Fraudulent emails from “cron-job”

By Catherine Haug, June 18, 2017 (screen captures of fraudulent email, below, taken by Catherine)

I’ve been getting at least 2 emails a day from an address that ends in @cron-job.org. Today’s was about bathroom remodel. These emails are each about a different topic of interest to people, to lure you into clicking the link. For several reasons, I believe these are all fraudulent – either they are phishing for my online information, or they contain a virus. See my earlier posts Online & smartphone security: Fraudulent Email and Recent phishing/scam email examples for more about these.

Why do I conclude this? What should I do? read on for more.

On another fraudulent scam: if you get a call pretending to be from the IRS, see my posting IRS scam, and what to do about it.

Tell-tale signs of trouble:

  1. Each email shows a reliable business name as the sender (“Home Advisor” in this example), but the reply-to address is a string of alpha-numeric soup ending in @cron-job.org, rather than the business’s domain (homeadvisor.com in this example). In the example screen-capture below, the reply-to address is No-Reply-5n91y3s5xv-69T5OJPDW7@cron-job .org
  2. The print in the email text is slightly fuzzy, indicating it was likely copied from another email or website by using a screen-capture.
  3. The text at bottom of the email (see second screen-capture, below) appears to support the email is from a legitimate business, “Home Advisor” in this case. However, if I right click on the email link to read its text, it does not indicate ‘Home Advisor’ but rather is “vito.webhop.me/…..” (the remainder of the email address, a string of alpha-numeric soup, is not included to keep this ESP article safe). Similarly the fuzzy ‘unsubscribe’ image has a similar email address, “vito.webhop.me/…..” but with a different alpha-numeric string.

Example email

I present two computer-screen captures, one of the top, and the other of the bottom, of the email.

Image of top of email example:

Image of bottom of email example:

What to do when you get these

First, you should report the scam; this includes copying the full header, so don’t delete or mark as junk/spam until you have done that. See my earlier post for details: Online & smartphone security: Fraudulent Email; scroll down to “Reporting a fraudulent email.”

If you don’t want to get these emails in the future, block their domain so you won’t receive them in the future. The domain is the part of the email address after the @ symbol (cron-job.org in this example). Contact your email service provider to learn how to do this.

Once you’ve reported the scam and blocked the domain, you should mark the email as junk or spam, then erase your junk or spam folder.

Tags: , , ,

Comments are closed.