Select Page
Weekly Alert  |  April 5, 2023

How a Car Crash Became a $10,000 Check Fraud If “truth is stranger than fiction,” then the following story is its poster child. No one would ever have expected a $10,000 fraud to follow such a painful event as happened to our friend Alice. (We’ve changed her name to Alice to protect her identity.) What follows is a journey one woman took through a series of very difficult challenges that started when she mistook her car’s brake pedal for the gas and ended when her bank, thankfully, agreed to reimburse her for a check that landed in the clutches of fraudsters. Alice has given me permission to share her saga with Scamadvisor and The Daily Scam and my name is Claire, a guest author.

This saga began on April 25, 2021. My husband and I were on our way to a mountain retreat in the southern Rockies. We were about 40 minutes out when Alice, the friend we were going to visit, called us. Alice is not a drama queen but to examine her life at that time, one would think otherwise. She had just finished a divorce from a cheating husband who’d been living a double life with a woman in The Philippines. After 34 years together, she was trying to shut things down with him and yet was sympathetic to the hip replacement surgery he’d just undergone. He was trying to close the sale of his house in that little town and couldn’t even walk. We came there to help move all his stuff out. On top of that, Alice’s son-in-law had recently been diagnosed with brain cancer and Alice’s brother in New Orleans was recovering from a decade’s long substance abuse problem. Oh, and her basement was flooding with every rainstorm. Do you have the full picture now? It’s remarkable that she was able to put one foot in front of the other.

Alice was working through some “how to handle the ex” scenarios with us on that phone call when we suddenly heard a scream and horrible crash sounds through our speaker phone. And then the connection went dead. When she called us back she was traumatized and going on about what had just happened to her. While pulling into her driveway – and no-doubt very distracted – she hit the gas pedal instead of her brake and shot her car into her front porch, nearly launching herself out the other side. That might have killed her! We drove immediately to her house, and this is what we found:

In all fairness, the road in front of Alice’s house is a whopping 14% grade. It may not look like much, but it feels like a ski slope when you’re on it. That car was stuck in place on the porch for about three months and her house became a local attraction during that time. Anyone driving by when Alice was outside, so they could steal a picture with her, the hapless owner, considered themselves lucky. She was now the local celebrity. In time, Alice had the car extracted and the front porch fixed. Thanks to her bundling her homeowners and car insurance with the same insurer, she even got a new roof out of the deal. Of course, from start to finish, the whole process took about 16 months.

This story would have ended with that, if not for the phone call she got from her contractor in January, 2023. Alice had promised him a final payment in the amount of $10,000 and made good on it in November 2022 while visiting her brother in New Orleans. Without any concern about risk, she put her check in a street corner mailbox and the money came out of her account shortly afterwards. She was done, ready to move on to better chapters in her life. But the contractor called her in January to tell her he’d never received it. When she looked up the check in her account, she discovered that it was made out to a “DonLanda LaFrance” and it was  deposited in that woman’s account at First Hawaiian Bank instead of being in the contractor’s company name! This bank has branches all over the island state, as well as in Guam and the Mariana Islands.

Alice notified her bank immediately, and the money was returned to her account pending a fraud investigation. She probably had a much easier time than most people because it was obvious to bank staff that the check had been altered. The account was closed and a new one opened. Although she was saved from further abuse in her original account, all the inconveniences of her ordeal continued to plague her like pounding an asteroid field. She had to adjust every auto pay linked to the account (and there were many), order new checks, and set up a new debit card for many automated purchases. Her name and address were now “out there” so she was advised to freeze her credit to prevent someone else from trying to use it and steal her identity.

As you might expect, Alice contacted the post office in New Orleans to see how a check that she had put into a government depository could have been stolen and changed. The clerk admitted to her that their street boxes simply weren’t as secure as they were in the good old days. It could even be that the mail carrier emptying the box was possibly involved in the check theft. The clerk recommended that mail containing a check should always be dropped off inside a post office.

It’s important to understand the crime that was committed here. It’s called “check washing” and involves the appropriation of a bank check that has been typed, hand-written, or bank generated and typically put in the mail. Crooks fish through a mailbox looking for a letter that looks like it has a check in it. If found, they use chemicals to remove the payee’s name and often the amount the check is written for. They insert a new payee name, increase the check amount, and run off to a check cashing store where they may use a fake ID to cover their tracks. In this story, the criminal used an ID to open a bank account where she deposited a check already written out in a substantially large amount. The only thing she had to change was the payee’s name. Wikipedia has a good explanation of how check washing works:  https://en.wikipedia.org/wiki/Check_washing

As for DonLanda, it took us no effort at all to find someone with that name on Facebook. We have no proof that this is the person responsible for fishing a check out of a mailbox, washing it, and then depositing it into a Hawaiian Bank but it appears that this woman is known to police. Several years ago, she tried to run an ex-boyfriend over and was arrested for it: https://www.nola.com/news/crime_police/woman-used-car-to-threaten-strike-ex-boyfriend-at-new-orleans-east-gas-station-nopd/article_4468107b-cd7c-523a-96ac-379c926feed8.html

Whether she’ll add check fraud to her arrest record or not, only time will tell. It is possible that she, too, is a victim of fraud if someone used her identity to cash this stolen check.

When it comes to written checks, the best advice we were given is to think about the chain of custody. If you can’t hand a check over directly to the intended party, use your bank’s bill-pay feature. Checks sent using that method are also subject to tampering but the odds are far less likely. A much darker story of that very incident happened to ANOTHER friend of ours and we will share it with readers in a future Top Story. Another Best practice is to use a cash transfer app such as PayPal or Zelle. With the latter, be sure to confirm the identity of the person or business that you are transferring the money to. But understand that “check washing” is still an active crime and it’s on the rise. Check out this ABC Eyewitness news story from March the 17th:

https://abc7ny.com/check-washing-fraud-scam-money/12925374/

FOOTNOTE: We have seen several articles on line that say the best ink pens to use that make check washing hard or impossible for criminals are black-gel pens such as this Signo Uni-ball 207 pen from Amazon. For example, this type of pen is recommended by the Fairfield Country Bank and the Uniball website.

You might interested in these final updates about Alice. She fixed her basement from flooding, her brother and daughter’s husband are both doing well, and she has a new boyfriend. She put her ex-husband on a plane to the Philippines and watched him fly off into the sunset to live his new, unbridled life, but also “un”happily ever after, as it turned out. But that’s another story for another day.

Hot Phishing Scams of the Week McDonald’s, USPS, MetaMask, and WeTransfer. Can you spot these scams?  Check it out and protect yourself with this FREE, all-in-one tool.

Our April Fool’s Joke, Meet Liam Neeson and Rob Calls a Scammer in India! — To honor April Fool’s Day last week, we showed our readers how easy it is to push a scam on the internet! While many Scamadviser readers spotted our digital ScamAdviser Coin offer as an April Fool’s joke, 144 users signed up for the project in just 10 days and pledged to invest $11,000. Read more about this April Fool’s trick by visiting our big reveal on Scamadviser.com!  Apparently, online fraud was big across many news outlets in the last couple of weeks. Here are several interesting articles shared with us by our friend Rob. We think each is worth reading!

Also popular during the last few weeks are fake celebrity profiles posted on various social media platforms!  We’ve seen several of them described on Reddit.  Check out this scam profile posted on Instagram by someone pretending to be the actor Liam Neeson.  The scammer doesn’t even use capitals at the start of Liam’s name!

Speaking of imposters, check out this 7-minute recording that our friend Rob sent us a few weeks ago. He received one of those bogus emails thanking him for his recent Geek Squad security software purchase. Of course, this invoice was a complete fraud but provided a phone number for him to call if he wanted to cancel his order!  And Rob called because he loves playing with the scammers, wasting their time, and recording the call. If you listen to this call (which we shortened from the original 10 minutes) you’ll hear how the scammer, with a heavy Indian accent, asks Rob LOTS of inappropriate questions just to cancel a purchase and tries to trick Rob into installing software called “Anydesk” that would allow the scammer to take over and control Rob’s computer.

Enjoy!

Cybercriminals use all kinds of content to lure people into clicking their malicious links. We couldn’t help but smile at this recent clickbait disguised as an email to help you end your constipation! The malicious link in this clickbait points to an IP address located in Russia! That makes sense if you imagine how constipated some of the Russian people must be because of their shi**y President Putin. However, we don’t think the answer to your pooping problems are to be found in Russia.

We want to leave our older readers with a warning.  During the last few weeks, cybercriminals were misusing the AARP name as a means to trick older Americans into clicking malicious links.  Check out this collection of emails that landed into one of our honeypot email accounts….

LinkedIn, JUNO, and Xfinity Apparently, scammers are finding it useful to steal and misuse people’s LinkedIn accounts.  We’ve documented several instances of cybercriminals misusing these accounts. Here’s another phishing scam pretending to be an email from LinkedIn. Thankfully, twelve security services can identify that ipfs link as malicious! Of course we modified the link to include a new email address called I-am-a-scammer @ SCAM-U-NOW and it appears on the phishing website automatically. Presenting your email address on these phishing sites is a trick used by cybercriminals so that you think the website is legitimate.

Juno offers free email services. This means that their customers are targeted by phishing scams just like the consumers for every other email service!  Check out this bogus phishing email pretending to be from JUNO Webmail. Ironically, this rotten phish was sent from someone’s Verizon account! The link to “Verify Now” once again points to the free web service at Wix. You can’t help but notice the Wix website builder notification at the top of the phishing page.

And finally, here’s yet another phishing email pretending to be from Comcast, an Internet service provider. What makes this scam so clever is that the scammers put a real Comcast email address into the NAME FIELD. Would you have been fooled?  But the real email address can be seen between the greater and less-than symbols <>.  By the way, that crazy nonsensical domain name used in the REAL email address was registered just a few days before this email was sent.

Now delete!

Malicious Shortened Links Cybercriminals have routinely used shortened links in clickbait so that you can’t see where you’ll end up on the Internet when you click the link.  Lately though, we’ve noticed a sharp increase in this trick. The purpose of link-shortening services is to redirect you from a short link, through their service, to somewhere else on the Internet that is usually a much longer link.  Check out this supposed promotion from Ace Hardware, but coming from the crap global top level domain called “.xyz.” The link in this bogus survey points to the Twitter link-shortening service at t.co.  The link will redirect visitors to a malicious website registered through Namecheap in Iceland less than two months earlier. We’ve said this last statement so many times that one might think Namecheap IS a criminal organization!

Now delete!

This next clickbait came from a server in the UK, though it wants you to believe it came from an American auto insurance company. The link points to a well known link-shortening service at Bit.ly. However, these tricksters added a lot of unneeded letters after the 3TzHgYG. You will NOT get a free quote if you click that link. You will, however, get free malware installed on your device.

Lunge for the delete key!

Pickle Ball Sweepstakes, Xerox Scanner and Undelivered Messages — Pickle Ball has become so popular that even scammers are using it as their means to trick you! Check out this ridiculous “ultimate pickle ball experience sweepstakes” email with another attached “htm” file designed to take control of your web browser.

And then delete!

Similarly, here’s an email that scammers crafted to make it APPEAR as though it were sent from your office scanner to your email!  It was so cleverly crafted that the FROM email address even had the correct business domain name for the recipient.  Fortunately, these idiot scammers included a sentence in their email that, we believe, any real Xerox scanner would never use!

Check out this email that came from a server in Mexico. (Notice the “.mx” at the end of the FROM address.) It’s total BS! No email service on this planet will tell you that your mailbox storage was limited, preventing emails from being delivered AND then offer you a link to download them. Our eagle-eye readers will again notice the misuse of the service at ipfs[.]io.

Walmart, USPS and Paypal Accounts —One of our readers got this text telling her that “you’re on our winners list.” However, the link in this text pointed to a malicious domain called nopit[.]info.  It was registered in Iceland using Namecheap on the same day that the text was received.  What a surprise (said dripping with sarcasm.) Oh, and did we say that this domain is hosted on a server in Riga, Latvia?  Sounds like Walmart to us!

Scammers often target people with bogus texts pretending to be delivery notices. Like this one supposedly from the USPS but using a link for a site called uspstroubledelivery[.]us

We feel pretty confident to claim that cybercriminal group who sent the above fake USPS text, also sent these  two malicious texts pretending to be from Paypal.  They all came from email addresses rather than phone numbers, have similar designs, and all contain malicious domains ending with “.us.”  You be the judge….

Until next week, surf safely!

Copyright © 2023 The Daily Scam and Scamadviser. All rights reserved. You are receiving this email because you
have subscribed to it via Scamadviser.com or thedailyscam.com

Keurenplein 41, UNIT A6311  |  1069CD Amsterdam, The Netherlands

Contact Webmaster