Guess What Fake Website Many Scams Use? — During the last 6 months we couldn’t help but notice that many types of consumer and job fraud employ the same trick to hit victims with fake fees and unexpected costs. Can you guess what it is? We’ve seen this sham used in fake specialty liquor store scams, fake online stores selling bogus consumer products (We’ve got a GREAT new phony store below that will make you smile!), and fake jobs targeting Americans who are hired to repackage stolen merchandise and ship it to scammers. (called “parcel mule scams”) Can you guess now? It is fake shipping companies! Check out the samples below that popped up in recent scams AND how Google found LOTS more of these fake companies just by searching for unique sentences found on a known fake shipping!
In last week’s Your Money column, we reported a story about a woman who purchased specialty liquor from a fake store and was then hit with high insurance and shipping fees before her order could be shipped to her. There was no order, of course, and the fake shipping company (CoyotoExpress[.]com) was just another ruse to milk more money from this victim. Shortly after that newsletter was sent, we heard from other people about even more fake liquor stores, shipping costs and fraud. Coincidentally, we also heard from a gentleman who had just signed an employment contract with a Shipping Company that was legally registered in the state of Alabama as Trans Grace Logistics (transgracelogisitics[.]com) The man had just signed a contract agreement to work for Trans Grace Logistics as a Package Reshipper. You know, someone who receives merchandise purchased with stolen credit cards and then inspects it and reships it with a new label to a new location. Lots of Americans have been fooled by a Russian-speaking cybercriminal gang whom we’ve reported on many times before (We’ve listed about 90 fake shipping companies on our site that are mule scams!) Let’s take a look at a couple of these recent fake shipping companies and WHY they are NOT TO BE BELIEVED!
USA Logistics Package Forwarding Services uses at least two domains and websites: usaslogistics[.]com and usaslogisticshr[.]com. (Notice the extra “s” between usa and logistics) We discovered this fraudulent shipping company from a victim who reported it to us on September 30 of this year. Use a WHOIS tool to see when and where a domain was registered. If the domain was registered less than 4 months earlier, that’s reason to be suspicious but if less than a month earlier, then we believe the website is likely a fraud and malicious. Both of these websites were registered about a month before they were brought to our attention.
VERIFY, VERIFY, VERIFY! Don’t take their word for it, look up both a phone number and address listed for a business, and if either one of these is missing from a website, DO NOT USE THE WEBSITE! Usaslogistics[.]com lists their address as 1313 N Market St, Wilmington, DE 19801 and their phone number as (302) 319-9922. A Google search for this address shows no such business located there and a Google search for this phone number shows several credible links identifying it as a scam, including the Better Business Bureau and Scampulse.
Let’s take a look at another shipping site brought to our attention recently and made us laugh. It’s important to pay attention to details and read the contents of a website before doing business with them. This business, whose domain was registered less than a year ago and is hosted on a server in Malaysia. The top page has an hysterical sentence in what they offer clients, including very poor and awkward English! We can’t understand what on earth it means! But we sure loved reading it! Professional businesses are exceptionally careful not to make mistakes like this on their websites!
Another trick to try when pulling back possible layers of fraud is to look for sentences on a website that seem fairly unique. Copy them and enter them into a Google search surrounded by quotes. (Quotes tell Google to conduct a search for exactly those letters in exactly that order!) You may be surprised by the results. From the EastTrustLogistics[.]com fake shipping website we selected the phrase “pillars on a dedicated team of highly skilled and qualified professionals.” (Google has a search limit of about 32 words, or 2000 characters.) The top Google result was for East Trust Logistics. HOWEVER, the exact phrase also appeared on a group of other shipping websites that immediately caught our attention. A WHOIS look up of their domains strongly suggested that several of them were also fraudulent! (Check out the screenshot below.)
The suspicious domains included….
- Mgtvz[.]com (This is a VERY odd domain and seems to have held a website that was nearly identical to the websites listed above. It was found on the subdomain “ifucn.” We think it could have been the original fake website that was used as the source to create the other nearly identical websites.)
However, not all websites that turn up in an a search for an exact sentence are necessarily fraudulent. Over the years, we’ve learned that cybercriminals frequently steal content from legitimate businesses to use on their fake websites. Check out what turned up in Google when we searched for a portion of another sentence “means that you have a full team of trained and educated specialists.” We found us at The Daily Scam, as well as legitimate websites and another highly suspicious shipping site called tlitms[.]com. (Also, you’ll see this phrase turned up on Scam-Detector as it was evaluating a site called Globalforwardllc[.]com as a possible fraud.)
We dug a little deeper into another one of the shipping companies that turned up in our Google search. Boldon Shipping Logistics (boldonshippinglogistics[.]com) has a robust website and claims to have thousands of customers all over the world and their website shows a copyright date of 2021. Their address is listed as 18 Stone Court, College Station, Texas. But it turns out that their domain was only registered about 4 months ago and is hosted on a server in Malaysia! Also, Google maps shows their address as an open and empty field!
Another valuable tool, though not perfect, is to ask VirusTotal.com what it thinks about a website or link. (You can copy/paste a link into Virustotal if you feel safe doing this, or simply type out the exact website name, along with http or https.) When we asked VirusTotal to evaluate BoldonShippingLogistics[.]com, it reported that THREE security services had reported this site as a form of phishing scam! And in case you wondered if the same cybercriminals were behind many of these fake shipping companies, you are correct! Look what we found when we (safely) visited both BoldonShippingLogistics[.]com and EastTrustLogistics[.]com. Scammers reuse the same content over and over and just stamp new names to their sites!
Shipping scams have been a part of many types of fraud but the two most common are consumer product fraud and shipping mules. In the former, people are fooled into purchasing items from fake websites, such as the specialty liquor stores we’ve recently described, or other consumer products, like those on this Macy’s Store pretender called Macy-Discount[.]com. (See details about this in our Your Money column) Consumers may also have purchased a new puppy, kitty or other pet! (Such as the victim we reported in our Top Story on October 25) After making their purchases, they are told that the shipping company has additional fees or your shipping order requires special insurance or packing and you’ll have to pay more money to get your products. But fake shipping companies are also used in job scams to hire Americans to repackage and reship stolen merchandise! (We’ve now identified more than 90 of these fake shipping companies created by a Russian-speaking group of cybercriminals in the last few years. Our article also describes the bread-crumbs leading us to believe these criminals speak Russian.) Last week we heard from another victim of this type of scam. The bogus company that hired him was called Trans Grace Logistics (transgracelogistics[.]com) After hearing the victim’s story, and reviewing all the emails used to communicate with him by the “HR Department,” we learned of two more recently registered domains used to support their fraud in addition to their main website. They are transgrace-hr[.]com and transgrace-ship[.]com. Two of the 3 domains were registered at the end of September and the third was registered at the end of October. Fortunately, people are beginning to report Trans Grace Logistics as a fraud. Check out this recent report on the Better Business Bureau website from a victim or this discussion thread on Reddit started by someone who was offered a job with this company. The Reddit community correctly identified this as a “Parcel Mule Scam!”
Unfortunately, fake shipping companies used by scammers are like “whack-a-mole!” If you “out” one of them and report it to the point where it is finally taken down, three more appear around the internet in it’s place. And, as we suspect by finding the website Mgtvz[.]com, cybercriminal gangs often hide a model for their sites on the Internet and then register a new domain name, make a cloned site, modify it and post it. They can likely produce a new shipping company in a matter of hours, including photos of people either purchased from stock image companies around the world, stolen images from people posted online, or generated by AI sites. This problem is never going away and, as we’ve learned many times from victims, using shipping problems as a way to defraud a victim for money or to move stolen merchandise, is simply too easy. So, do your “due diligence” and be sure to verify, verify, verify whether or not the online company you are looking at is legitimate!
Nominate Your Scam Fighter of the Year! — Nominate outstanding individuals, organizations, and tools combating scams in the categories of Best Scam Fighting Individual, Best Scam Fighting Organization, and Best Scam Fighting Tool. Join us in recognizing those dedicated to turning the tide on scams. Nominate Now!
Premium Invitation to a Woman’s Profile, Possible Contact from AI-Generated Person & Bogus Student Loan Program — Last week we reported on fake online specialty liquor stores after hearing from a couple of victims. We’re thrilled to say that one of the victims contacted us a few days later to say that he’s now a lot more savvy! He reported another fake specialty liquor store called jimscellars[.]shop. This DOT-shop domain was registered at the end of June, just over 5 months old. And VirusTotal tells us that there are 2 security services identifying it as malicious!
At the end of November, a gentleman contacted us about an odd email invitation he received completely unsolicited. Rightfully so, he was very suspicious that it was a threat of some kind. We point it out as yet another example of the way online risks may hide behind seemingly innocent messages. The link in this invitation pointed to the link-shortening service at Bit.ly, thereby demonstrating that someone intentionally wanted to hide your final destination on the internet. When we unshortened it, we were not surprised to find that clicking the link would have redirected the man to a woman’s profile page at the oddly spelled AnddySmith[.]online.
Before some of our readers get a bit too excited to visit Anddy Smith (Who spells their name “Anddy” anyway?), we want to remind you that not everything is at it appears online! Whoever created this sexually provocative domain and profile for Andrea Smith, did so less than a week before the man received his invitation and that is NEVER a good sign! But more importantly, even though her website was not found to be malicious by several tools we used to assess it, the Zulu URL Risk Analyzer DID FIND an external link on her site to another profile for a “Jessica Fitzgerald” that IS MALICIOUS!
Speaking of online deceit, on November 20, we received an email request from a woman identifying herself as Sophie Hickford. She asked what our fees are for her company to publish an article on our website. She said “We are currently working on behalf of a major industry-leading client trying to enhance their brand via editorial content.” (We NEVER sell space for companies to publish on our site and only rarely invite guest authors.) We mention Sophie specifically because she has persistently contacted us 3 times in a few weeks with this same request AND because we suspect that she isn’t a real person.
- Sophie talked about a company and her manager but never included the name of her company or the manager.
- Sophie used a free Outlook.com email address and NOT an email associated with a business.
- Sophie’s name and photo can’t be found in any Google or Linkedin search
What do you think? Her lovely smile and adorable face, with a wisp of hair poking out behind her right ear, and her image set against a completely blank white background, has us wondering…. Was her image generated using one of the dozen different online fake people AI generators?
Speaking of credibility problems, another one of our readers told us that he was very flattered to receive a request for an interview with Forbes Magazine because they thought he was an excellent CPA in his field. Wow! Except the man noticed that Philip Jones’ email came from an odd domain, mediababy[.]org. When he looked up this domain using a WHOIS tool, he discovered that it was registered less than a month earlier. Though disappointed, he doubted the “upcoming Forbes feature” article was credible.
Another one of our readers told us that he received a call from “Anthony” at “Graduate Support Program” last week. The recent PhD graduate was asked to call back 888-344-8711, but discovered that this number had been identified as a loan scam. Two others have reported this same scam call from this phone number on Reddit. Check out the caller’s voicemail left on the man’s phone:
Anthony from Graduate Support Program
We are always grateful that our readers are willing to share their stories with us and our readers. Another reader told us last week that his company had been scammed out of $56,000 by making a wholesale purchase from a fake online wholesaler called Alnoor LLC (alnoor-llc[.]com) The story about this fraud was posted on Medium.com. When we took a quick look at Alnoor LLC (alnoor-llc[.]com), which is still on the web, we couldn’t help but notice several red flags, including….
- The company claims to have 20 years and 25 years of wholesale trading experience, depending on where you look on their website, but their website was registered in October, 2020.
- The site shows an address of 4073 S. Odessa Street in Aurora, Colorado. This is funny because Zillow says this address is a 4-bedroom home in a lovely residential neighborhood.
- After 20 or 25 years in business, we think its quite telling that they have only 26 Facebook followers and likes as of December 10, 2023.
Peacock Membership, Netflix and Norton Lifelock — Several of our readers have been reporting a smelly phish disguised as a “Membership Expiration Notice” from Peacock streaming services. You are given an offer to extend your membership for free, which is a very attractive offer. If it were true! But this sample below came from a Microsoft email account and all the links point to a very dangerous website we’ve seen used before. It is called beehiiv[.]com. We’re all buzzing about how unsafe it is to click that link! Lunge for the delete key!
“Please Update Your Billing Information.” This fraud came from a free iCloud account and NOT from Netflix.com! Furthermore, the link to renew points to the free link-shortening services at Twitter (X). You’ll be redirected to a fraudulent website called SubscriptionHelpDirectory[.]com which was registered less than 2 weeks ago! Lunge for the delete key!
Ahhhh… if we had a nickel for every fake Norton Lifelock email we’ve seen, we could retire early! Below is another variation of this phishing scam that fills people’s inboxes to overflowing! It came from a free Gmail account and the only personal information it includes about you is your email address. It’s obvious that the scammers already have that! Delete!
Macy Discount Store and Social Security Changes Coming! — On December 7, one of our readers saw an incredible deal on her Facebook feed from a department store she had known all her life. The store was Macy’s Department Store. However, she noticed that the link pointed to macy-discount[.]com and NOT to Macys.com! She contacted us. It turns out that the domain macy-discount[.]com was registered on November 23 in China! It appears to be yet another fake online store created by Chinese cybercriminals! This bogus site not only uses the real logo from the real Macys, but it also starts with a large photo of a mall entrance into a real Macys department store. (One of our team members from Scamadviser is very familiar with Chinese shopping scam sites! Check out Adam Greening’s recent post about them at his site Fakewebsitebuster.com.)
True to form, scammers continue to show what low-life, sub-human sleazebags they are because they frequently choose to target the elderly and senior citizens! Take this recent malicious clickbait one of our readers shared with us. It appears to have come from “Retired in USA” but the email was sent from the domain eats-okay[.]com. You know, that’s just like ssa.gov (US Social Security Administration’s website), right? The links in this notification about social security changes point to the same eats-okay site and that’s NOT OK! At least VirusTotal shows us one security service is aware of this clickbait.
AOL Complaints and Unauthorized Instagram Login! — Oh No! “WE RECENRTLY RECEIVED 42 COMPLAINTS ABOUT YOUR EMAIL ACCOUNT!” And WE RECENTLY RECEIVED COMPLAINTS THAT YOUR SPELLING SUCKS! This clickbait would be funny if it wasn’t so serious. The link to scan for viruses points to a very malicious domain, geometropic[.]com, where malware lies in wait! Ironic, isn’t it?
Below is a screenshot of an email meant to look like it came from your Instagram account but was sent from a very dangerous domain we’ve reported on in the past…. Kodehexa[.]net. Like many social media sites provide, you appear to have received a code as if you were trying to reset your Instagram password. However, clicking either “Yes, it’s me” or “No, don’t allow” would send your notice to more than 30 different email accounts around the world, including accounts in Russia! This is a perfect example why it is sooooo important to mouse-over links to evaluate them BEFORE you click!
Your USPS Package Has Arrived — A reminder that during this holiday season, the number of these very malicious texts are hitting cell phone owners all over the United States! This one came from a free Hotmail email account and NOT the United States Postal Services! The link you are asked to click is malicious and will send you to a website registered in Singapore on December 11, the day the text was received. Swipe left! (Note that “usps” in the link is a subdomain and NOT the domain name!)
Until next week, surf safely!
Copyright © 2023 The Daily Scam and Scamadviser. All rights reserved. You are receiving this email because you
have subscribed to it via Scamadviser.com or thedailyscam.com
Keurenplein 41, UNIT A6311 | 1069CD Amsterdam, The Netherlands