Select Page

We would love to hear your feedback

THE DAILY SCAM NEWSLETTER  |  APRIL 24, 2024

Co-Founder/Content: Doug Fodeman  |  Co-Founder/Creative: David Deutsch  |  V04N11

Crazy Call from a US Postal Inspector!

This is a crazy scam story told to us by a 61-year old man from New Jersey. On Friday, April 5, just after 11:00 AM he received a call from a phone number he didn’t recognize. We all know what should happen! YOU DON’T ANSWER IT! You let it go to voicemail and, if it is important, the caller will leave a message. But that’s not what happened! The man answered the call because, he told us, the call came from an area code where his son, and the son’s girlfriend, live. He thought What if the call was connected to them? And that’s where this crazy train carnival ride begins…

To protect this man’s identity, we’ll call him George. At 11:04 AM George received a call from 360-244-4933, a Washington State area code. George answered and the next thing he heard, speaking in a heavy Indian accent, was “This is Postal Inspector Chris Harper.”  George tells us he was a bit reluctant to respond, but after hesitating, he said “yaaaah?” Postal Inspector Chris Harper continued…

“We are investigating a package that was attempted to be delivered through the US Postal Service that was confiscated. Upon review of the package, it contained $8000 in cash, to be exact, and an undisclosed amount of narcotics. Are you expecting such a package?”

Of course, George answered no, he wasn’t! Mr. Harper then asked George if he ever gets packages sent through the US Postal Service? It was a rather stupid question, in George’s opinion, but he answered “Of course I do.” Mr. Harper then asked George if he was expecting a package from Texas, to which George replied “I don’t believe so.” Mr. Harper asked George if he knew a “Maria Ortiz” from some town in Texas. George said he didn’t know that person. Mr. Harper then told George that her name was on the return address for that package, from a town in Texas. But, in fact, Postal Inspector Chris Harper said that Ms. Ortiz had two addresses in Texas associated with her name. He asked George if he was familiar with the other address, to which George again said no.  

Striking a serious tone, Postal Inspector Chris Harper said “This is a very serious matter. Will you cooperate with this investigation?” George said he would cooperate and Postal Inspector Chris Harper continued with “Upon my investigation, we’ve also noticed that your name (followed by George’s full name) is associated with over a dozen bank accounts.” After George said that he doesn’t have that many bank accounts, Mr. Harper told him that there must be identity fraud involved and proceeded to name a dozen banks. Of course, as you would expect, George then followed with “Oh! I have a [BANK NAME REDACTED] account!” During this conversation, Postal Inspector Chris Harper asked George multiple times if he would cooperate, as if he were beating that into George’s psyche! At one point, Mr. Harper even asked George point blank “Are you guilty of this?” to which he answered “NO, I’m not guily of this!” 

What followed next was truly NOT NORMAL or in any way appropriate or relative if this were a REAL investigation. Mr. Harper asked George how much money he had in his bank account. We’ve heard about this type of scam before. Sadly, there are people who do not recognize the absurdity of this question or the fact that it has no relevance whatsoever to this investigation, if it were real! And so, some people will give this scammer an answer. But not George! He immediately recognized this as completely irrelevant and said “That would be none of your business what I have in my bank account!” But Postal Inspector Chris Harper said “What do you mean?!” George explained again that Mr. Harper’s request was irrelevant and he had no reason whatsoever to know that information. Mr. Harper now seemed exasperated and said to George “You’re not going to tell me this?” ….multiple times!  But George didn’t budge! This was an important turning point for George. Now he was very suspicious that, maybe, this phone call was a complete fraud! But what followed was so absurdly crazy, it felt like George had stepped into a theatre of the absurd.

Postal Inspector Chris Harper told George that he was going to call the local Police Chief in George’s township and open an investigation into George’s claim that he wasn’t involved in this ilegal package! George was now 100% convinced that this was a scam and, to his credit, wanted to see how it would play out. In a strong, confident tone, George told Mr. Harper “PLEASE DO THAT.” Mr. Harper then told George not to hang up on him as he called the Police Department “on the other line.”  He also told George that the Police Department would be calling him right away! This is absurd, of course.  As George told us “What police department is going to take a call from a postal inspector, and then turn around and immediately call me [based on the information given].”  At 11:24 AM, twenty minutes after this crazy call started, George gets another call. What surprised him was that the caller ID showed the call coming from Monroe Twp, Police followed by the real police department phone number, as shown on the real police department website.

“Caller ID Spoofing” is a serious issue, often used by scammers as a part of their scams to manipulate people. Americans need to know that Caller ID cannot be trusted! There are various apps that can be installed on phones and manipulate caller ID.  Here are a few articles about call spoofing:

George answered the call. A moment later, in another heavy Indian accent, a man says “Hello. I am Police Chief Michael Sullivan” to which George responded incredulously “Really? You don’t sound like Police Chief Michael Sullivan” subtly pointing out the very obvious discrepancy between the heavy Indian accent associated with a very American-sounding name! To which Chief Sullivan proudly responded “Sir, look at your Caller ID!” George immediately responded with “Police Chief Sullivan, what is the physical address of the Monroe Township Police Department?” Chief Sullivan quickly replied with “You don’t know where your police department is located?”  George knew he had him! He told “Police Chief Sullivan” that, of course, he knew where the police department was located, but did the Chief? Now, Police Chief Sullivan tried to divert the conversation, saying “This is no laughing matter!” and again tried to change the subject. He even asked George if he is guilty of this crime and George said “of course not!” But Police Chief Sullivan surprised George by saying “Well, I have no choice but to dispatch squad cars to your location right now!”  George was thoroughly enjoying this ruse and said “Please, go right ahead.” Chief Sullivan then actually hung up the phone!

It was now thirty minutes into these phone calls and George was feeling like he had triumphed over evil! It was time to let these clowns know he was on to them. Postal Inspector Chris Harper came back on the line and asked George if he finished talking to the Police Chief. George started gently with… “I think I just caught you guys trying to scam me!” Postal Inspector Chris Harper then hung up!

George’s story had so many red flags, starting with the unrecognizable phone number! However, George’s experience also shows that these scammers do their own research before and during their fraud. For example, when George later looked up Christopher Harper, Postal Service in Google, he found many links referencing such a person….

But when he looked up Police Chief Michael Sullivan, he discovered that there is actually such a person but associated with the Police Department in Arizona, and not New Jersey! Another, red flag particular to George was the fact that early on in this scam, the scammer referred to George’s prior address where he lived nearly a year earlier. George corrected him, saying that he now lived in the Monroe Township. This showed that the scammers were researching him as soon as he responded to the call, but the information they found had not yet been updated!

From victims of this fraud who fell for this ruse, the story does not end well. These low-life scammers have tricked people into believing that their real bank account is at risk of being confiscated/closed as a result of the many fraudulent accounts opened in their name. As a result, the victim is tricked into moving their money into a “safe” account provided by the US Postal Service or Police. But it is all a lie and the victim’s money is simply taken. This scam is described online in several credible websites, including the US Postal Service!

USPIS.gov: Fake US Postal Service Phone Calls

NY Post: Scammers are Impersonating US Postal Inspectors on the Phone

Spotting a Fake Job Offer, and Jessica Who?

Last week one of our readers contacted us to ask our opinion about a job she had been offered online. It all began on April 16 when a woman received this email below. She had posted her resume on several job sites so getting a response like this was expected.  But what do you think? Can you spot the fraud? What tools would you use to figure it out? We’ve added the last email with the job offer details below as a screenshot. Look them over and then take a look below them to see our list of reasons why we are certain that this is a complete fraud!

On Tue, Apr 16, 2024 at 12:52 PM Melanie Dupont <account@easterndistilleries.com> wrote:

Dear job seeker,

My name is Melanie Dupont, I hold Account Manager with Aloes Ltd company. We work with real estate objects and provide constructions services. Our HR manager noticed your resume because it falls under the requirements we have for a perfect candidate. We can fix date and time for a phone conversation and I’ll explain you all information about our job offer.

Reply back to this email please to notify of your interest.

Our offer is very promising, with a competetive pay and lots of perks. Looking forward to your prompt response and seeing you in our team!

Sincerely,

Account Manager
Melanie Dupont
Aloes Ltd

Here’s why we believe this “job offer” is a scam….

1. According to the Security Service Sucuri.net, the link to the “documents” in the last email has been identified as a phishing scam.

2. Melanie’s first email was sent from an unrelated business to her company, Aloe LTD. The sender domain was called Eastern Distillaries. The other  emails came from a domain called EliteHomesQuest[.]com.  This WHOIS tool shows that this EliteHomesQuest[.]com website is hosted on a server in Germany and this WHOIS tool shows that this domain was just registered on March 1, 2024, less than 2 months ago!

  1. Melanie claims that this job offer is for/about the Aloe Construction company. And yet, none of the emails for Melanie came from the Aloe Construction company! It also turns out that the ONLY Aloe LTD construction company we can find is in S. Africa and has a Facebook presence, but no other website. Also, Eastern Distilleries DOT-com appears to be an alochol/beverage business in Nigeria, though we’re not certain if their website/business is legitimate or not.

Below is a screenshot of page 1 of the bogus job application form on Google that has been identified as a phishing fraud. (Click on it to enlarge the form.) Obviously, we advised the woman to back away from this job offer!

For a few weeks, we’ve shared the experience of a young man who has been getting weekly invitations from a woman named Jessica Walker.  In this week’s “installment” we’re no longer sure WHAT this woman’s name is! Look closely at her latest email…

Here are a few recent articles we wanted to share with our readers….

Check out this small, but important win for the good guys!  It was posted on Bitdefender on April 15:
https://www.bitdefender.com/blog/hotforsecurity/zambia-arrests-77-people-in-swoop-on-scam-call-centre/

From the FTC: When Companies Share Your Personal Information Without Your Permission
https://consumer.ftc.gov/consumer-alerts/2024/04/when-companies-share-your-personal-information-without-your-permission

Our readers know about Rob, a super scambaiter!  He’s not alone and he shared this recent article about another scambaiter who works tirelessly to waste scammer’s time, expose their fraud, and protect people as a result!  Check out:
https://www.npr.org/2024/04/15/1243189142/scam-baiter-kitboga

Remember to check out our latest Podcast posted last week about spearphishing scams!
https://www.securewon.com/resources/podcasts/

Very Unusual Smelly Phish!

This week we have a number of very unusual smelly phish to share with you. Let’s start with this email that wants you to believe it came from Chase Bank.  Chase Bank wants to share a document with you via Google Drive?  HELL NO! The shared document came from a bogus domain called portalverification-account[.]com. (This domain was registered 2 days before this email was received. However, it was found to be fraudulent and removed.)

We visited this Google Drive destination and took a screenshot of what we found. The drive had an image that looked like the start of login screen for Chase Bank when, in fact, the image was a linked graphic pointing to another phishing website on a Windows server. NOTHING about this email, or the links, is real.  Lunge for the delete key!

Check out this Microsoft 365 phishing scam below. We don’t often see these type of phish. The link in it actually points to a server in the Czech Republic! (“.cz” = Czech Republic) But that’s not your final destination! The Czech site will redirect you to another website called bestautoc[.]com. This obvious fraud site was registered the same day the phishing email was sent!

Deeeeeleeeete!

Finally, we leave you with an obvious phishing fraud if you simply take a moment to notice that this “McAfee” invoice came from a bogus email address that begins with hilariovangorpgua…  By the way, a search for the phone number in this phish, 803-820-9362, turns up nothing online except a malicious website. Report your smelly phish to this Google link and to us! https://safebrowsing.google.com/safebrowsing/report_phish/

FREE MONEY!

A common lure used by scammers is to pretend to give away money. For example, we get hundreds of emails annually (no exaggeration) disguised as the Casino called Titans. (They always land in our spam folder.) Each email offers to give you money to play their online slots but they are all malicious.  Here’s another example. This time it claims to be a welcome package from the “Revolution Casino.” But this bogus email came from a suspended domain called parmuro[.]com. The link to “play now” actually points to the link-shortening service at Bit.ly.  Don’t be fooled by the LONG link in the lower left corner. The actual link to pay attention to ends with 4a9DQnf. Nothing past the # symbol is important. When we unshortened that link, it clearly doesn’t point to revolutioncasino.com!

Another one of our readers sent us this crazy text that she received, along with 11 other people. The sender claims to be a man who won lots of money and now wants to give YOU $300,000!  And if you believe this nonsense, then we also have land to sell you in Atlantis!

Guys in the Picture, Pics to You from Roni, and Delivery Notices

My family continues to be targeted. The lure is always the same…. Photos! Check out this email that I supposedly sent to a relative.  The text starts with “I’m assuming you still remember some of them…” Of course, the link is 100% malicious and the domain used in it was registered just 2 months earlier!

This second email was again disguised as though it came from “Roni” but the email address was an unknown bogus Hotmail account. Check out the message… “Photos” followed by a date. The link is, of course, malicious!

We have two recent examples of malicious emails that were disguised as delivery notices. The first pretends to be the well-known delivery service Fedex. HOWEVER notice that the email came from a bizarre website named xhzax[.]us, sent via another website in Germany. (“.de” = Deutschland = Germany)  Also notice that the link doesn’t point to fedex.com, it points to the misused service at GoogleApis.com!

Delete!

This second email about a delivery is complete nonsense! It was sent from a crazy domain name. The logo in the email appears to be similar to UPS but doesn’t say that. They claim to have your package held at their distribution center “due to lack of postage.” Poppycock! They don’t even identify you by name!

Deeeeeleeeete!

Bogus Toll Services Text

This text was shared with us from a resident in Florida. It tried to trick people into thinking it was from the Florida’s Toll Service called Sunpass. But the real website is sunpass.com. The link in this bogus text is mysunpasstollservices[.]com.  This fake domain was registered just hours before this text was sent.

Until next week, surf safely!

Copyright © 2024 The Daily Scam. All rights reserved.
You are receiving this email because you have subscribed to thedailyscam.com

Marblehead, MA 01945

Contact Webmaster