Select Page
Weekly Alert  |  August 10, 2022

They ALL Have Credibility Problems! Like most of you, we at The Daily Scam and Scamadviser get emails every week from people requesting or offering all kinds of things.  They include business offers, marketing emails, and even oddball requests for therapy and marriage! While some of these email solicitations are obvious phony-baloney scams, others appear as very legitimate marketing or business solicitations. However, at least 98% of the time, we see MAJOR red flags that STRONGLY suggest (or prove) that the person emailing us is just a charlatan. Let’s take a look at a handful of these sincere and thoughtful solicitations and see if you can see the credibility issues we found in each. Just for laughs, let’s start with an easy one. It’s a solicitation from an “attractive girl with a beautiful and slim body.” She tells us that her height is 5.6 pounds. Why should we doubt her?

It was lovely to hear from Dashunya, though we have reason to doubt her claims that she is both 5.6 feet tall and her height is 5.6 pounds. For example, we found it odd that if we’re interested to “know about” her, then she likes sports. Perhaps, more importantly, we find it hard to believe that a “pretty girl” with a “beautiful and slim body, blue eyes” who is shy by nature, is going to send a random email like this to a stranger across the Internet. Also why does Dashunya Carroll use an email address called “Gonser Grave LQ?”

Let’s move on to an email offering to pay you to review an Amazon product. People DO get paid to review products, in case you didn’t know. Nevermind whether or not such payments might influence their reviews, we’re happy to hear that someone wants to pay us for our opinion. The sender claims to be an Amazon seller, willing to send us a free item and $5 – $10 commission for that opinion! But hold on… This email was not sent by any company or business, but from a free Outlook email account called “osknet1.”  The email does not name the manufacturer of the product or the business represented. They offer no name or accompanying business information whatsoever.  Does that sound credible to you?  Yeah, we didn’t think so either. has an online form for people to contact us. We love hearing from visitors, such as this email from Kristy Mcclain. She works for a digital marketing service and offered to pay us to allow guests to post content, or to sponsor our site! How exciting to finally earn some money for our effort! Take a look at her email. Does anything stand out as “not believable?”

We hope that you were as concerned as we were that Kristy never once mentioned the name of the company she represents! Or the fact that her email came from a generic, free Gmail account rather than any business domain. If she truly represents a digital marketing agency, then it MUST have a website and business name, right? The only link she offers is an online generic Google form that ANYONE with a personal Gmail account can create.  By the way, her online form didn’t contain any company identification, such as a name or logo.  But, it did ask us the following important information…

  1. How much do you charge for a Guest Post? (USD)
  2. Do you give do-follow link? Yes/No
  3. Do you accept casino link in post? Yes/No
  4. Pricing for casino post
  5. Any Other Information

While the name “Kristy Mcclain” sounds like it belongs to a native English speaker, her email contained a subtle grammatical error that is often made by non-English speakers.  Did you spot it? (By the way, if you are curious what a “dofollow” link is, you can check out this Hubspot article.)

Arguably, lots of people can benefit from a little therapy. Think of it as guided self-kindness and affirmation! But we were surprised when one of our honeypot email accounts received this email from Richard Bein, asking if we were taking referrals for therapy sessions!  Was this just an accidental mailing? Can you spot any red flags?

Hmmmm….Richard is looking for therapy referrals and asked what our “areas of practice” are? One might assume that if he’s emailed us for therapeutic help, he would know! But then again, a close inspection shows that Richard sent an email to “undisclosed-recipients” – meaning lots of people by using the “BCC” field! We suppose he needs a LOT of therapy from lots of professionals! We guess that’s why he connected so personally with us by saying “Hi” instead of “Hi Goldilocks” or “Hi Rasputin.” Since he’s already asking about a “cancellation fee for each missed appointment,” he may not be the ideal client we’re looking for. Plus, we would have to go back to school and then get licensed to give him therapy anyway.

We are grateful that our 160 thousand subscribers think TheDailyScam and Scamadviser are so helpful! One such subscriber, possibly named Damien Lok, recently sent us his gratitude with this lovely and well-articulated email message! And, it turns out, Damien also has his own blog and invited us to check it out!

We don’t mean to judge, because we’re not perfect either, but we do think that Damien might benefit from some English lessons, especially in grammar and capitalization…and how to avoid writing long sentences that run on forever, and ever, with many words, one following the other.  We found it odd that a man using the ID “Damienlok” would use a free Gmail email account called “scuba johanson” (if you remove the 9 periods scattered in his user name.) Though we loved his detailed and critically rich feedback, telling us exactly what he enjoyed about our blog about scams, we decided not to visit his blog and similarly leave our loving thoughts. Were we unkind?

Finally, regarding credibility of an email, we offer this rather troubling “IMMEDIATE STOP ORDER.” We’re confident that all of you have heard of the infamous “Financial Action Task Force on Money Laundering and Terrorism Sponsor,” affectionately known as the FATF.  Scambaiter Rob got this very concerning email from the FATF with an urgent message.  We’re sure you’ll see it for what it is, as we did… Incredible! This email came from a free Gmail account, rather than the very REAL FATF website at

Top 3 Facebook Phishing Scams & Tips to Avoid ThemTo hackers, your social media accounts are immensely valuable! We’ve recommended you a short tip plus a FREE, all-in-one tool to stay protected.

Being Victimized on Facebook and Over Many Years We hope you read the “Scam Alert” article linked above. Just a few days ago, one of our family members reached out to us. She was confused about something that had just happened to her on Facebook. She received a friend request from an old high school friend. She recognized the photo and hit accept. But then she realized that she had already friended this woman a couple of years earlier.  We helped her check and, sure enough, there were now two people by this name, both using different photos of the same former high school friend.  The first account, friended in 2020, had more than 200 friends.  The NEWLY friended account had only 3 friends, which included the relative.  We explained to our relative that scammers will often create fake accounts on social media, pretending to be someone they know.  There are many types of scams that can result from accepting a fake friend request. The most common scam is for the fraudster to reach out via social media and ask for a “favor.”  The scammer presents some circumstance why he/she needs quick financial help.  Sure enough, the relative received a message from the fake account within minutes of accepting the friend request!

The relative did the right thing by informing the REAL friend what happened.  Equally important, the relative immediately posted on her Facebook account a “WARNING: Someone may pretend to be me and send you a Facebook friend request! Scammers are circling!” The reason for this message is because once a scammer gains access to a person’s social media account he will collect photos and data, including friends’ names, and continue to perpetrate the scam!

In last week’s Top Story we told readers about the “engagement” between 63-year-old Rob and a 27 year old woman in London he met via email a week earlier.  We’re sorry to say that the wedding is off after Rob refused to pay her lawyer’s fees. But the good news is that just days later Rob received ANOTHER marriage request via email! This time the young lady claims to be age 24 and from Napoli, Italy. (At this rate he’ll have 15 year olds contacting him with marriage proposals in about 3 weeks, since they seem to be getting 3 years younger each week.)

Seriously though, this follow up proposal is just another piece of evidence to support our contention that “419 scammers” (advance-fee scams) will repeatedly target potential victims who have previously entered their scammy crosshairs.  For example, Rob has been contacted every few months by a 419 scammer that he baited in 2019! They don’t give up!  If you have ever been targeted by these types of scams AND replied to the scammer, expect to be targeted again and again, for many months or even years.  

Cybercriminal gangs are all over the world. But some countries or regions may become associated with certain types of scams. For example, Nigerian scammers are notoriously associated with “419” advance fee scams. (In fact the “419” number refers to a penal code in Nigeria. Reference: On the other hand, Chinese scammers are often associated with creating fake products and their supporting fake websites selling these products.  Check out this article on Scamadviser, detailing five tricks used by Chinese scammers to cheat both Amazon and Amazon customers!

South Korea, it seems, is developing another form of notoriety that may not exactly be a scam but it sure feels like one to us. We were saddened to learn that S. Korean artificial intelligence is now being used to create FAKE virtual influencers online. They even interact with their fans, and all for marketing purposes! Sure as hell sounds sleazy! Check out “Forever Young, Beautiful and Scandall-Free: The Rise of South Korea’s Virtual Influencers.” (Source:

Rob Slaps Down a Phishing Scammer Most of us have seen these bogus emails pretending to be about an annual renewal of your security service software, like Geek Squad. Below are two examples AND what happened when Rob, scam-baiter extraordinaire, actually called the scammers in India! (Listen to his accent.) By the way, a search for the phone number in this first email, 888-660-1402, returns links to posts about scams. What a surprise!

Next is the phishing email that Rob recently received. Like the one above, it claimed to be a confirmation that his “annual automatic” payment for a Geek Squad security service had been authorized to his credit card. But if he wished to cancel all charges and get a refund, he could call the scammer’s number at 888-995-9984.  Remember the good old days when toll-free area code 888 represented legitimate businesses? There are several critically important things to recognize about these bogus emails…

    1. They RARELY address the recipient by full name. Most simply show your email address (often multiple times!)
    2. Even if they are clever enough to show your full name, they NEVER tell you what credit card or bank was charged AND provide the last 4 correct digits of that account number, as they should!
    3. And of course, these emails RARELY show a correct “from” address! (Some cybercriminals are skilled enough to spoof an email address, but most of them do not.)
    4. Finally, if you Google the phone number in the email, you will not find that number associated with the business it claims to represent!

When Rob got this “Geek Squad” payment confirmation, he called the scammers and turned on his recording software! The number in the email is 888-995-9984. As you listen to the conversation, you’ll clearly hear an Indian accent of the “support” person who answers Rob’s call. You can also hear another scammer in the background trying to scam someone else! MOST IMPORTANTLY, listen how the scammer tries to trick Rob into visiting a website called rhelp[.]us. This website is linked to software that will give the scammer’s control over Rob’s computer! But Rob stops the scammer from taking over his computer and calls out the scammer as a fraud! By the way, the domain rhelp[.]us was registered on May 4, 2022 ( a few months ago) by someone supposedly named Joseph Moyer from Henderson, Nevada. This phishing domain is being hosted on a server in Germany!

Below is a screenshot of the website rhelp[.]us. It shows only a small window where Rob was asked to enter his “secure code” and click enter.  However, this was a clever scammer trick! Clicking on the activated arrow would have triggered the installation of software allowing the scammer to take control of your computer! Notice that “rhelp[.]us” isn’t any known, established business!  There is NO REAL PLAUSIBLE REASON why anyone needs to enter a “secure code” just to get a credit card refund!

One of our readers sent us this rotten phish that he received from a personal Hotmail account. It pretended to be from Comcast, an Internet services and multimedia provider. Like nearly all email account services, Comcast passwords don’t simply expire after a period of time! The link in this phish pointed to a free website created on Google by the scammers. Below is a screenshot of the top page on that bogus site. 

You Won a Shell Gas Card and Snoring Gone in 3 Minutes! As gas prices skyrocketed, low-life cybercriminals saw an opportunity to prey upon people’s financial stress. These human leeches dramatically increased the number of malicious clickbait targeting victims and disguised as offers for Shell Gas gift cards. Check out this email with the subject line “You have won a $500 ShellGasCard!” The omission of spaces between ShellGasCard is purposefully done by scammers to prevent anti-spam servers from identifying this crap and sending it to your spam folder. Check out the bogus email address that this clickbait came from!  Thankfully, tells us that at least one security service has identified the domain cidips[.]cc as malicious.

    Another common theme misused by cybercriminals to create malicious clickbait concerns our health, including healthy sleep. Check out this wolf in sheep’s clothing pretending to stop snoring in 3 minutes! This bogus “sleep apnea solutions” email has links pointing to a domain called resisys[.]today. This crap domain was registered anonymously in India a few months ago. Like many malicious links, victims will be hit with malware AND THEN forwarded to a real website about that topic so that they don’t suspect anything bad happened to them! Always be skeptical online and investigate BEFORE clicking

    New Fax Received – Cybercriminals FREQUENTLY target businesses! Especially if that business is related to infrastructure in the United States, such as energy, banking, or utilities. Below is an email sent to one of these critically important companies.  (The targeted employee sent it to us.)  This is a very clever trick to manipulate the employee into clicking a link to malware designed to infect her computer.  “Final Remittance Payment” was received via electronic Fax, says the email.  What is new to us is that the cybercriminals tried to trick the recipient into thinking the email was safe by added two lies….

    1. “This sender has been verified from [COMPANY NAME REDACTED] safe sender list”
    2. “You have a new fax document from [COMPANY NAME REDACTED] Scanner.

    In fact, the email contained the woman’s name or email address in six places, including the FROM address! This is meant to reassure her that this email is genuine.  It is ANYTHING BUT GENUINE!  The last attached document is a dangerous document containing web browser instructions sent by the hackers. Delete!

    New Amazon Login From Russia – So many of our readers, friends and family are getting hammered with these bogus texts pretending to be from Amazon. This one had a new twist.  It claimed that someone had tried to log into your Amazon account from Russia! (Musta been Vladmir Putin, looking for late-night reading material.) Your account is now locked. BUT, you can unlock your account by clicking the scammer’s link. Their lie actually had a tiny bit of truth to it. Were you to click that link to sidekickopen61[.]com, you would be redirected to a malicious website called 4nmn[.]com that was registered in Russia and is being hosted in Russia. Anyone care to visit Vladamir?

    Until next week, surf safely!

    Copyright © 2021 The Daily Scam and Scamadviser. All rights reserved. You are receiving this email because you
    have subscribed to it via or

    Keurenplein 41, UNIT A6311  |  1069CD Amsterdam, The Netherlands

    Contact Webmaster