A Message From First Lady Biden! — Professional Scam-baiter Rob L. receives dozens of wonderful emails every month informing him that there are millions of dollars eagerly waiting for him, for various reasons. By our unofficial accounting he should be a multi-billionaire by now! But the only thing he is truly rich in are the stories he gets to share with us about these 419 scammers. Many of the stories the scammers push come with “official documents” or photo IDs of the sender.  Surely, if he is sent an Official First Lady License, for example, from Jill Biden, then it MUST be the very real First Lady of the United States who is contacting him, right?! We did a search for “First Lady License” and discovered that there are MANY of these bogus licenses available across the Internet.

Rob has sent us all kinds of documents attempting to prove the legitimacy of the sender’s claim and each of them are fake or stolen. Take a look at this sad image Rob was sent on December 23 by “Mr. Timothy Edwards, Customs Department Director from the Saint Petersburg Airport in Florida. (Mr. Edwards used the free Gmail address: fgvffrrhoedkf678@gmail.com) It is a photo of a funeral of a “long lost relative” of Rob’s who died with no known heirs.  Rob, of course, has just inherited millions of dollars! But he needs to pay a few small fees to release the “consignment boxes” from the airport, containing the money.

BIG REVEAL: This photo didn’t come from Rob’s long lost relative! It was stolen from a photo used in an article published on LovetoKnow.com about Pallbearer’s Duties and Etiquette, written by Mychelle Blake. C’est la vie!

We want to remind our readers that typos can be dangerous! Truly dangerous!  Here’s a perfect example… 

Capital One Credit Card company works with the store Pottery Barn to offer a special Pottery Barn credit card. The website to set up your new account uses the subdomain “potterybarn” at CapitalOne.com. (A subdomain appears in front of a domain name in a link, separated by a period.) HOWEVER, if you mistyped that link by dropping the “o” in DOT-com, you would land on a malicious site in Cameroon! (“.cm” is the 2-letter country code for Cameroon.)  That mistyped link for the Pottery Barn credit card will redirect visitors to a website named “beerfaucet[.]io” which was registered anonymously in Iceland a few years ago! (“.io” is for a server in the British Indian Ocean Territories.) Want to learn more about how dangerous typos can be? Read our article Typos Hurt. Never Goggle!

2022 is almost here! Scamadviser and The Daily Scam wish all of our readers a safe and joyous new year.  We’ll see you next year!

Apple Product Purchases and McAfee SubscriptionsApple products were very popular for the holidays and we saw many rotten phish pretending to be about recent Apple purchases. Check out this email from “Billing Team,” though it came from someone’s personal Gmail account.  The recipient was told that his newly purchased Apple iWatch 6 was shipped to the wrong address in Parker, Colorado. Wrong address!? Not your order!? You can call the scammers at 800-674-0199 to try to correct this problem! Of course, that number isn’t for Paypal or Apple! And we guarantee the scammer at the other end of that line will have an accent.

Did you just buy an iPhone X? This email that begins with “Dear PayPal Customer” says you did!  It’s loaded with many capitalization errors and a few subtle hints that suggest it wasn’t sent by someone in the United States. (We would rather not point them out because we’re pretty certain there is at least one cybercriminal gang that enjoys getting our newsletter.)

Our longtime readers know that Phishermen LOVE to target them by using phony messages from the very security services that you use to keep your devices safe.  Check out this email that came from a news reading app called Flipboard, instead of mcafee.com.  On the one hand, the subject line reads “Your account has been successfully updated,” but the email says “Your protection is at risk! will end today” (We love the writing errors!) Oh, no! What are we to do? If you click that iffy link to ift[.]tt you’ll be redirected to a malicious website called blissfullstar[.]com.  We can assure you that visiting this website will NOT cause you complete happiness!

Finally, here’s another email pretending to be about your recent McAfee software order.  But the email came from a website that was registered in India just two months ago, called secureplaceorder[.]live! Fortunately, you can “consult our executive” by calling the “Customer Grievance Cell” number at 803-761-0393. Wouldn’t it be lovely if we could convince a thousand readers to call one of these numbers on the same day and scream at the scammers to stop hurting people and to get a real job?  Imagine that!  Imagine the collective power of a thousand people yelling at these criminals to stop.  Stay tuned while we plan this assault!

Malicious Holiday GiftsAs expected, the number of malicious emails pretending to be Christmas holidays gifts and rewards increased significantly in the two weeks before Christmas.  Here’s a recent example pretending to be “Christmas Shopping Gifts Opportunity” from CVS retail pharmacy. But this clickbait came from the domain happy-gym[.]info and the links all point to an oddball site called drinker[.]info. It is standard practice for cybercriminals to use a set of malicious redirects for clickbait in case one of their malware-laden sites is discovered and taken down.  So visiting this drinking site might send you to a nasty site called foldrwait[.]com or another called ps-survey[.]co.  The first nasty site was registered last June and sits on a server in Canada, while the latter survey site was registered in Iceland less than a week before this email was sent. Deeeeeleeeeete!

Some of these malicious emails copy known popular websites and online services such as the Gadgets Laboratory. That’s why it is so important to look at the REAL domain name that follows the “@” symbol found within the brackets <>.  In this case, the sending domain looks like it was voqgl[.]org.  However, this domain was completely spoofed and has never been registered!  Want to see more bogus holiday deals? Check out our article on Scamadviser titled “The 2021 List of Fake Christmas Shopping Scam Websites.”

What It Looks Like to Be Targeted – Are you looking to invest your hard earned money with a bank to earn between 3% and 7.5% in a Savings Account?  Here’s your opportunity! Invest with Banco Vitorioso at BanViso.com. “Banco Vitorioso” means “victorious bank” in Portuguese, and they claim to have offices in seven countries, including Brazil. All that is required is a minimum deposit of $5000 for at least 6 months. By comparison, savings banks in the United States are like Charles Dickens’ Ebenezer Scrooge, offering a pitiful 0.40% to 0.55%, according to a very recent article in BankRate.com.

No doubt, most of our readers have heard the old adage “if something sounds too good to be true, it probably is” (Meaning it isn’t true!) Might Banco Vitorioso be a complete fraud? Let’s unpack the details, starting with a couple of CRAZY sentences in this screenshot about the accounts they offer.  The devil is in the details!

Did you notice in the fine print this VERY FUNNY description…

A true anonymous bank account must be something that nobody knows about, not even the place that opened it in the first place. By using BANCO VITORIOSO’s Anonymous Bank Account you warrant a future to yours savings.

Could this mean that the moment you deposit $50,000 into an anonymous account, this bank forgets that you opened the account and you lose your money?!  We think so!

Banco Vitorioso appears to have a very robust and current website at BanViso.com. It streams daily exchange rates and provides an email address to contact, as well as a phone number to a phone in the UK. (Phone country code is +44.) We can also see that their website was copyrighted in 2015.

    But WHO IS Banco Vitorioso, anyway?  Their “About Us” web page says that they have been “working in the financial sector since 2004” though their website was copyrighted in 2015.  A likely typo on their About Us page is funny because they claim to owe money to several trust companies in at least 7 countries!

    Another MAJOR red flag is the fact that their domain, BanViso.com, was registered (anonymously) in early September, 2018.  This is three years after the website claims to be copyrighted and 14 years after they started work in the “financial sector.”

    And what about those offices in seven countries? We needn’t look any further than their fictitious “Head Office” on 30 Strand, London WC2N 5RW, United Kingdom. The address DOES NOT EXIST!  That’s right. Itsu restaurant can be found at #34 Strand Street, followed by Villiers Street.  The next building over is the Amba Hotel at Charing Cross.  There is NO 34 Strand street.  By the way, TheBanks.eu is a website in the European Union that tracks all banks across the region.  They list 344 banks found in the UK (along with customer ratings and other information.Guess what bank cannot be found on their list? 

    Many thanks to Rob L. for bringing this bank to our attention! Both Scamadviser and The Daily Scam have published many articles over the years informing readers of fake businesses, fake professional services, and fake online stores. You can read about several other fake online banks at TheDailyScam.com. James Greening, part of our team, has an entire website devoted to fake businesses called FakeWebsiteBuster.com!  

    Click Here to Review Payment –Not everything is as it seems online.  Or, in other words, reality online is an illusion. Cybercrminals are most responsible for pushing a fictional narrative in their effort to make money at your expense.  Take this email that came from a server in South Africa.  It claims to have an attached file containing an invoice and payment information being made to the business that received it.  But that is a lie.  The “attached file” is just a graphic linked to a website called mystrikingly[.]com.  At least two online security services have found this website to be malicious.  It is soooo important to mouse-over links before clicking them to see where they lead, this includes attachments!

    You Have Been Shortlisted for an Online Interview –Many readers contact us about scam job interviews.  These are just a sophisticated version of the advance check scam. Scammers create a reason for you to receive a check to deposit and then use some of the money to wire back to them.  The check bounces, of course.  But you’ll already have wired your REAL money to the scammer via an untraceable, unreturnable method.  One of our readers sent us this text he received to his phone about a resume he posted on Indeed.  The poker tell that it is a scam is that the interview is ONLY via texting. You can read about hundreds of fake companies set up and using this scam in our article titled Fake Job Interviews in Google Hangouts, Telegram, WhatsApp, etc…

    Until next week, surf safely!

    Copyright © 2021 The Daily Scam and Scamadviser. All rights reserved. You are receiving this email because you
    have subscribed to it via Scamadviser.com or thedailyscam.com

    Keurenplein 41, UNIT A6311  |  1069CD Amsterdam, The Netherlands

    Contact Webmaster