider deleting it.


  • Unable to show full message
Subject:  [will vary widely]

         A message is presented indicating "Unable to show full message.  You can view it by clicking
         here" with a link following.

         A line appears below "Att err code 7576 (the date and time the e-mail was sent to you)

         ANALYSIS:
         - Either the message is delivered or it was not by the design of e-mail by the Internet
            Engineering Task Force.  If there is a failure it will be within your computer and no link
            is going to fix your computer as the original message as deemed sent and thus is gone
            unless it is still on the sender's system.
         - The error message is to drive an urgency to click on the link to see the full message.
            In this case the time/date was (Sat Jan 30 16:42:46 ART 2016) representing an e-mail sent
            January 30th at 4:42 PM Argentina Time raising additional reasons not to click the link.
         - There is an e-mail address that looks legitimate and potentially belongs to someone lost
            security of their computer or was in the e-mail Director of someone who lost security.