Weekly Alert  |  April 13, 2022

How Scammers Use Fear to Manipulate YouDuring the last decade of reporting scams, one of the most effective forms of manipulation we’ve seen by scammers is the use of fear. Consider how universally alarming this emotion feels! Fear immediately grabs your attention if you believe that something is dangerous, or likely to be threatening, or may cause you, or a loved one, harm. Fear is an emotion like none other. According to this article on the Northwestern Medicine website, as your brain responds to fear it impairs your reasoning and logic. This means that fear makes it easier to make mistakes of judgment. If cybercriminals can initiate even a small measure of fear in you, they are likely to have your immediate attention and, hopefully, manipulate a response from which they can benefit, such as a click. Think of cybercriminals’ use of fear as a clever chess move. We have four examples to share with you, starting from the least frightening to the most severe that actually resulted in two documented suicides by the targeted victims…

(1) Hacked Account

Cybercriminals will often create clickbait, pretending to be a notice from an email or social media account, informing the user that the account has likely been hacked. This is done primarily by informing recipients of a “suspicious login,” such as this login into your Facebook account from Mumbai, India. However, a closer look shows that this warning came from an email address called fb40 @ coinsonline[.]tech and the subject line is not grammatically correct! But if this email engages your brain’s amygdala to trigger a fear response, you might just click anyway. IF you were to click any of the buttons or links, you would discover that your reply will be sent to eleven different and bizarre email addresses!

We have recently written articles, informing readers of the dangers and risks that come when a hacker gains access to your social media or email accounts. They can inflict a lot of pain as they monetize their access to your accounts!  

March 30 Top Story: Your Facebook & IM Accounts Were Hacked, Now What?

Feb. 23 Top Story: The Keys To Your Digital Kingdom Are… (Your Email Account)

(2)  738 Viruses were found on your computer! This is your last warning…

OK, this junk email is not very believable, but it illustrates how criminals try to instill fear by telling the recipient threats are looming and they are at risk.  Ironically, it is the warning itself that is the risk! This particular threat came from a personal, free Gmail account. It utilizes a much-loved trick by cybercriminals… that is the use of link-shortening services. By shortening a link, people are unable to see where they’ll land on the Internet UNLESS they know how to unshorten it!  Our two favorite UNshortening services are Unshorten.it and Urlex.org. The short link in this email points to another link half its length at keysk[.]org. This short domain was registered in Iceland (a favorite Registrar of criminals) and is hosted on a server in Russia!

(3) Pay us money or we’ll sue you

Our third example is very personal and targeted us at The Daily Scam a few years ago. We used a small graphic of a mouse in a 2015 newsletter that we found listed online as royalty-free. Apparently, it wasn’t. A law firm from the UK was representing a British graphic company who owned a large collection of photos and graphics, including the mouse image. The law firm contacted us 3 years after we used the graphic and asked us to show proof that we had purchased the right to use it. Of course, we couldn’t. We did, however, show them multiple locations online where this image was posted as “royalty-free.” But it didn’t matter to them. They said that we owed the firm $300 for use of the 1” graphic and we had two weeks to pay them. If we didn’t pay that bill, the cost would rise to $1,200. And if we didn’t pay that $1200 in one month, we could expect to be sued.  We were told that the potential cost of a lawsuit would likely climb into the many thousands of dollars.

As you can imagine, this very real threat made us feel anxious, as it was designed to do!  No amount of explaining or asking for a more reasonable price changed their demands. By the way, the mouse graphic was listed on the owner’s website for $30. We immediately removed the graphic when the law firm contacted us, and would have paid the $30 fee as well. However, the law firm was more interested, it seemed, in extorting a much higher fee and that seemed unreasonable.  Furthermore, a bit of research informed us that this law firm was well known for these scare tactics.  We found multiple posts on social media from other people who had similarly been targeted and also described their tactics as extortion. What should we do? Fortunately, a good friend of ours is a law partner at a very large and powerful law firm. He put us in touch with a colleague at the firm who specializes in copyright law. This copyright lawyer immediately saw several critical flaws in the claims being made by the UK law firm and sent a response as our representative. The lawyer then made it very clear to the UK firm that if they continued to harass us with a lawsuit for use of a widely spread image on the Internet (and one which we had immediately removed once notified), we would have the full support, resources and backing of this powerful firm to combat their flawed effort. The UK law firm withdrew their demands and we never heard from them again.

(4) You’re going to jail as a child molester, unless you make things right!

Since September, 2016 more than 930 men have reported a horrific scam to us that we call the “underage girl sext scam.”  We’ve detailed this fraud in multiple articles, most importantly Plenty of Fish Has Plenty of Sharks. (Plenty of Fish is a dating app.) In this fraud, young men are tricked into exchanging sexts and engaging in a sexual conversation with a young woman they believe is 18 or older, or often “two weeks shy of her 18th birthday.” They then learn that the woman is underage, sometimes as young as 15 or 16. They are threatened with being jailed as a child molester… unless the man helps the family make things right!  This means paying for a variety of things like therapy for the daughter, paying for cell phones, laptops, windows or doors that were broken in a fight between parents and daughter. It can include payments for hospital bills after the angry daughter gets into a car crash and ends up in the hospital.  The list goes on. 

The fear associated expressed by many men who were targeted by this scam has been significant! Sadly, two men committed suicide as a result. We have helped more than 40 men off the cliff as they considered suicide as a realistic option by convincing them that this was just a scam!  It may surprise readers to learn that the criminals most responsible for this fraud are already in a jail in South Carolina, and using smuggled phones to commit this fraud. Between November, 2017 and November, 2018 we documented a loss of at least $70,000 by victims.  The emotional toll was far worse. If you check out our detailed article in which many men shared their stories, you can also hear voice messages from the criminals who have threatened the victims while pretending to be the girl’s father or a detective or sheriff investigating the claims. This article was updated with a voice recording of a scammer as recently as April 5, 2022.

Scam Texts From You! Last week we reported that some of our readers had received malicious texts spoofed to look like they came from their own phone numbers.  Trend Micro has recently published an excellent article about this new variation of scam texts. The article is called Text From Myself Scam Explained – You’re Not Going Crazy! Check it out!

Here’s a tip some of our readers may not know… You can mouse-over the sender’s name in your email program and NOT CLICK to open the email.  When you pause your mouse over the name of the sender, most email programs will open a small popup showing you the email address of the sender.  Below are 2 examples. The FedEx email, for example, came from an address called “changepromo” in Germany! Not from Fedex.com!

Advance-fee scams are so common across the Internet that it is unusual to find someone with any kind of internet presence (i.e. email account) who has NOT received one.  We think these bogus pitches are also good for practice to identify the many warning signs about suspicious emails! We have two samples below.  Read through each and see how many “red flags” you can spot why each email is suspicious. We list our reasons after the second email.

Here are our suspicious red flags for these emails.

Email Hospital Message from Naila:

  1. Naila’s email address uses a different name in front of the @ symbol (elizabeth01joyce). This is common scammer behavior.
  2. Naila asks recipients to reply to a different email address than the one used to contact you. This is also very common scammer behavior.
  3. Naila’s email contains capitalization and grammar errors. While this doesn’t prove anything, it suggests that Naila’s first language may not be English. MOST scams of this kind are perpetrated by criminals from other countries and so these errors are important to notice.
  4. Naila’s email was sent to “undisclosed-recipients” meaning that it was randomly sent to lots of people. This certainly doesn’t improve her credibility!
  5. Naila’s email doesn’t address the recipient by name, giving additional support that this is another scam sent to as many people as possible.
  6. Did you notice that the text is gray and there are 2 dashes above “my humble regards?”
    This tells us that Naila typed her text into the email account’s signature field so that it is automatically written EVERY TIME she clicks to compose an email.  This again shows that she is creating and sending large numbers of random emails to as many people as possible.  Very scammy behavior!

     

Email from Ambika for Warehouse Coordinator Vacancy:

  1. Ambika claims to represent a company offering jobs for Warehouse Managers. But she sends her email from a generic, personal Gmail address rather than a company address! This is common scammer behavior.
  2. Ambika also asks the recipient to reply to a different email address rather than simply replying to her. And it is also another generic, personal Yahoo address and not a company address! Once again, this is very common scammer behavior.
  3. Ambika’s email contains LOTS of grammatical errors! Not only is this very unprofessional, but it strongly suggests that Ambika’s offer is not what it appears to be!
  4. Ambika’s email also doesn’t address the recipient by name, strongly suggesting that this is another scam sent to lots of people. This especially doesn’t make sense when you consider that Ambika is asking the recipient to apply for a managerial job because his resume was reviewed.
  5. What COMPANY does Ambika represent? We haven’t a clue!
  6. Some of Ambika’s errors are of particular interest because they practically SCREAM out that “she” is not a native English speaker and likely sending her email from a foreign country.  One example is the way she wrote “2800$” instead of $2800.
  7. Finally, it is customary to ask someone to complete an application if you want them to apply for a job position.  …And certainly a job with some responsibility such as “warehouse coordinator.”.  But instead of asking the recipient to fill out a job application, he was simply told to send an email reply.  This is not how most real companies typically operate.  It is suspicious.

If you found other red flags in these emails that you think we’ve missed, please let us know by emailing us at spoofs@thedailyscam.com. Thanks!

Amazon, Paypal, Geek Squad and Whatever This Is! This email LOOKS like it came from “account-alert” at Amazon but that information was placed into the name field.  The email came from the domain guodpd[.]com which was registered less than 2 months ago at the end of February. So when they tell you that they have “detected some unusual activities on your account” don’t believe them! They also misuse a free email marketing tool at mailtrack[.]io. That marketing link will forward you to a website at kve[.]so which many security services have already identified as a phishing site. Delete!

Imagine receiving an email saying that you just sent a payment of $300 to “Moonpay Ventures.” But you can call a phone number if you “don’t desire to continue with the purchase order…” This email is, of course, total malarky and a smelly phish.  Take a close look and you’ll see that it was sent from a personal Gmail account, and not from paypal.com! 

We have often written about crap global top level domains like “DOT-xyz.” Check out the sender’s email address in this bogus phish below disguised as an email from Geek Squad.  It came from email-server076[.]xyz.  WHY are Registrars even allowing domains like this to be registered when they are so OBVIOUSLY being used to victimize the public? Oh, because it was registered in Iceland using NameCheap (less than 2 weeks ago.) NameCheap should be SHUT DOWN! They are the worst Registrar on the planet and are happy to take money from criminals at the expense of the public.  They clearly have no concern for the public at all! NAMECHEAP SUCKS! (Did you know that the excellent webservice aa419.org exposes fraudulent domains and Namecheap is the #1 Registrar with whom criminals register their fraudulent domain names? Look at the navbar on the left side of their list of fake websites and see how many are registered through Namecheap compared to other Registrars!

We have NO IDEA what was ordered and is being confirmed by this bogus email! Can you figure it out? But we do know that it is a fraud sent from another free Gmail address. Deeeeeleeeete!

WINNERS! Loan Fraud Via Text? We can’t help but notice the significant increase in scam/spam texts people have reported to us during the last few months from services that are offering fast loans. First of all, why would ANYONE turn to a sketchy link in a random unidentified text as a means to apply for a small loan, up to $5000?  We’ve written about these bogus texts and loan services before.  HOWEVER, the reason why we are addressing this topic again is because we’ve begun to notice a LOT OF SIMILARITIES between them.  We’re beginning to think that they are likely scam websites being perpetrated by the same group of criminals because of these similarities. Also, these suspicious loan application websites have a shelf-life of a few months before they disappear. 

Since last Fall, people have reported getting random texts inviting them to apply for loans with the following web businesses:

HolidayWallet[.]co (Not DOT-com)

WorldBankUSA[.]com

NowApproval[.]com

AppFastCash[.]com

TextBankUSA[.]com

MyLoanUS[.]com

Some of these websites have used similar logos/graphics. All of them invite people to enter the exact same initial information in order to apply for a personal loan up to $5000. They ask for either your phone or email address, the loan amount and the last four digits of your social security number. (These loans are targeting Americans.) Every time we have checked out their websites, we find multiple red flags…

  1. The domain was registered within the last few weeks or months indicating that this loan service is new and doesn’t have a long history to explore.

  2. There is NO physical address listed for this “business,” no contact phone number to speak to a human being AND no bank presidents, CEOs or names of people who own the business.  If fact, each of these websites contains remarkably little information on them or about them! Essentially, they are anonymous web entities!

For example, on April 6, one of our readers got a random text from a number she didn’t recognize. The text contained the following graphic…

The top page of this loan site looked VERY similar to several of the other loan sites listed above. It’s important to note that this domain, myloanus[.]com, was registered in India in late 2020. It’s also important to note that Scamadviser gives this loan site a trust score of 1 out of 100!

Here are the top web pages for textbankusa[.]com and usanewbank[.]com, both asking for your phone number, loan amount and last 4 digits of your social security number. Following these two images, you’ll find  the top page for holidaywallet[.]co, a loan website reported to us last November from a reader who received a spam text about it. NOTICE that the logo on HolidayWallet and USANewBank are identical! It is our opinion that these loan sites are not safe for consumers to use!  

Request for Quote – Last week we received a request for a quotation that was extremely malicious and dangerous to open. “Deena Sarala” claimed to represent a business called Gulf Glass Manufacturing. It was total BS, especially considering that the email was sent to The Daily Scam asking for a quote! The sender’s domain was a crap domain registered in Iceland through Namecheap the day before we received this email.  The sender WANTS YOU TO THINK that the attached file is a pdf file. However, it ends with “rar.”  An RAR file is a compressed file that can contain malicious instructions and you won’t know until you open it. We find it interesting that the RAR compression file was invented by a Russian engineer in the 90’s.

$3266 for a Food Processer? –Here’s a different scammy text for you! Your card was charged $3265.89 for a food processor! But feel free to callthe scammers at 877-587-6777 if “N0T Y0U” (Notice that zeros were substituted for the capital O)

Another reader sent us this lovely text she received. Apparently, your Samsung TV won’t be delivered until you pay your outstanding tax balance of $2.01!  The website link provided in the text doesn’t sound very credible! Delete!

Until next week, surf safely!

Copyright © 2021 The Daily Scam and Scamadviser. All rights reserved. You are receiving this email because you
have subscribed to it via Scamadviser.com or thedailyscam.com

Keurenplein 41, UNIT A6311  |  1069CD Amsterdam, The Netherlands

Contact Webmaster