Select Page

We would love to hear your feedback

THE DAILY SCAM NEWSLETTER  |  APRIL 17, 2024

Co-Founder/Content: Doug Fodeman  |  Co-Founder/Creative: David Deutsch  |  V04N10

Using Google to Find LOTS of Fraud

Cybercriminals always use some of the same tools to perpetrate their fraud. Their tools include websites, email, and other forms of communication that can hide their identity while communicating (e.g. texts and DM – direct messaging). To support many types of online fraud, fake websites are critical to the scammer’s narrative. What our readers may not realize is that professional cybercriminal gangs don’t just create a few websites to support their fraudulent activity, they create dozens, sometimes even hundreds of fake websites! Once a website, like a fake bank, is reported online as a fraud or identified as malicious by security services, the risks that their website will be taken down increase significantly. So cybercriminals running certain types of fraud will create lots of these fake websites over time. We want to show you how you can use Google to locate these fraudulent websites if you are ever presented with one website that makes you feel suspicious or concerned about it’s legitimacy. Just last week, we found more than 120 fake bank websites primarily used in “419” scams, as well as 25 fake shipping sites used in pet selling scams! You had better put on your heavy boots before we begin, it’s a bit muddy out there…

Last week, Professional Scambaiter Rob told us about a fake bank website that was being used in a Nigerian 419 scam. He was having his usual fun baiting the scammers, wasting their time, and collecting information about their scam which he shared with us. The fake bank was called Trust Finance Bank (or Finance Trust Bank depending on where on their site you looked). The domain is itrustfinance.online.  This site was such a ridiculous fraud, and easy to unmask. For example, they claimed to have been in business “25+ years” and yet their domain, itrustfinance.online, was registered on March 4, 2024, just less than a month before Rob brought it to our attention. Also, someone doesn’t know how to spell correctly….

We found a sentence on the Trust Finance Bank website with incorrect grammar (There were many!) and asked Google to search for exactly those words in that exact order! To do this, simply put quotes around the words you want Google to search for. (There is a limit of about 32 words for what you can ask Google to search.) We searched for the sentence “It’s financial market work best because they are competitive, fair, and transparent.” Google returned more than 180 links to other banking websites! While some of these were duplicate links to the same fraudulent bank’s website, most were unique domains!  We still haven’t reviewed all of them, but so far, we’ve uncovered 120 FAKE BANKS online!  And the overwhelming majority of these fake sites are exact duplicates of the website at  itrustfinance.online, but with a new bank name, email address, and sometimes a phone number.  Here are just two small screenshot examples taken from fake bank websites at amurixfin.com and  americantrustbnk.com. What makes this latter bank domain so absurd is that it was registered in Imo, Nigeria on December 29, 2023. Exactly what you would expect of an “American” bank! (Said dripping with sarcasm!)

Here’s another example of using this search skill… Our friend and anti-fraud supersleuth, James Greening is the author of Fake Website Buster. On April 10, he posted an article about a fake shipping website called Safeway Express Logistics. This website domain name was registered less than a month ago, on March 16, 2024 using a proxy service to hide the identity of the owner. This is pretty remarkable when you consider that this shipping company says they have shipping services to over 180 countries. (We noticed that they highlight “Pets Travel” as a top navigational link, which is no surprise since this shipping site supports pet scams!)

Safeway Express Logistics (safewayexpresslogistics.com) is a fraud and used to scam people by tricking them to pay to ship pets, like puppies, newly bought from fake puppy-selling websites. People end up being charged for special crates and insurance as well, resulting in hundreds of dollars in lost money. (Visit our feature article about these types of scams.) If you visit a shipping website like this and see anything suspicious, such as poor grammar, spelling errors, or awkward English, you should pause and evaluate. For example, Safeway Express Logistics misspelled “Trucking” on their website. We urge you to look for a full sentence or two on the website that feels rather unique. Copy that sentence and paste it into a Google search field. Put quotes immediately before and after the words you pasted into Google.  (Remember not to exceed the maximum of 32 words.) 

On the Safeway Express Logistics website, we found these sentences…. “Our customer service team is available to take your order 24 hours a day, all year long. And once you place the order, we’ll pick it up and set out for the destination in a matter of hours.” When we pasted them into Google and used quotes to search for exactly these words, Google informed us of 372 links to other websites where this exact set of words could be found. We found dozens of these websites to be identical, or nearly identical to Safeway Express Logistics, such as Global United Airways (globalunitedairways.com)  This is another fake shipping site, registered in September, 2023. In support of their fraud, they have lots of information about shipping pets….

Another bogus shipping site that came up in our Google search was called OnPoint Shippers (onpointshippers.com) This website was registered on August 9, 2023 and yet their website says they have been in business for “25+ Years.” Also, near the bottom of their main page are 3 reviews and the same photo of a woman is used for both Vera L. Amado and Nicole P. Owens.

We were able to find a lot of the identical content on most of the other websites that came back in the Google search.  Also, on their “Reviews” page we found this interesting sentence: “The team of experts move everything in my whole house to my the new one without destroying even a pin” When we asked Google to search for exactly this unique sentence, it turned up 60 other websites! All of them turned out to be fake shipping sites when you compared their content AND used one of these WHOIS tools to see when these domains were registered: Whois.domaintools.com or Whois.com/Whois.  Most were registered in the last year, and several were registered in the last three months.

Using quotes to ask Google to search for an exact string of words, in exact order, can be exceptionally useful to reveal fraud.  Especially when you follow up with a WHOIS tool to explore how old the website domain is and where it is hosted. However, the KEY to a successful super-sleuth effort is to find the best choice of words to copy from a website and search for across the Internet.  You’ll find hundreds of fake businesses that we’ve uncovered through this simple technique in many articles on our website including…

New Podcast, Personal Attacks Continue, Credibility Problems, and US Secret Department

We’re happy to announce the release of a new podcast. The topic is spearphishing and our guest is the DFO at a school and has LOTS of experience dealing with these threats!  Check out Episode 4 at SecureWon.com! A few weeks ago I reported to our readers that low-life scumbags were targeting my family. Though their effort has greatly diminished, it still continues. Check out this email made to look like it came from one relative and sent to one of my family members.  The trick used in this clickbait is the same as the prior tricks. Scammers entice the victim with a link pretending to be for photos or videos. But it is easy to see through this fraud! The name in front of the email address doesn’t match the name in the email address. Also, the links are bizarre and usually identified by VirusTotal as malicious. (I’m not worried about my family, as they are well trained. But it demonstrates how low these subhumans will go to hurt people.)

Last week we showed you an email invitation from a woman identified as “Jessica Walker.”  Those scam email invitations continue. Though Jessica’s name in the text field is the same, her email address is different and, once again, the link includes a redirect from one site to another. Jessica Walker has NO CREDIBILITY from our perspective! Both buttons point to the same link.

And speaking of credibility problems, the accountant who sent us malicious emails disguised as someone wanting to hire him to do taxes, appears to be targeted again!  But this time, the scammer didn’t include malicious links. He wants a reply. But he used the same name to send two very similar emails from two different email addresses about 70 minutes apart!  And one of these email addresses came from a server in Peru. Hmmm….. We think that presents a bit of a credibility problem too, don’t you?

We had no idea that there was a “Secret Department of the United States Department of Security Service!” Rob recieved this email back in March from the Director, Andrew J. Whittaker, of this secret department. Technically, doesn’t that give away the secret? Director Whittaker’s email came from the domain HomelandSecurityOnline[.]com.  What is also fascinating about this secret is that this domain was registered in Nigera late last July! Wow! So there is a secret department, within the US Department of Security Service, that operates out of Nigeria! Who knew?

Recently, Apple Podcasts posted this excellent podcast about a reporter who investigated the people behind the seemingly random and innocent texts so many of us have been getting. They are linked to “pig butchering” scams.  Check it out:  https://podcasts.apple.com/us/podcast/whos-behind-these-scammy-text-messages-weve-all-been/id1614253637?i=1000648461088

Last month, Vice News published a piece on YouTube about a Chinese Hack that Stole 22m People’s Data This is very concerning and worth checking out. Also last week, an elderly couple were scammed out of at least $400 and allowed the scammers onto their computer for about an hour.  Check out the responses from people and what they recommended the couple to do in response to this threat. We found them interesting…

https://www.bogleheads.org/forum/viewtopic.php?f=2&t=429112&newpost=7808230

A few articles of interest for our readers….

From Fox News: How scammers are targeting grieving families with an AI Obituiary scam

From the FTC: Impersonation Scams Are Not What They Used to Be

From the Huffington Post: Watch out for the Can You Hear Me phone scam

Your Norton Order Confirmed

Check out this bogus email from “intendherbs” at Gmail and using the text name “Ron E. Roussel.” Your Norton 360 order has been confirmed. Oh, really? So why is it that you don’t know my name, credit card information or address? The only thing known is the victim’s email address!  Don’t believe these lies, and especially, never call these phone numbers UNLESS you have your airhorn can and noise-cancelling headphones on!  The phone number provided in the attached pdf file, 801-930-7594, is NOT any number associated with Norton! Deeeeeeleeeete!

Sirius SM Membership and Costco Survey Prize!

Cybercrime is big business and these criminal gangs around the world are responsible for targeting people over and over. Take these next two examples. Both of these clickbait were created by the same criminal gang and sent from the same government server in Mozambique. (Note the 2-letter country code “.mz”)  Apparently, someone’s email account was likely hacked and used to send these threats. Also, both of these malicious clickbait point to the same server in France.  It is clear that these emails didn’t come from SiriusXM or Costco!

 I Hope You Remember These Pics and Action Required

As we said earlier, a common malicious trick is to target a victim with an email from someone they know, and include a link claiming to show photos or videos. I am not the only one targeted by these threats. We heard from a person last week who received an email from someone she knows, but using an unknown email address coming from a University in Mexico. The subject “two photos Sandy [LAST NAME REDACTED]” is meant to make the recipient curious, especially since she recognizes the name!  But the link is 100% malicious!  Don’t fall for this trick!

The Safety Officer at a business sent us this malicious email below. Apparently, action is required but for what? This email is about as clear as an early foggy morning. However, one thing we are clear about is the fact that the link in this email will redirect you to a website called titaniumhotstamping[.]com.  Lunge for the delete key!

USPS Package Cannot Be Delivered

This scam is so common, and yet, people click these malicious links without thinking!  The REAL United States Post Office website is usps.com and NOT uspostapp[.]sbs. This domain was registered just hours before this text was received!

Delete!

Until next week, surf safely!

Copyright © 2024 The Daily Scam. All rights reserved.
You are receiving this email because you have subscribed to thedailyscam.com

Marblehead, MA 01945

Contact Webmaster