Select Page

We would love to hear your feedback

THE DAILY SCAM NEWSLETTER  |  APRIL 10, 2024

Co-Founder/Content: Doug Fodeman  |  Co-Founder/Creative: David Deutsch  |  V04N09

Taxes, Banks & Money, OH MY!

It is most definitely tax season in the United States and tax scams are on the rise as we head for the finish line on April 15. Our friend Rob has been busy wasting the time of many of these scammers, but to be honest, his noble effort is just a drop in the bucket.  Let’s start with this amazing phone call offer that Rob received on Thursday, April 4 at 2:37 pm from the “tax dismissal program.” But rather than answer it himself, Rob turned on his AI-Teddy-guy to talk to the caller instead. In a double-whammy twist, Rob listened as TWO AI Bots talked to one another for 2 minutes! We’re not sure who wins this conversation but Rob’s Teddy-Bot does his best to derail it!

This call about the “tax dismissal program” came from 314-542-8712. The service TrueSpam gave this call a ZERO score, indicating the lowest trust rating! (It is powered by TrueCNAM) Also, this 314 phone number was posted on NoMoRobo.com on April 2 as a “tax reduction” scam call. The Tax Dismissal Program Scam is described well on this webpage at SocalCatfish.com. Enjoy!

We all know that cybercriminals are low-life opportunists. That means that not only should the American public be on their guard about tax-related scams, but so should the people who help us prepare our taxes!  They are also heavily targeted at this time of year. Check out these next two emails sent to an accountant.  He tells us that NEITHER of the senders are clients of his, nor has he ever spoken to either of them. The first email came from a server in Brazil and you’ll notice that “Barbara’s” name in the text field doesn’t match the name in the email address.

Both of these emails are nasty tricks that are likely intended to manipulate the accountant into downloading/installing malware on his computer.  The risks from doing that are so significant that they can shut down his business and put all of his clients at risk, costing them all a LOT of money!

Speaking of costing a lot of money, check out this email that Rob received about a payment through a well known money transfer service in Singapore called Singtel Dash. The problem is that the REAL Singtel Dash service uses the website dash.com.sg (“.sg” = Singapore This email says that the business domain is dashoffshore[.]comThis malicious mimic was a nearly identical look-alike website design. Clearly, the scammers stole the design from the real site. Imagine Rob logging into a fake account at dashoffshore[.]com and finding millions of dollars in it. Then he is told that he only has to pay a $750 transfer fee to get it! (Dashoffshore[.]com was registered on 7/12/2023 and is hosted on a server in Vilniaus, Lithuania whereas the real Singtel Dash website was registered in 2012!)

As we said, Rob’s been very busy baiting scammers and wasting their time. But much more than that, when Rob reports his encounters to us, it helps us to help you ten-fold, twenty-fold and more! Here’s a perfect example. A tremendous amount of online fraud, including tax fraud, involves the creation and use of fake banks, financial and investment services. On April 3rd, Rob reported a fake bank to us called Trust Finance Bank, using the newly registered domain itrustfinance[.]online (registered on March 4, 2024). The home page of their website uses an “ENTER” button feature to limit search engines and other tools from evaluating their website content. But we could evaluate them by going directly to their Welcome page at itrustfinance[.]online/welcome. We found a few things that don’t add up on their Welcome page, including how to spell the word “Finance!”

We found this fake bank site so lame that we decided to investigate it further. We found a single line of rather unique text on the Welcome page and then asked Google to search for exactly that sentence. Once again, we were shocked to uncover more than 65 nearly identical fraudulent banking websites. Most of these other fraudulent websites were registered in the last year and contain the same anomalies as the Trust Finance Bank, such as 280,000 “Happy Clients” but only 25,800 who trust them!  We’ve got some work ahead of us but in the next few days we expect to add these additional scam banks to our current long list of 353 fake banks! And while we do, please remember that it is remarkably easy to deceive others online! Please think critically and carefully about the emails you get, the links they contain and the websites you find!  We’re always here for you if you have questions! Mcafee has a nice article how to protect yourself against tax scams too:

https://www.mcafee.com/blogs/privacy-identity-protection/how-to-protect-yourself-against-tax-scams/

Professional Scambaiter Rob Racks Up the Wins!

We would like to tip our hat once more to our friend Rob. Since late last summer of 2023 he’s been using tracking links disguised as Apple gift cards to trick both 419 Advance-Fee Scammers and Female Romance Scammers to reveal their real locations to him. In about 8 months time, he has tricked scammers to click his bogus gift cards 2,398 times! And each click typically comes after multiple email exchanges with the scammers. What country do you think comes up the most amongst these clicks? Below is a list, organized by number of clicks per country, by the scammers that Rob has tricked.  We applaud his effort, energy, determination and want to thank him for helping us too!

Scammer’s Clicks by Countries 

(Each click reveals the scammer’s location.)

Austria

1

Canada

1

Cameroon

1

Norway

1

Spain

1

Uganda

1

Japan

3

Croatia

4

Russia

4

Germany

5

Thailand

6

South Africa

7

Iceland

10

Benin

31

Netherlands

37

United States*

88

Ghana

116

Nigeria (winner)

2081

Total

2398

*Many of these clicks are likely from other countries but the scammer has used a VPN service to connect to a network in the US and make it appear that this is his location. 

The scams that Rob responds to are all over the map in terms of sophistication and skill level. At the very low end of the skill level, check out this hysterical email Rob received from our former President, Donald Trump. Did you know that he is now the “CEO chairman director” of the FBI?

In the past we have cautioned our readers to be extremely careful when searching for a phone number online. The reason is that cybercriminals know this is a common practice. As such, they have put up hundreds of malicious websites linked to malware that have thousands of phone numbers on them. They hope that people will search for a phone number and then click a link into their website malware bear trap!  Here’s a perfect example. In March a woman received a random text from a man who claimed to know her. She told us about this experience and when we searched for his exact phone number, only 1 website turned up and it was an IP address, not a named site. VirusTotal told us that this IP address was malicious.

Similarly, another elderly woman sent us photos of a postcard she received in the US mail as a “Final Notice” for an “Unclaimed Reward.” But what business sent it?  The postcard contained not a single clue!

When we asked Google to search for this exact phone number (by putting quotes around it), Google said that there were only 2 websites on the Internet that had this number. Both were suspicious and one was confirmed as malicious by VirusTotal! Be very careful not to click links when searching for phone numbers unless you are 100% certain of the legitimacy of the domain in the link!

Last week our Top Story highlighted what it meant for us at The Daily Scam, and our families, to be personally targeted by cybercriminals. I just wanted to let you know that this targeting effort continues. Check out this email sent to one of my family members and made to look like I sent it. Tricking someone to click a link to see a video or photos is common. Targeting a single specific person is not. 

In the past few weeks we’ve urged our readers to be very cautious and critical of the information they get online related to this year’s elections. We mention this again after seeing another concerning article on the NY Times website. This time it was China that had thousands of fake accounts pushing false or misleading information…

https://www.nytimes.com/2024/04/01/business/media/china-online-disinformation-us-election.html

Here is a quote from this article…. “Meta, which owns Instagram and Threads, last year removed thousands of inauthentic accounts linked to Spamouflage on Facebook and others on Instagram. It called one network it had removed “the largest known cross-platform influence operation to date.” Hundreds of related accounts remained on other platforms, including TikTok, X, LiveJournal and Blogspot, Meta said.”

(Also, the Foundation for Defense of Democracies has also found that China is using fake accounts to push misinformation and disinformation to Americans.)

Last week, our friends at the Global Anti-Scam Alliance (GASA) announced a new global summit this July to bring together anti-scam leaders in multiple countries to coordinate their effort. According to GASA… last year alone, over $1.026 trillion was lost to scammers, impacting 1-in-4 people worldwide.” Perhaps you’ll be interested to join the summit!

Finally, we leave you with a few other interesting articles we saw….

https://www.usatoday.com/story/money/2024/03/24/professionals-with-licenses-targeted-scams-online-phone/72094706007/

https://www.consumeraffairs.com/news/new-scam-bitcoin-atms-government-imposters-032524.html

https://redtape.substack.com/p/scam-victim-put-gold-bars-into-strangers

Remember to check out our monthly Podcast series at SecureWon’s website!

Venmo Payment Request

One of our readers shared this very interesting smelly phish that came from Venmo. Yes, you read that right. This email came from the real Venmo.com service and the links pointed back to it as well. But that didn’t make this legitimate! The sender (scammer) sent a bogus payment request to the person but the trick is in the text found in the request!  Scammers are hoping that the recipient will call the number added to the text field. Don’t fall for this trick!  Moreover, when we looked at the REPLY-TO email address, we discovered that your reply would be sent to a domain called paysnap[.]shop. This domain was registered on April 2, the same day the email was received! It was registered in Iceland through our **favorite** registrar, Namecheap!

Fortunately, not all scammers are clever. Check out this phishing scam sent to Rob from someone named “Jamie Reed.” (But his email name is “jona lyn salamanca 9”)  The dollar amount in the email doesn’t match the dollar amount in the attached pdf file.  No matter, it’s all a fraud anyway! The email came from a free Gmail account and not from any legitimate business.

Remember to report your smelly phish to Google and to us!

https://safebrowsing.google.com/safebrowsing/report_phish/

Peacock Membership & Unable to Process Payment

This next threat is slightly different than the ones we’ve been showing our readers over the last few weeks. It appears to come from Peacock TV but a close look at the email address shows that it came from a crazy mixed up domain name ending with DOT-net. Oh no, your membership has expired! But don’t click that link or you’ll be paying a nasty price for it!  The link points to the Googleapis service and is NOT to be trusted.

Cybercriminals often send out clickbait telling victims that their payment couldn’t be processed. “Please click the link and try again to correct the issue.”  Some of these are phishing scams and some are links to malware. This one came to us at The Daily Scam to say that our hosting service bill could not be processed. Seriously? Don’t they know what our expertise is???  (Anyone who manages or owns a website likely gets clickbait like this.)

Load02[.]biz Certificate NOT TRUSTED & Sex Lures

This next nasty risk may seem a bit odd to most of our readers but bear with us. You’ll want to know about this type of threat, especially if you own an iPhone! One of our readers reported to us that she suddenly started getting popups on her iPhone telling her that a Certificate associated with “load02[.]biz” was not to be trusted. Clearly, the person had visited a website or clicked a link that tried to install a threat onto her iPhone! The domain load02[.]biz had been registered the very same day that these popups began. Fortunately, her iOS software kept saying that this certificate was not to be trusted and it was not installed.

However, when we looked at the iPhone, we couldn’t find the certificate in the Settings, General area at all. And then we realized that this clever threat came onto her phone disguised as a calendar event!  If you ever get a threat like this on your iPhone and can’t get rid of it in your General Settings area. Try these steps…

  • On an iPhone, open Settings
  • Click on Accounts
  • Click on “Subscribed Calendars” (You should see “Events” underneath this title)
  • Click “Events” again
  • Verify that this is the offending certificate and then click “Delete Account”

Another one of our readers is often targeted by sexual lures from unknown women who invite him to connect online. They show scantily clad images of themselves. Each one he has sent us over the last 6-8 months has proven to be a malicious threat of some kind. Check out this latest one from “Jessica Walker.” The link to view “Jessica’s Private Album” points to a website that immediately redirects to another website called thisisthesite[.]site (This is a new site that was registered on February 26, 2024.)

We want to warn our readers that cybercriminals are increasingly using QR codes to target victims. Check out this email claiming to have a document to share with a school called Brookwood. (There is no reason that a site called “ramadesign[.]net” would be transferring money to this school. This fact alone makes this email suspicious!) But rather than the attached pdf containing the information, it contained only a QR code! THIS IS SCAMMER BEHAVIOR! Scanning that QR code will likely send your device directly into the jaws of malware!

DEEEEELEEEETE!

Fan Recruitment and USPS Package

One of our readers got this random text from 319-302-6060 a few days ago inviting the recipient to join “our blockchain community.” Hell no!  This is an investment fraud at best, but is more likely a malware trap! The domain in that link, vbmes[.]com, was registered on the very day this text was sent on April 4! That’s NEVER a good sign!

The United States Postal Service will never, ever send texts like this. But SCAMMERS do it all the time! This text came from a random number 321-230-7907 and NOT from any official postal short code. MOST IMPORTANTLY, notice that the link in this text is NOT usps.com.  Instead it is usps[.]postdn[.]top!  In this scammer domain, “usps” is in the subdomain position. ANYONE can create a subdomain saying anything at all! The fully qualified scammer domain is postdn[.]top and it was registered in Singapore the day before this text was sent! Delete!

Until next week, surf safely!

Copyright © 2024 The Daily Scam. All rights reserved.
You are receiving this email because you have subscribed to thedailyscam.com

Marblehead, MA 01945

Contact Webmaster