Spamvertised ‘Work at Home” scams impersonating CNBC spotted in the wild

by


Online scammers often promise you the moon in exchange for virtually nothing besides a modest financial investment. They are largely successful due to the high number of socially engineered customers. However, sometimes they tend to play by the rules in order to avoid legal responsibility for the business failure of those who purchased the “too good to be true” product.

In this post, I’ll profile a currently circulating “Work At Home” scam that’s successfully and professionally impersonating CNBC in an attempt to add more legitimacy to its market proposition – the Home Business System.

More details:

Sample screenshot of the spamvertised email impersonating CNBC:

Fake_CNBC_Work_At_Home_Scam_01

Sample screenshot of the fake CNBC news article detailing the success of the Home Business System:

Fake_CNBC_Work_At_Home_Scam

No matter where you click, you’ll always be redirected to the Home Business System.

Sample bogus statistics sent by customers of  the system:

Fake_CNBC_Work_At_Home_Scam_02

Fake_CNBC_Work_At_Home_Scam_03

What’s particularly interesting about this campaign is the way the scammers process credit card details. They do it internally, not through a payment processing intermediary, using basic SSL encryption, featuring fake “Site Secured” logos, including one that’s mimicking the “VeriSign Secured” service. Although the SSL certificate is valid, the fact that they even require your CVV/CVV2 code, without providing adequate information on how they store and actually process the credit card numbers in their possession, is enough to make you extremely suspicious.

Sample spamvertised URLs:
hxxp://5186d4d1.livefreetimenews.com/
hxxp://5f4a8abae0.get-more-news.com/

Domains participating in the campaign:
worldnewsyesterday.com – Email: johnjbrannigan@teleworm.us
worldnewsimportant.com – Email: johnjbrannigan@teleworm.us
hbs-system.com – Email: cinthiaheimbignerupbg@hotmail.com

Historically, the following domains were also used in a similar fashion:
homeworkhere.com – Email: zoilaprni4d@yahoo.com
lastnewsworld.com – Email: shirleysmith57@yahoo.com
homecompanysystem.com – Email: deloristrevertonef53@yahoo.com

Fake_CNBC_Work_At_Home_Scam_04

Users are advised not to click on links found in spam emails, and to never entrust their credit card details to someone who’s spamvertising you using the services of some of the most prolific botnets currently online.

You can find more about Dancho Danchev at his LinkedIn Profile. You can also follow him on  Twitter.