A Multi-Part Scam Targets a Woman for 2 Years! — A woman in South Africa reached out to us on July 27, 2023 to tell us about a Romance scammer who has targeted her for the last two years, using a variety of scams, and as recently as this past March. We spoke to her over Zoom to learn the details of this lengthy scam and were amazed by the many ways that this team of scammers had targeted her to the point where their scams became absurd! It all started as a romance scam from a man identified as “Anthony Andrey.” To protect her identity, we’ll call this woman “Stacey.” What follows is the first half of her long story and begins with the dating app called Badoo…

In September 2021, Stacey downloaded the free dating app called Badoo and set up an account. She says that within ten minutes a man’s profile popped up for her that she described as “good looking, but not too good looking.”  They started to chat and he almost immediately said “let’s continue this chat on Whatsapp.” (That is considered a red flag due, in large part, to how quickly he wanted to move the chat away from any protective guard rails or monitors in Badoo. Stacey knew this was a bit concerning but made the decision to do it anyway.) The man’s name was given as Anthony Andrey. He told Stacey that he was leaving Capetown, South Africa in two days and headed to the United States for business. Anthony also said that he was a gem dealer and sent her a photo of himself having lunch in his apartment in Capetown. At this point, Stacey said that she had no reason to doubt him.

Three days later, Stacey got a phone call from Anthony to say he had landed in Detroit, Michigan. He mentioned that it was a very long flight and he wasn’t feeling well so he was going to a doctor’s office. Oddly, the next day, Anthony asked Stacey if she wouldn’t mind accessing his bank account with Yorkshire Capital Bank (website: yorkshirecapitalbnk[.]com; this website is no longer available) The reason he gave her was that he could not access his bank account from anywhere but in South Africa. Stacey agreed. After logging into Anthony’s account, Anthony asked her to transfer 100,000 UK Pounds into a Bank of America account. However, the bank asked Stacey for a “TAC” code in order to make the transfer and Stacey didn’t understand what that was. She reached out to the bank via email and they informed her that it was a fee for a “tech code” and it was going to cost 7000 Rand (approximately $369 / 336 Euros / 290 Pounds Sterling) The bank added that it will be refunded back into her account in about a day.

It’s important to keep in mind that Stacey was communicating in real time via email with the bank and trying to help out Anthony with this money transfer.  She was the one being asked to pay this TAC code fee. It wasn’t to be taken from Anthony’s account, she was informed, because his login in S. Africa hadn’t received the transfer code. She was the one making the transfer and the code was provided to her. (Of course, this logic makes no sense but in the moment, Stacey wasn’t sure how to proceed. She told us that, though it made her nervous to do this, she had access to Anthony’s bank account and saw that he had about 62 million UK Pounds in it! She felt pretty confident that he would pay her back. Also, the bank advised her that the money would be refunded into her account the next day.) Stacey even took a photo of his account balance because she couldn’t believe it was so much!) Via a chat window on the bank website and via email, Stacey spoke with a man named William at the bank who confirmed that she had paid the TAC fee and she could expect to be refunded within 24 hours.  Now that the “TAC” code was paid for, she tried again to transfer Anthony’s 100,000 UK Pounds as he requested.  She entered the TAC code into the correct field on the Bank’s website.  This request returned an error message, asking Stacey for a new transfer code. Now Stacey felt that something was “off” and thought to herself “what the hell is this!”

Stacey contacted Anthony and told him the story of what she had to go through to make this money transfer, and after paying for a TAC code, getting an error message and asking for another code.  She told him “never in my life have I every heard about the need to buy a transfer code to transfer money!”  Anthony urged her to simply pay the TAC fee again and said that he would pay her back. This time the fee was 8000 Rand (about $422, $384 Euros or 331 Pounds Sterling). Stacey justified this effort because the bank assured her that these fees would be refunded into her account within 24 hours and if not, she felt that Anthony would pay her back from his significant financial resources.

Again, sometime later, Anthony asked Stacey to do a second bank transfer for him to the United States and this time the bank asked her for an “IMF” code. Now Stacey was outright suspicious that this was all a fraud. She did a Google search about needing an IMF code to transfer money and found links saying that such transfer codes were scams. We found one such post here on Quora.com:

https://www.quora.com/There-is-a-company-who-tells-me-that-I-need-the-IMF-code-for-withdrawal-Is-this-a-scam

Stacey told Anthony that she wouldn’t make the transfer and simply waited the remainder of the 24 hours for her refund of both TAC fees. Remarkably, the refund was paid BUT it was sent into Anthony’s bank account at Yorkshire Capital Bank, and not into Stacey’s bank account! By this time, Stacey was very angry and told William at the bank that “they were going to hell” and she reported the Yorkshire Capital Bank to the UK Banking Authority in London. 

Stacey was also very angry at Anthony and said she wouldn’t take any of his phone calls for a couple of weeks, until she finally did pick up one day. When she did speak to Anthony, he told her that SHE caused big trouble for him because his bank account was now frozen! Stacey replied loudly with “YOU are scamming me! I still don’t have my refund! It’s in your account!” Anthony promised to sort it all out when he returned to S.Africa but right now he was in a hospital and was at risk of dying from his illness and, essentially, stranded because he had no money available! (He sent her a photo of himself in a hospital bed, with an IV bag and needle in his arm, but Stacey had deleted all of his photos so we have none to show of him.) Worsening Anthony’s problems was the fact that it was now early November and his US Visa had expired, he said. However, what Anthony didn’t know is that Stacey had contacted the Belgium Embassy in S. Africa because Anthony had told Stacey that he was from Brussels, but living in S. Africa. Though Stacey was angry with him, she was still a caring and kind person and hoped that the Brussels Embassy could help him.  She email them and explained the whole story to one of the embassy staff in Cape Town. She pleaded with them “can you please contact your citizen? He’s stranded in the US and he needs to get home. You can repatriate him and he can then take care of these debts and pay me back. I’ve seen his bank account and he is in good standing!”  Stacey provided his name, Anthony Andrey, along with his phone number. The Embassy staff said they would look into this, no problem. However, at the end of that November day, the Embassy staff called Stacey back and said “we have no citizen of that name.”

During the next few weeks, Anthony continued to call and reach out to Stacey via Whatsapp, asking for money. He claimed to be starving and living on the streets in the United States. Of course, by now, Stacey knew that “Anthony Andrey” was a complete fraud. In one call with “Anthony” she told him to turn himself in to the police and say he was an illegal immigrant because then the police will kick him out of the country and return him home! Anthony didn’t like that option. (Big surprise, right?) Stacey didn’t hear from Anthony again until a couple of months later in January, 2022. He reached out again and said he was now back in S. Africa. He had managed to get his travel agent to reissue his return ticket. However, now, he says, he’s got to travel to London to visit Yorkshire Capital Bank in person to sort out the freeze on his multi-million pound account! Since Anthony claimed that his bank account was frozen as a results of Stacey reporting him and the bank, Anthony wanted HER to send him money to travel to London from S. Africa! Stacey’s response was a loud protest… “I can’t! I won’t! I will not!” Followed by “Anthony, you’ve got two cars, a BMW and a 4×4 Land Rover. Let me get the company ‘We Buy Cars’ to your home. You can sell them one of your cars, give me the money and then I can start helping you.” He agreed that this was a good idea but called later to say that he can’t do it because his new girlfriend (a woman named Sandra) says it will cost 18,000 Rand to get them out of storage where they have been sitting for months. (Anthony didn’t explain WHY he couldn’t get the cars himself or why they had to be in storage in the first place. A man of his means certainly has his own property!)

Keep in mind that by now, after about 4 months with Anthony, Stacey was certain he was a scammer. The “Yorkshire Capital Bank” where Anthony had his millions of UK Pounds was a fake bank website! When I asked her why she continued to take his calls or not call him out as a complete fraud, Stacey said “I was curious to see where this was going to go. I knew my bank account was safe and I wasn’t going to give him any more money. But I now wanted to know what this man was all about.” Believe it or not, this was not the last time that Anthony Andrey tried to scam Stacey! To read about the next few attempts, check out our full article on The Daily Scam “A 2-Year Romance Scam of Many Moving Parts.”

Cash Scams Unveiled! — Have you recently come across the website AugustCash2023[.]com and wondered if it’s a scam/spams site or not? Check out for more details and protect yourself with this 100%  FREE, all-in-one tool.

Also last week, a longtime TDS reader told us she was added to a Google Group on August 9. “I don’t know why I was added as I don’t have a Google account” she told us. After checking and confirming that her email was, in fact, quite legitimate, we advised her to click the “Cancel” button to be removed from that Google Group! The Google Group was called Help Center7040lsil and a search of this group on Google provided no information whatsoever.  She did not recognize the email address that had added her to this group, either.

Romance scammers use many different methods to connect with victims and try to win their hearts, or their sexual interests, just enough for the victims to send them money. Here are a few recent attempts. Doug at TDS gets random texts from scammers nearly every week pretending to be an “accidental message” sent to the wrong person. Check out how his conversation went with a woman last week who pretended she had texted a friend named Daniel but sent it to Doug instead…

Our friend and Professional Scambaiter, Rob has been contacted by more than 40 women during the last six months. Most of them claim to be from Kazakhstan or Kyrgyzstan in Eastern Europe, with a few claiming to be from Ukraine. Just recently he tricked two of these women “from Kyrgyzstan” to click tracking links identifying their locations.  It turns out that one of these scammers was in a small city west of Moscow, Russia!

The other scammer surprised us because she turned out to be located in a district in central Thailand called Bang Krui! (She clicked Rob’s tracking link 6 times from Thailand and twice more using a VPN service while connected to the Internet in the Netherlands and then the United Kingdom! She couldn’t figure out why she wasn’t able to enlarge an image of a gift card that Rob had sent her.) Thailand, as the source of some of these scammers, is especially interesting because (as Rob shared with us) this type of romance scam is not typical of Thai women.  The romance scams from Thai criminals are more “in your face” as these article describe…

• https://www.romancescams.org/thai-dating-scams/
• https://digitalinvestigation.com/blog/dating-scam/thailand-dating-scams-protect-yourself-online/

As Rob has informed us many times, these romance scammers use an email playlist they’ve copied and pasted, over and over to send to victims. They rarely respond to any specific information or questions in the victim’s email or, if they do so, then in a minimal manner. For example…

Email 1: Hi there

Email 2: Let’s be online friends

Email 3: Tell me more about you and your family/friends

Email 4: I am revealing stuff to you that I tell no one else!

Email 5: I think I am beginning to really like you.

   etc….…..

Email 10: I want to leave my country and come to you to become your lover and then wife. Will you help me? I need $$ for visa, transportation, blah, blah, blah….

Until finally, Rob calls her a scammer and the reply is “this hurts. I am madly in love with you and you reject me as a scam?”

We have often written about people who have serious credibility problems, making their message hard, if not impossible, to believe.  Here is another one for you. It came to us at The Daily Scam from Mike McDermott at Pfizergroup[.]com. Pfizer is an international company that produces and distributes pharmaceutical products. Mr. McDermott wanted us to send him a quote for a pump! As if that weren’t proof enough that he was a fraudster, the reply-to email address was for a domain, pfizer-globalsupplies[.]com, that was registered less than 2 months ago and our friends at Scamadviser.com have identified as a fraud! (Malware has also been reported on this global site!)

Norton has a new consumer product called Norton Genie Anti-scam AI that may help consumers recognize whether or not communication they are looking at is a likely scam. This is new! PCMag.com gave this product a good review.

Here are a few links to other recent articles about scams that our readers may find worthwhile. (Thanks to Rob for recommending some of these!)

From Marketwatch.com: “I fell victim to one of the easiest banking scams in the world.”

From ConsumerAffairs: Scams targeting Venmo users

From EarlyWarning.com: Request a consumer report to determine if fraudulent accounts have been opened in your name. (Click to play their short video for an explanation.)

And finally, If you want to help the victims of the horrible fires in Maui, Hawaii, watch out for scam charities! Here is a list of REAL charities to help victims of the Maui fires from the Consumer Affairs website:

https://www.consumeraffairs.com/news/heres-the-best-way-to-help-maui-fire-victims-081123.html

Beware of Incoming Message Emails! — Rob received the email below and it contained his email address and his real business domain name in eleven locations, besides the TO field. (As if that high number would convince him that this email was legitimate! It wasn’t.) He was urged to click a link to “fix incoming mail bounces.”  The links all pointed to a complex domain ending in translate[.]goog and NOT to his business domain. At the end of the link was his email. We swapped it out for our favorite email address “I-AM-A-SCAMMER @ thatsthefinger.com.”  The link is another sophisticated phishing link. It took the logo and domain name from thatsthefinger.com and created a login on the scammer’s website! This is now a common trick used by Phishermen!

We received an email from a server in Hong Kong claiming to be from “Mail Delivery System.” It informed us that we had “14 important incoming emails” that were “stuck!” Oh my! Stuck, say you? Sounds like we need a toilet plunger or something like that. However, the email provided us with a button that would allow us to release only 8 of these 14 emails! (How does this make any sense at all?) Needless to say, we applied the same trick as above to show what we really thought of these scammers and their phishing tricks.

Bedding Sale and Canvas Prints Sale — One of our readers received an email recently telling him that an account had been created for him at a “Bedding Clearance Sale” website. Needless to say, he had never signed up for such an account! The email came from a domain that is known to be a scammer’s site, based on our Google searches. The link in this email points to a marketing service, Sendgrid.net, that is being misused by these criminals. We can say this with confidence because the Zulu URL Risk Analyzer informed us that the Sendgrid link will forward visitors to a malicious website called dreclaude[.]com.  Lunge for the delete key!

Easy Canvas Prints is a legitimate service/website but this malicious clickbait didn’t come from the real website and the links don’t point to any NAMED website! The links point to an IP (Internet Protocol) address (Internet location by set of numbers.) In today’s day and age, seeing an IP address in a link is almost always a sign of malicious intentions! VirustTotal.com told us that two security services identified this IP Address as malicious. Also, can we say….Who the heck offers 93% off anything? 

UPDATE on fake invoices…
Back in 2018 we created a webpage showing fake bills and invoices that people were reporting to us. What made these unique is that they arrived by US postal service on paper, not in digital format.  One of the MAJOR scammers was a service first known as American Super Pages, and subsequently became Media Pages. Last week, one of our readers sent us a digital copy of the fake invoice his business received. It was for nearly $490!  Check out what these fake invoices look like by visiting… https://www.thedailyscam.com/fake-bills-and-invoices/

LOTS of UNSAFE Emails! — One of our readers sent us this nasty email, claiming that there is a new voicemail message in your inbox. But the attached file is a VERY DANGEROUS “.html” file.  We cracked open that file and found that it contained  code with lots of phishing forms to collect personal information, as well as a redirect to a website in Singapore called dancaster[.]tech.

Another TDS reader forwarded the email below to us,announcing an Adobe Document shared file was waiting for him.  But the link to view the document pointed to Microsoft, not Adobe.com!  Also, the email didn’t come from Adobe, it came from a University Hospital server in the UK! We took a screenshot of the destination in that email link and found a blurred document image and yet ANOTHER link on the Microsoft webpage. We’re certain that this 2nd link is malicious. Deeeeeleeeete!

What the Heck is This? — One of our readers received these 2 texts forty minutes apart and from two different oddball Gmail accounts. Nothing in the text but these similar links.  HIGHLY SUSPICIOUS! NEVER click on suspicious stuff like this, especially when it comes from random email accounts!

Until next week, surf safely!

Copyright © 2023 The Daily Scam and Scamadviser. All rights reserved. You are receiving this email because you
have subscribed to it via Scamadviser.com or thedailyscam.com

Keurenplein 41, UNIT A6311  |  1069CD Amsterdam, The Netherlands

Contact Webmaster