Select Page
Weekly Alert  |  August 17, 2022

Are You This Gullible? Scammers have lots of tricks at their sleazy fingertips with which to victimize you. Some of them may surprise you. For example, have you ever received a text or email from a friend or relative, asking for a favor? On August 8th, one of our UK readers received a WHATSAPP message from her 26-year old daughter. The message begins with “Hi mum. My phone is broken. This is the new number you can save.” …followed by a heart and kiss emoji. But this 62-year old mother was immediately suspicious when her financially independent daughter asked for help making 2 payments while “all her data was being transferred to her new phone.” Check out the conversation and ask yourself…Would you have fallen for this clever ploy?

The mother told us that as soon as her “daughter” asked for the money transfer, she knew this was fraud! Very bluntly,” she told the scammer to F-off! Though this scammer didn’t seem to use much personal information to perpetrate this fraud, he certainly had the mother’s WHATSAPP number and either knew or guessed that she was an older mom. Just 2 minutes after that scam, the mom contacted her daughter and confirmed that it wasn’t her on Whatsapp. As this mother did quickly, it is critical to verify, verify, verify before making any financial decisions involving online or smartphone transactions!

Also on August 8, another newsletter reader informed us that he had received the following email from a friend, a man we will call Dan. The email appears to have come from Dan’s correct email address:

On Monday, August 8, 2022 at 09:15:21 AM EDT, dan [REDACTED] <[redacted]@yahoo.com> wrote:

How are you? Just hoping you are keeping safe and well.

I need a little favor.

Thanks, Dan

====

However, when the recipient of this short email hit reply, he suddenly noticed that the reply-to email address was different, though similar, to his friend’s email!  It pointed to: [LASTNAME]4 @ gmail.com, instead of the Yahoo address!  He reached out to Dan’s via his real email address and confirmed that Dan had NOT sent the email!  It is also very likely that other friends of Dan’s received the same bogus email and it is critically important to send a warning to all of Dan’s contacts! Would you have thought to do that? Would you have noticed the difference in the Reply-to address?

Have you ever received a text mistakenly intended for someone else, as if the sender mistyped the phone number and got your number? Remarkably, these “mistaken” texts are often from scammers! Check out this bizarre, though brief, text exchange posted on Reddit on August 11 by an account named Bree. Would you have continued in this conversation with the stranger?  What if this scammer had not pulled the “God” card but instead pleaded for help dealing with a financial crisis? Be on your guard because it is SO EASY to deceive others online and through a smartphone! (Check out this article on NBCNews.com about these “wrong text” scams.)

In our June 15 newsletter, we wrote that you can’t trust Google or Amazon links. But lots of us do! Check out this email offering to show you your credit scores from the three major credit-reporting agencies. A mouse-over of the links in the email all point to Google’s googleapis service. But this email originated on a website named kodehexa[.]net. This website is hosted on a server in Bahadir, Turkey! Does THAT sound right? If you were interested to see your credit scores, would you have fallen for this? According to three security services listed on VirusTotal.com, this email is a phishing scam!

We know that we often sound like a “broken record.” But online deception is simply too easy and scammers are banking on people to accept what they see, hear and read, at face value! Verify, verify, verify! Look at details and think critically, just as the people mentioned above did to avoid a scam. Here’s one final email example that appears to have come from the delivery service called UPS, using the subject line “Confirm Your UPS Package.” Can YOU spot all six MAJOR RED FLAGS in this email?

The six red flags are…

  1. The email came from a personal Gmail account, not ups.com

     

  2. The email contained grammatical and punctuation errors

     

  3. UPS (and other businesses) will never send you information as an attached Word document!

     

  4. The Word doc also contained poor English “Hi, your package on Hold” and a date of February 17!

     

  5. Mousing-over the link to track your package (& pay $1.99) points to a domain called larsenfx[.]com, instead of UPS.com

     

  6. Though the email claims to have a package for you, YOU are never identified by name or address!

3 Common Bank Scams Targeting NFCU, Bank of America, and M&T BankWe’ve found several scams that target your bank account along with all the money linked to it. Try this free tool to protect yourself!

Credibility Problems Persist and a Mother Scammed for $20K Last week we wrote about multiple people with credibility problems.  Below is another one that appears to have come from a Miss Fedir Bogdan from Ukraine. Our collective hearts pour out for the Ukrainian people! An empathetic person might think about responding but Miss Bogdan has some credibility issues! She sent her email from a domain called saudi-investment[.]club. There’s no website there and it was registered anonymously in February. However, a reply to Miss Bogdan goes to a Gmail account! A bit odd, don’t you think? 

There are many online scams that are related to Ukraine, as well as other forms of financial assistance. Scamadviser.com recently published an article about financial assistance scams that are appearing on Facebook!  Check out: Humanitarian Financial Assistance Scams on Facebook.

We’re very sad to share a story that was posted on Reddit on July 25, by a son with the username of nooneknows156. The son reported that his mother was scammed for at least $20,000, even after many friends and family warned her that she was dealing with a scammer. Below is a screenshot of the last text she sent to her son. So many of us receive ridiculous scam emails in our inboxes and lunge for the delete key. But sadly, there are people who fall for these scams. (The son’s reply at the very bottom of this screenshot says that he was not going to give his mother any money. She had already depleted her funds.)

What followed this post on Reddit was a conversation about if, and how, the son could stop his mother from sending any more money. Can the son, for example, have his mother “declared” as incompetent and be legally assigned as her legal conservatorship?  It’s tricky. As another Reddit user pointed out… “making bad choices is not the same thing as ‘incompetent’ An adult would have to show other signs of dementia or issues with cognition and likely be diagnosed with mental illness in order for a judge to assign concervatorship.”  The legal blog, HG.org, has an interesting article on what it takes for someone to legally lose their ability to make financial decisions to a relative. The article is titled Conservatorships: Consequences and Options.

Another Reddit user, Roadgoddess, suggested that the son contact local police to see if an officer might be more convincing. He also suggested locating senior support groups who might have helped to convince the mother that this was a scam. As Roadgoddess put it so well “Maybe hearing it from someone other than you and your brother might make her more potentially receptive to what’s going on.” Roadgoddess also suggested showing the mother one of Mark Robers videos about scammers and cash schemes, such as this one on YouTube, to help her understand it’s all a fraud.

Three days later, the victim’s son posted this:

“Update I decided to called the county Sheriff and they spoke with my mom. She told me she stopped communicating with the people scamming her. I hope she is telling the truth. The sheriff gave her some tips on getting some of her money back. She spoke with her bank and they have opened an investigation. She could get some of her money back but I think it’s gone. She’s going to get a part time job so she can start paying back the money she was loaned by friends and family. That part really sucks because she’s 68 and not in the best health. On a side note she started dating a guy that got scammed out of $60k in Bitcoin. So they should get along great. To all the people that said a kind word and offered advice, thank you. I didn’t expect my post to get this kind of attention.”

Our hearts go out to this mom, and her family. Scammers are one of the worst human beings on this planet. They don’t give a damn who they hurt, or how much pain they cause to others.

Yahoo and Paypal Smelly Phish We hope all our readers know that every type of email account is targeted by phishermen.  Check out this lovely email that came from Yahoo to inform you that your account is soon to be updated. However, it didn’t come from any official Yahoo service. It came from a personal Yahoo account called “g.samms.” It claims that, as of August 15, you won’t be able to log into your Yahoo account unless you “confirm your email address” and get more organized!  Rubbish! The link to verify your account points to a phishing page on the free service provided by SquareUp’s site called Square.site. The bottom of the phishing page even says “Powered by Square.” We reported this phishing page to SquareUp and it took them almost 3 days to take it down!

Last week, readers reported more Paypal phishing emails to us in a week than any other service besides Amazon, a few months earlier. Let’s start with this funny email that came from a Gmail account called “your payment wrong” but named “socialnetworkemailservice” at Gmail. (WHY does Gmail allow these names to be used!?) We love how the scammer tells you to use the “safe button” to verify your identification. Of course, the link points to the often-misused link shortening service at Bit.ly. This shortened link will redirect you to another misused webpage at Blogspot.com!

    Several of the other Paypal phishing emails had the same design and came from various free Gmail accounts. Notice the grammar errors in this one, stating “Your Order was Step Up for Processing.” We think it’s pretty cool though that you purchased “Lighting.” That must be more environmentally friendly that purchasing fireworks! But hey, if you want to refute that $767 charge, you can call the scammers at 866-208-3493. By the way, this bogus email mentioned the recipients full name four times! That doesn’t make it legitimate! Delete!

    Protect Your Home From Pests No one wants pests in their home! It doesn’t matter whether we’re talking about carpenter ants, wasps nests in your attic, mice in your basement, or skunks under your porch. Pests are not welcome in our homes! And Terminix has made a business at helping homeowners get rid of pests and keep them out. However, this email didn’t come from terminix.com! It came from a malicious mimic via a website called terminixs[.]cam. Clicking that link to “get a quote” will send you directly to a malware trap placed by the infamous Hyphen-Poopy cybercrhiminal gang (whom we believe is located in India.) If you look at the link revealed by mousing over “Get a Quote” you’ll see that the top directory is called lease-Isadore. (The Hyphen-Poopy gang uses automated software to create bogus directories in their malicious links, consisting of 2 hyphenated words. If you spot 2 hyphenated words anywhere in a link, DO NOT CLICK IT!)

    A WHOIS lookup shows us that the domain terminixs[.]cam was registered less than a week before we received this email in one of our honeypot email accounts. The Zulu URL Risk Analyzer shows us that the link will redirect visitors to a domain well-known to us, called LittleItaliano[.]com. This innocent sounding domain has been misused by these criminals for many months! (We first documented this misuse in October, 2021.)

      Attached is Your Receipt – When anyone sends you an email, telling you that they have sent you an attached file, it is CRITICAL to look at the FILE NAME of the attached document BEFORE you double-click to open it! An administrator at a Chemical Company received three such emails within 30 minutes. One was a “payment receipt” while the other two were “invoice receipts.” All came from the same iCloud account, using different names. And all attachments were VERY DANGEROUS “html” files!

      Any attached file that ends in “.html” “.htm” or “.php” serves as instructions for your web browser! Imagine allowing a cybercriminal to freely instruct your web browser to do something? This will NOT end well for you! Lunge for the delete key!

      Free Marriage Partner Referral Campaign and Amazon again! –We are so excited to tell you about a free marriage partner referral campaign from the “Official OKcupid Team.” Any text that starts with “do you believe in fate?” has us captivated! We absolutely LOVED this text and it put the biggest smile on our faces. Nevermind that it came from a Whatsapp phone number in Mozambique, East Africa. It’s adorable. Just don’t click the link, OK?

      Finally, here is another Amazon text scam sent to us by one of our readers. It came from a bogus email address called “noreply_amazon.issue-0037.”  The link in this phish points to a misused link at Linkfire’s service at lnk[,]to. Delete!

      Until next week, surf safely!

      Copyright © 2021 The Daily Scam and Scamadviser. All rights reserved. You are receiving this email because you
      have subscribed to it via Scamadviser.com or thedailyscam.com

      Keurenplein 41, UNIT A6311  |  1069CD Amsterdam, The Netherlands

      Contact Webmaster