Select Page

We would love to hear your feedback

THE DAILY SCAM NEWSLETTER  |  APRIL 3, 2024

Co-Founder/Content: Doug Fodeman  |  Co-Founder/Creative: David Deutsch  |  V04N08

What It Means to be Targeted by Cybercriminals

David and I have been producing The Daily Scam for nearly thirteen years. During that time, both of us have been targeted by cybercriminals, as have some of our family members because of our work. Other people who fight online fraud have told me the same thing. It should come as no surprise that these sub-human, low-life scum get angry at the work we do to try to educate and defend the public from their disgustingly awful work. I raise this point now because I have clearly angered a group of these vermin. Members of my family have recently been personally targeted and I want to share their experience with our readers so that you might learn to recognize these tricks and be safer as a result. We’ll begin with a fake Facebook account…

On Monday, March 25, one of my family members suddenly received a deluge of messages from friends and family saying that they had received a new friend request from an account created with her name and using her profile image. This fake account had NO friends, NO posts, NO photos and NO information about her, or anyone at all. Nonetheless, three of her friends accepted this friend request and that was a mistake. The family member immediately contacted all 3 who had accepted the friend request and within minutes at least one of the three had unfriended the scammer.

What can you do if a fake Facebook account is created in your name or someone you know?

Though “Facebook support” is truly an oxymoron, I’ve learned that the fastest and best support comes if multiple people report fraud on Facebook. Every Facebook account shows 3 horizontal dots on the right side, under a person’s name. If you click those three dots a menu will open and one of the options is to “Report” (or “Find support or Report”).  The family member who was targeted with a fake account in her name immediately did the following after verifying that a fake account had been created using her photo/name….

  1. She sent out a Facebook message to all of her friends telling them that someone had created an account in her name. She shared the user ID of that fake account with them and urged them NOT to accept the friend request.
  2. Most importantly in her message, the woman instructed her friends to visit the fake account and report it as a fraud! With so many people reporting this fraudulent account in a short amount of time, it got Facebook’s attention.  In a matter of hours the fake account was taken down.

Should this happen to you or any of your family and friends, it is important to get as many people as possible to report it as a fraud, and as quickly as possible. If you make a mistake and “friend” a scammer’s Facebook account, several things are very likely…

  • Scammers may target your friends and family with various types of fraud, from cryptocurrency scams to malware links to infect devices (In last week’s newsletter, we showed an example of this very circumstance!)
  • Scammers likely collect as much personal information as possible about people to help them target victims with convincing information, such as names and relationships

Earlier that day, another relative of mine received an email that appeared as though it came from me. My name was entered into the text field but, in fact, the email address used was for someone named Alexa through a hotmail account. The contents of the email, which also contained my name, used a common trick intended to get the victim to click a malicious link. Photos… “Should have sent them to you sooner; these photos…”

Fortunately, my family is well trained to recognize fraud and not to click suspicious links. Four days later, the family member who was targeted by an email that appeared to be from me was targeted again. Last Friday, she received an email that appeared to come from a different extended family member. The subject line was very manipulative, saying “Sad announcement: [FULL NAME].” Again, this email did not come from the relatives real email account and the link in this clickbait was 100% malicious. 

Something very interesting about these targeted attacks is that the domains used in the malicious links had both been registered weeks earlier through Namecheap. (Namecheap is a Registrar with one of the worst reputations for protecting the public from harm/fraud.) This suggests planning. But more importantly, cybercriminals took the time to research my family, their email addresses and social media accounts. Despite my effort to keep this information off the Internet, it is still available to find or purchase. Just a couple of weeks ago I was contacted by a reporter who called my cell phone. When I asked him how he got my phone number, he told me he used a paid service that was able to provide a lot of personal information about me, despite my best efforts to have it removed last year. “Online privacy” is truly an oxymoron, like “Jumbo Shrimp” or “deafening silence.” 

Coincidentally, last week I also received the two emails below that targeted a young man. The scammers likely assume that someone his age has a TikTok and Insagram account. It turns out that neither are true! But the point is that this man is targeted based on a variety of factors, including age demographics. It is clear to us that both of these threats were sent by the same scammers because they were designed similarly and contained many of the same scam email accounts. This first threat claimed to be from Instagram, telling the man that someone logged into his Instagram account from Jaipur, India. But the email came from a gibberish email address ending in DOT-us, for United States. (We also find it interesting that about 99% of domain names that end in DOT-us, are registered by cybercriminals from other countries. They think that using the global top level domain “.us” adds credibility to a domain as a business in the United States. From our perspective, we are immediately suspicious of any domain ending in “.us.”)

Clicking on either button in the above fraud would send a notification to about 95 scammer email addresses around the world. One week later, the same man received this email telling him that there was a new login to his Tiktok account from Mumbai, India. But he tells us that he doesn’t have a Tiktok account and this email came from a nonsensical domain DOT-net, and not from tiktok.com! Were he to click “contact support” his response would be sent to about 110 email addresses, many of which are identical to the emails in the bogus Instagram account above.

I’m sure that these low-life, sleezy cybercriminals are not done targeting my family. Fortunately, they are all aware of these threats and well educated to recognize them. The fact that our family is sometimes personally targeted tells me that the work we do at The Daily Scam is spot on and gives both David and I more motivation to continue doing it! And if I am to be honest, I am thankful that these jerks provide me with the content I can use to educate our readers! Carpe diem!

DOT-us & Tax Season Scam, Suspicious RCS Chat & More

In our Top Story above this week we pointed out that fully qualified domain names ending in “.us” are typically very suspicious when associated with American businesses. The reason is simply that here in the United States, where the Internet was invented, we rarely ever register names that include “.us” for a business or other entity. But cybercriminals often do that as a part of their fraud and here’s a perfect example.  Fraudsters recently registered a fake US government website called irs-ein-gov[.]us. This website wants businesses and non-profits to believe that it is the US Government site where they can register for a Federal Tax ID number.

The Malwarebytes blog recently posted an article about this fraudulent website. In the blog, they pointed out that scammers are often careless and in this fake website’s “Terms of Use” page the scammers forgot to change the name of their website and it still shows the previous fake website name they used: irs-taxnumber[.]org. By it’s very definition, every single official US Government website will always end with the global top level domain of DOT-gov (“.gov”). Of course, VirusTotal has already identified this site as a fraud.

About ten days ago, our friend Rob got the strangest text message to his phone. Apparently, someone using the phone number +63 953 821 7858 created an RCS chat group named “USPS” and added Rob’s phone number along with another number. (Early the next morning, the other person left the group.) Rob turned off RCS chat on his phone and blocked the caller as well. The message was sent from country code +63 which is the Philippines. Perhaps this was a scam invitation to learn about cryptocurrency? We don’t know for certain but this same suspicious event was reported on this blog about 2 weeks ago.

After Rob brought several more fake online banks used in various types of fraud to our attention last week, our list of bogus banks climbed to 352 in less than five years since we started this article! Check out Rob’s latest discovery called “Wealth Privat Bank.” Two mistakes make this bank name/domain hysterically funny…

  1. This this bank is supposed to be centered in New York and in the United States “privat” is spelled “private”
  2. Look carefully at their bogus domain name: wealthprivatbm[.]com.  We don’t think that these scammers understand the meaning of a “bm” in US slang. It’s short for “bowel movement.” We think this domain name sums up their fraud nicely…. This is nothing more than a wealthy private bowel movement if you were to deposit your funds here!

By the way, this bank says that it has been around for 58 years. But their website was registered last October in Iceland using our favorite registrar…. Namecheap!

Have you experienced Scams that come through the US mail or Fax Machines? We’re looking for some  stories about this kind of fraud to share with listeners in our Podcast series. If you have any stories to share, please contact us at fax-postal-fraud@thedailyscam.com.

Now that we are well on our way into an election year here in the US, we caution our readers NOT to accept everything you read online as true or factual as it relates to politics and politicians. One of the best websites we have ever seen is called FactCheck.org. We have never seen this site leaning left or right in politics. Their mission is simply to check the facts to expose mistakes, lies, misinformation and disinformation coming from politicians, social media and other news sites.  It’s worth a visit and adding it to your bookmarks, regardless of your political leanings. 

Would you believe that scammers have now figured out how to create scam popup messages on your smartTV? Check out this incredible story from a victim posted about this threat on the ConsumerAffairs.com website! (Thanks Rob for bringing this to our attention!)

Spearphishing a School and Salutations, Cherished User!

Spearphishing is a type of fraud where the scammers dig up personal information about the victim and use it to create a very specific fraud to target just that victim. Last week the CFO of a school sent us two examples that hit her inbox in a week. Scammers created fake emails in the name of two employees, Matt and Lindsay. But of course the CFO recognized that these emails didn’t come from the legitimate accounts of her employees. Nevertheless, these emails wanted her to update their “direct deposit information.” What these scammer can’t seem to get through their desperately thick skulls is that this school, which has been targeted MANY DOZENS of times by this fraud, require an employee to walk into the business office, fill out and sign a specific form to authorize a request like this.  Asking for this over email is not allowed.

“Thank you for trusting us” says this hysterical phishing email pretending to be another subscription renewal notice from Norton Lifelock! If ever you see the greeting “Salutations, Cherished User” LUNGE for the delete key! Of course, the attached pdf contains several other not-so-subtle signs of incorrect and awkward English to enjoy. Happy reading!  Remember to report your smelly phish to Google and us!

https://safebrowsing.google.com/safebrowsing/report_phish/

Easter Fraud and Sam’s Club

If nothing else, scammers are “opportunists.” As the Oxford dictionary defines it, an opportunist is a person who exploits circumstances to gain immediate advantage rather than being guided by consistent principles or plans. One of the standard ways that these sleezy opportunists try to trick people is by creating fraud that is timely and centered around holidays or well-known events/circumstances. Check out this malicious clickbait disguised as an “Easter Special” that dropped into a reader’s inbox 4 days before Easter. Fraudsters have been pushing these too-good-to-be-true $2/year offers for weeks now.

Another common trick used by fraudsters is the bogus email telling you that your account has expired. Check out this phishing scam pretending to be from Sam’s Club. It’s important to point out that the link in this clickbait points to the well known service at AmazonAWS. Just because you see a well known business in a link doesn’t mean that link is legitimate! This link should have pointed to samsclub.com.  You know what to do!

All Your Photos Will Be Deleted and Invoice Attached

So many of us store our photos “in the cloud.” Check out this nasty clickbait telling the recipient that his iCloud storage was going to be deleted because his payment method to renew his account had expired. This is another familiar trick used by scammers to get you to click a malicious link. But this email didn’t come from Apple or iCloud, it came from a server in New Zealand (“.nz”) and the links point to a malicious account using GoogleApis. Deeeeeeleeeeete!

Rob received this nasty email from a malicious domain telling him that there were invoices attached and ready for payment. However, there were NO attached files. The link to “View/Download” the invoices pointed to a website with the popup below. Notice that the popup appears to show a blurred file in “PDF Viewer” and an Adobe icon appears above a button saying “Start Download.” This is another scammer’s trick to get Rob to download malware onto his computer. LUNGE for the delete key!

USPS Package Has Arrived and Click to Win!

We truly thought we were done seeing these types of fraudulent texts, but we were wrong! Scammers are still using them. Oh no! Your USPS package has arrived but can’t be delivered! Please DON’T click that link to confirm your address!  The link doesn’t point to the real usps.com, it points to a scam domain usps-delivery-a[.]com! This domain was registered in Oman less than a week before this text was received, and is hosted on a server in the UK!  Sounds just like the United States Post Office, right?

David received this text just a few days ago, cleverly saying “Click the link and win in a blink!”  Only you won’t win. However, three security services confirmed that the link in that text will cause you to be hit by malware on a website that was registered just hours earlier and is hosted in Ticino, Switzerland! OUCH!  I think we can reasonably say that any random text coming from an unknown source and telling you to “click to win” is a scam or worse!

Until next week, surf safely!

Copyright © 2024 The Daily Scam. All rights reserved.
You are receiving this email because you have subscribed to thedailyscam.com

Marblehead, MA 01945

Contact Webmaster