Romance Scammer Jason Lindvig Strikes Again! — In our Top Story of March 16 (Your New Boss and Lover Are Liars), we introduced readers to a romance scammer using the alias “Jason Lindvig.” We had been following this scammer’s exploits for a few years and believe he is part of the gang detailed in our article A Professional Love Scammer From Zimbabwe. The woman recently victimized by this fraudster was so angry at him that she started digging deeper into his alias and discovered a post online from another woman that strongly suggested that she had also been victimized by “Jason.” She reached out and discovered she was right! The two women recently talked to one another. They shared with us a new and clever trick played by this romance scammer!
The other victim’s story is more complex than the one reported on March 16. We’ll call this victim “Reena.” Reena met Jason Lindvig on Tinder in February, 2020 and they spoke online until July, 2021. Like ALL of the Zimbabwe Scammer’s fraudulent stories, he said he was in construction and on a job in Turkey. (He sometimes says he is on a job in Cyprus, which is very close to Turkey. He also told the victim that he lived in Northern California and was divorced.) He wasn’t able to leave Turkey because Covid-related circumstances meant the job was taking longer than he thought it would. Jason started asking for help financially after a few months of contact with the woman. She never sent him any money, or purchased things for him or his business. But after more than a year of speaking with this man online she got suspicious. For the first time, she searched for this man in Google and discovered there were 2 LinkedIn profiles with his name and company on them! Jason Lindvig, CEO of Detron Engineering. She thought that the man she had known as Jason had created a fake LinkedIn account by stealing another man’s identity. Afterall, the LinkedIn account had only 9 connections while the the other “Jason Lindvig” account with more than 500 connections! In July, 2021, she reached out via LinkedIn to the real Jason Lindvig, through the other LinkedIn account to warn the real Jason that his name, business and photos were being used by a romance scammer!
However, what she didn’t know, couldn’t know, was that the romance scammer had created BOTH accounts on LinkedIn for “Jason Lindvig” and had used one of these accounts to build a following of more than 500 people to make it appear legitimate! As is often the case with scammers, the “real Jason Lindvig’s” LinkedIn account had several references to his faith in God. This low-life leech has no more belief in God than a vampire does. He posts these references so that people will THINK he is a religious man of good faith and therefore can be trusted. What a lie THAT turns out to be!
Disguised now as the “real Jason Lindvig,” the Zimbabwe scammer told Reena via email that this had happened to him before where criminals had used his name and photos to scam women. He said that he knew of another woman in Canada who had been scammed out of $350K, and he and this other woman were trying to locate the scammers. (The TRUTH is that this romance scam team did scam a woman from California out of $375,000 in 2019 and 2020.) Ironically, just like all of his scams, this fraudster – disguised as the “real” Jason Lindvig – claimed to be from a foreign country (Amsterdam, Netherlands) but was now living in Florida.
Jason asked Reena if she would help him and the woman from Canada try to catch the romance scammer who had targeted each of them. He even put Reena in touch with the Canadian victim and she talked to Reena via phone and told her what happened. But it was total BS! Reena was now talking to 3 scammers… the first Jason, the 2nd Jason (Jason #2 was not the same voice as Jason #1) and the woman from Canada. Jason #2 said he and the Canadian woman hired a group of “investigators” to help them and that they were close to tracking down these scammers! But it was going to cost $5000 for this investigative team. (Did you see this coming?)
Jason #2 went on to explain that he had already paid people in the past to try to locate the scammers, and he wasn’t going to do it again. However, he said, if Reena and this other victim wanted the scammers caught, they could split the $5000 cost. They agreed and Reena paid the $2500 deposit! Keep in mind that the other woman was part of this scam! Early in the Fall, 2021, Jason #2 called Reena and said he had good news! The investigative team was on the ground in Turkey and close to identifying Jason #1 along with his team of scammers, but the Team needed to be paid right away. Coincidentally, the Canadian victim had an emergency and was not available to send her share of the $5000 fee to the investigative team. Jason #2 asked if Reena could send the balance. Reena sent another $2000. All together, Reena had wired $4500 to these criminals, thinking she was paying for their investigation of Jason #1 and his criminal gang.
In early October, 2021 Reena’s daughter did a reverse image search of the images of Jason Lindvig #2 from LinkedIn and discovered that he was also a scammer! The photos used for Jason’s LinkedIn account, with 500+ connections, were actually photos of a man named Andrew Nicolls. Reena was devastated. She called both “Jason #2” and the victim from Canada and told them that she knew they were scammers. She also reached out to the very real Andrew Nicolls and had several conversations with him to make sure he knew his photos were being misused. Ironically, the first woman we mentioned who was recently victimized by this scammer, and had contacted us earlier in March, again heard from “Jason” via an email. We urged her to reply and pretend to miss him and say that she made a mistake when she accused him of being a scammer. We also gave her a tracking link and suggested how she might trick “Jason” into clicking it to possibly reveal his location in the world!
One thing we’ve learned about this particular gang of criminals… They learn from their mistakes and they read our articles! Though the person at the other end of that email clicked our tracking link 3 times revealing his location, we’re not confident that these locations were indeed his actual locations or the location of a VPN service he used to while he was somewhere else across the Internet. Two of the clicks showed that the man pretending to be “Jason #1” was located in Winkler, California (using an IP address operated by a Chinese company called Shenzhen Tencent) and the third click was from Busan, South Korea. These 3 clicks happened within 32 seconds. (According to this article on Scamalytics, 22% of the web traffic coming through the Shenzhen Tencent IP Addresses across the world are scams.)
A Final Note: Our friends at Artists Against 419 Scams (aa419.org) were able to have BOTH of “Jason’s” LinkedIn accounts removed! Go Team!
Interesting News… – We want to remind our readers how important and valuable it is to report your suspicious emails, texts and social media posts! Please forward your spam and phishing emails to both email@example.com and firstname.lastname@example.org! And thanks, it takes a village!
Last week there were a number of interesting articles in the news about scams and scammers worth sharing with readers. Let’s start with this feel-good story published by Cyberscoop about an Estonian scammer who is going to jail for using ransomware to extort more than $53 million dollars from people and businesses around the world between 2015 and 2019.
We’re sure our readers understand that scams targeting consumers don’t all come from cybercriminals. Some come from legitimate companies whose business practices are found to be fraudulent or terribly misleading, and taking advantage of consumers. The FTC recently filed a lawsuit against the alleged fraudulent practices of Intuit, the maker of Quickbooks and tax software such as Turbotax. Turbotax offered free tax-filing services for some software users but the terms to use their free software were very misleading, according to the FTC.
We’ve posted many articles and examples of fake jobs over the last decade. However, Proofpoint just published an article at the end of March about fake jobs that are specifically targeting college students! If you read their “key findings” at the top of the article, you’ll recognize how similar they are to many points we’ve made for years!
Also, unsurprisingly, the rise of Cryptocurrency scams is coming to light. Checkbook.org has written a good article about these investment scams and how, in particular, they impacted one woman named Shannon. (Thanks Rob for sharing that article with us!)
At the risk of sounding like a finger-wagging parent (forgive us!), we wanted to remind our readers how very important it is to understand that an email address located in the FROM field always shows two parts. The part that appears between the < > symbols shows the actual email address. The text found IN FRONT OF these symbols is simply text placed into a “name” field. Check out these two emails below showing that advance-fee scammers have placed an email address for the FBI and the name “CITI BANK GROUP” into their respective text fields. (Though it is not impossible to post a fake email address between the < > symbols, it is very difficult and requires very sophisticated fraudsters. This practice is called “email spoofing.” But ANYONE can put ANYTHING into the text field that appears in front of the < > symbols! It’s as easy as child’s play!) Both emails below came from personal Gmail accounts that anyone can set up…
Phish from Quickbooks, Citizens Bank, Paypal and Whatever This Is? – This first phish is one of the most clever we’ve seen because it was created and sent by criminals through the very legitimate and commonly used software called Quickbooks by Intuit. Criminals went to the trouble of entering targeted email addresses into Quickbooks, thereby creating bogus invoices for Norton Subscription software for $532.58. They then attached these pdf invoices (also shown below) and had Quickbooks send an email to the “clients.” One of several things that makes this email HIGHLY suspicious is that it was received on April 1st and the email/invoice says that the payment is DUE on April 1st! (Yes, happy April Fool’s Day!) As is often the case, you are given a bogus scammer’s phone number to call if you want to tell the sender that this order a mistake: 435-610-1435. But if you call, that’s when you’ll be victimized by clever criminals! It’s important to notice that the recipients name and address are NOT seen anywhere on the email or invoice, because it’s fake of course!
How many of us can actually say we’ve been to Dubai in the United Arab Emirates? That’s where this email came from! “Jose” sent it from a website hosted there called FalconCity[.]com but the text field says Citizens Bank! The security message that is waiting for you is actually the OPPOSITE! The message should read “click to give us your banking credentials so we can empty your account.” Move your hand away from this fire!
This next phish contains at least 6 RED FLAGS that scream out FRAUDULENT or SUSPICIOUS email! Can you find that many clues in it? More? We’ve pointed out 3 obvious ones in the email to help you. If you find more than six clues, please let us know! email@example.com
Finally, we at The Daily Scam received this oddball phish telling us that we were about to “permanently delete all your contact(s).” WHAT???? All links pointed to a malicious website called buchiraltod[.]us. Coincidentally, one of our readers reported a malicious email to us the next day that was completely unrelated to this smelly phish. The links in this other reported email also pointed to the malicious website at buchiraltod[.]us! Deeeeeleeeeeeeete!
WINNERS! Answer & Win New iPhone, Costco March Winner – Everyone likes to win a prize, right? Except when that prize is a nasty explosive triggered by a single click of the finger or mouse! Here are two recent examples of such a wolf in sheep’s clothing. The first email looks like it was created by Walmart. Just answer a few questions and you’ll win an iPhone 13! We’ve seen this fraud DOZENS of times before! The link actually points to a website containing a survey and includes fake quotes from people saying how short and awesome the survey was and thanking the sender for their new wonderful iPhone! It’s bogus! This SAME BOGUS website has been used over and over for years by cybercriminals, with just a few modifications. They collect your personal information and sometimes hit you with malware too. Notice that at the bottom of the survey window you have 6 minutes and 30 seconds to complete the survey or the offer goes away. Of course this is just another social engineering trick to encourage you to hurry and not think about all the personal information you’ll be providing or the risks you are taking. We’ve watched that timer click down to zero. Guess what happens when it hits zero? …it RESTARTS again at 6 minutes and 30 seconds! Delete!
Wix.com is a free webpage creation service that is OFTEN misused by cybercriminals. They used it to create this bogus email telling recipients that “you are our March winner.” But Costco didn’t create this and the links don’t point to Costco! However, if you click the link to the free webpage at Wix.com, you’ll discover that you will be forwarded to another website that is malicious.
Featured Health Article is VERY Unhealthy and FedEx Package Delivery Pending –Cybercriminals often use topics related to health and wellness to cause severe pain and make us all sick. Perhaps we can describe this effort as a kind of nasty oxymoron? (You know, like ”jumbo shrimp.”) We call it “pretty ugly” “healthy clickbait.” This malicious email also proves our finger-wagging point that it pays to read critically! Look at the domain name that this “healthy diet” email came from! Another critical look at the domain revealed by mousing over the links will reveal another oxymoron of sorts. The links point to a suspicious website called charity-financial[.]com that was registered in India in 2017 and is hosted on a server in Canada. Google doesn’t know anything at all about this money-giving, money-related domain. By the way, the claims in this email are absolutely ridiculous. Shocking, right?
Any time a link points to an IP address (set of numbers) instead of a website name you can read, we’re pretty sure the web address is malicious! And then add to your suspicions a confusing subject line like the the one below, no connection whatsoever to the service it claims to represent (FedEx), AND the fact that the links point to another different website in the UK, all spell a recipe for disaster! Don’t click! Lunge for the delete key!
A Flood of Malicious Texts! – Last week our readers and friends sent us a FLOOD of malicious texts! Too many to post here. However, two sets of texts were of significant interest… One woman’s texts stood out because she sent us 2 malicious texts on consecutive days. Based on the WHOIS information for the registration of these domains, we’re confident to say that they were created by the same criminals. Do you know the expression “2 points make a line?” We think that these back-to-back malicious texts mean that this woman is being purposely targeted. We’ve urged her to be extremely careful and NOT click on any links in her texts! The link in the first text points to a domain named WantToPickUpNow[.]com and the second points to MySpeedyBrain[.]com. Both domains were registered on April 1st and are hosted on servers in the Netherlands. The second text took some effort to write and was CLEARLY written in a way to convince the woman to click. We think the link likely points to malware because after hitting the suspicious website, visitors are simply redirected to Google.
We had two unrelated people report to us, just hours apart, that they had received malicious texts made to look like they were sent from their OWN PHONE NUMBER! This may be a new method by fraudsters to try and trick people into opening, and perhaps clicking malicious links. Notice that BOTH of these texts use the same crap global top level domain “xyz.” Both were registered on March 8 in the Netherlands and both domains also consist of 5 random letters followed by 2 numbers, DOT-xyz. Hmmmm….Could they ALL be sent by the same criminal gang?
Until next week, surf safely!
Copyright © 2021 The Daily Scam and Scamadviser. All rights reserved. You are receiving this email because you
have subscribed to it via Scamadviser.com or thedailyscam.com
Keurenplein 41, UNIT A6311 | 1069CD Amsterdam, The Netherlands