Select Page
Weekly Alert  |  December 6, 2023

Two Victims of Fake Specialty Liquor Stores Two weeks ago we heard from an East Coast gentleman who purchased a specialty liquor from a website called ATCRCoffees[.]com last June. And yes, you read that correctly… “coffees” is in the webtitle. This website offered lots of specialty liquors at great prices and, as you’ll see, offered incentives for additional discounts. They even had a web page explaining why they were able to discount their expensive liquors so much! But it was all a fraud, of course. The man didn’t see the red flag warning signs and made his purchase but never received his order. Coincidentally, just as we started to work on this story last weekend, we received emails from a woman from the US West Coast who had been scammed out of hundreds of dollars after purchasing specialty liquors at another fake store a few weeks ago. However, pouring salt on her already open wound, she then found another online specialty liquor store and wanted to make another expensive purchase on December 1st. But, she became suspicious and contacted us. We evaluated both sites, and had to inform her that both were phony-baloney fake stores! Join us as we reveal the important red flags of these fraudulent businesses so you can toast later after making a legitimate purchase of an outstanding whiskey or bourbon!

Let’s get beyond the old adage “if it seems too good to be true, it is” and look more carefully at what happened to the East Coast man. He found at great deal at ATCRCoffees[.]com for Blanton’s single barrel whiskey for about $30.  A Google search shows us that this perfect bottle of whiskey can be found elsewhere for $135 – $200 so $30 is one heck of a savings! However, when the man shared his email order confirmation with us (see screenshot below), we couldn’t help but notice that it was sent from a very unexpected domain called zionrvrent[.]com and NOT from atcrcoffees[.]com. A Google search for zionrvrent[.]com showed us several credible sites with warnings about purchasing anything from zionrvrent[.]com because it was a scam business!

When we looked backward at this man’s shopping order confirmation link at atcrcoffees[.]com, everything looked legitimate. In total, he had placed an order for five discounted bottles of specialty liquors which, after discounts, coupons and free shipping, cost him slightly less than $100.  This was an incredible deal for liquors valued at somewhere between $600-$800 elsewhere! As you’ll see in the screenshots below, it turns out that the more you spent at ATCRCoffees, the greater your discount! This is in addition to a one-time discount popup code. AND, as you view an item you are informed of how few bottles are remaining AND how many people are on that web page AT THAT MOMENT looking at those bottles! OH MY GOSH! Talk about pressure to buy!  But these are all just marketing tricks that are even used by legitimate businesses. They are called “dark patterns” and are meant to manipulate consumer behavior. (Many “dark patterns” can truly border on the sleazy side of consumer practices. Here is a good article about dark patterns on Vox.com.)

    Deepening the muddy waters on the ATCRCoffees website was this “Frequently Asked Questions” webpage. It describes two reasons WHY their prices are so low. But they are lies! Don’t believe everything you read online! Be skeptical unless you have a completely credible and unbiased source, NOT a source that is trying to sell you something.

      Now that we understand why it may have been easy for someone to trust this fake website and purchase bottles, let’s show you signs of fraud our investigation revealed about ATCRCoffees[.}com and what you should do before purchasing from online stores…

      1. Most importantly, use a good WHOIS tool to learn what you can about the domain name used by the business.  We looked up atcrcoffees[.]com and learned that it was registered just 9 months ago in China. This is still rather young for a business and because Chinese scammers are known for LOTS of consumer product fraud, we would be immediately suspicious.
      2. Do a Google search for the business you are interested in. When we searched for ATCRCoffees we found NOTHING! Google knows they have a website but knows nothing about them. That often means that the business also provides no information in behind-the-scenes “meta” tags that are typically used to communicate information to search engines. That’s not normal. 

      3. Look carefully at the Contact Information listed for the business and explore it using searches. ATCRCoffees had no physical, verifiable address listed and when we searched Google for their phone number 707-968-7685, Google returned lots of links about fake businesses and scams!

      4. Look for “anomalies” on a website. I.e. things that don’t make sense or “fit.” For example, on the ATCRCoffees[.]com website in November, we found a special discount offer for “Juneteenth.” This makes no sense! Also, visitors are invited to use a contact form to send a message but there was no contact form present. And most importantly, the email address they offer for contact doesn’t refer back to their own domain, it refers to an oddball domain called CommunityOSummit[.]com. Another WHOIS lookup showed us that this domain was registered in late June in China.

      Finally, in our investigation, we visited ATCRCoffees and selected a wonderful liquor to purchase, entered in a bogus contact and address for the order just to see if there were any other hidden signs of fraud. When we clicked the “Payment” link to pay for our order, we discovered that we were redirected to another fake consumer website called FindMeAsia[.]com. Another Google search confirmed that FindMeAsia[.]com was another scam website used to steal your money by selling products you’ll never receive!  But this victim of fraud was not alone. Completely coincidentally, as we were investigating this story and preparing to draft it, we received an email from a woman we’ll call Florence. Florence purchased specialty liquor from one store in early November and felt she was scammed. On December 1 she was about to purchase another high-end bottle of liquor from another specialty store but stopped when she learned an important fact. Both stores were scams! We tell Florence’s story in this week’s Your Money column below!

      Holiday Deals to Avoid! Looking for holiday deals? Beware of these fake Big Lots websites and ads! Check out and protect yourself with this 100% FREE, all-in-one tool.

      Ads for Fake Online Stores Increase, as does Online Deception — As we are well into the holiday shopping season, it feels like the number of fake online stores reported to us from readers, our friends at Scamadviser, and stores we find ourselves in our social media feeds, has been increasing significantly! This includes suspicious and questionable stores that make us pause whether or not we should trust them. Take this Facebook “Sponsored” ad that appeared in one of our Facebook feeds just a few days ago. “A pair of reading glasses that can look far and near, smart zoom, you can look far and near in one pair!”  The bottom of this Ad shows an odd seller’s domain: Phili.zeberfi[.]com.

      Is this online store legitimate or fake? We conducted a Google search for Phili.zeberfi[.]com and were not surprised to find that it has a low trust rating. More specifically, the low trust rating is associated with the fully qualified domain “zeberfi[.]com.”  (“Phili” is a subdomain)

      1. This domain was registered at the end of July. A 4-month old store doesn’t impress us. Nor does the fact that a visit to their top web page at zeberfi[.]com shows a page that says “We’ll be back soon. Store is currently unavailable.” 
      2. Our search turned up several subdomains associated with products online at zeberfi[.]com and with low trust scores:

        https://www.scamdoc.com/view/1428490
        https://www.scam-detector.com/validator/tvd-zeberfi-com-review/
        https://www.scamadviser.com/check-website/phili.zeberfi.com

        Our message couldn’t be any more clear!  Last week’s Top Story about a woman who was defrauded after making purchases through Instagram Ads, along with the suspicious Ad from Facebook above makes it crystal clear that these social media platforms cannot protect their communities from fraud.  Protect yourself by doing your own investigating before you click or buy anything! (The US Federal Trade Commission just posted an article about how to best protect yourself against consumer fraud like this.) Highlighting the fact that social media platforms cannot protect their communities from fraud is another critical point…. Neither can they prevent or control the massive amount of misinformation and disinformation (intended harm) that spreads across these platforms as fraud and deceit. In the United States, we are about to enter an election year and now, more than ever, it is critically important for ALL citizens of the world to recognize that LOTS of information is fraudulently posted online in an effort to persuade, dissuade and manipulate your opinions, ideas, choices and votes. The New York Times posted an article just last week about Facebook’s recent removal of 4,800 Facebook accounts coming from China’s misinformation campaigners that were disguised to look like accounts of American citizens.

        In the last few months, we have repeatedly mentioned how problematic is the use of artificial intelligence by scammers to defraud the public.  And AI use by scammers is just getting started! It can have serious consequences in the manipulation of audio, videos, photos/images and any written narrative.  Recently, a Philadelphia attorney named Gary Schildhorn was targeted by a nasty scam that used AI to clone his son’s voice. Listen to his report to Senate Leaders about what happened in this short TikTok video.

        We love to celebrate the wins against online fraud and cybercriminals!  Here’s a small, but important win, we saw recently. Police Dismantle Major Ukrainian Ransomware Operation from SecurityWeek.com.

        “The cybercriminals used SQL injections, phishing emails, and brute force attacks to gain access to networks.”

        https://www.securityweek.com/police-dismantle-major-ukrainian-ransomware-operation/

        It’s important to emphasize that cybercriminals are using phishing emails to attack business and organization networks!  That means targeting employees! Doug at TheDailyScam.com offers workshops to employees of businesses, organizations, nonprofits and schools on how to recognize these malicious threats and better protect your devices, data and networks as a result.  If you’re curious to learn more, contact me: Doug@thedailyscam.com.

        Finally this week in review, we want to put a smile on your face. It isn’t all doom and gloom, afterall. Celebrate another win by listening to this crazy 5 minute recording that Rob sent us after he received a scam phone call from his “TV Cable Provider” and immediately turned on his own AI Superman to speak with the scammer and waste his time. (The scammer identified himself as “Otis” and has an Indian accent. What a surprise.)

        (This article on CordCutterNews informs people about a new scam targeting Spectrum TV customers about this scam.)

        Chase Bank, Amazon Account One of our readers recently shared a weird phishing scam that we’ve never, ever seen before! It arrived as an email sent from a Google account about a shared file.  The account was called “Chase Bank Access” but the account was actually related to a domain called SecurityVerifyDecision[.]eu, which was registered in the European Union just 3 days earlier! Of course, no bank will ever send you a shared Google document like this and ask you to “check your access ID information!”

        Another one of our readers sent us the lovely email from Amazon’s “Account Support.”  Of course, a close look at the email address shows that this phish came from a hacked domain somewhere in Indonesia called sentratopi[.]com. The Google description, when translated, says “This is the Hat Convection Center which has produced thousands of hats for various purposes. Can be sent to various areas, very easy!”  This must be just another way of saying “your Amazon account has been locked!”

        Our final smelly phish this week came from Jeff’s personally hacked iCloud account.  But nevermind that. Pay attention to the fact that this rotten osteichthyes wants you to believe that an unauthorized transaction in YOUR Paypal account was used to buy a brand new iPhone 13 Pro in Sierra Blue color!  Someone’s got good taste!  But it apparently isn’t you!  Oh no!  Quick, grab your personal Air Horn, pick up the phone and call these scammers at 805-980-7284 and send them your love! (Remember to wear your sound-deadening headphones.)

        Another Victim Falls Prey to Specialty Liquor Store Scams! As we mentioned above in our Top Story, a woman we’re calling Florence, contacted us on December 1 to say she had made a purchase in early October at a specialty online liquor store called luxurywhiskies[.]com (WARNING: DO NOT VISIT THIS FAKE STORE! Malware has been found on it!)  Via Paypal,she paid $870 for bottles of specially liquors and almost 2 weeks later received the following email from a shipping company called CoyotoExpress[.]com about her delivery….

          Despite this notification she still never received it and contacted the site luxurywhiskies[.]com multiple times asking about her purchased liquor order. In one email, they apologized to her, stating….

          Firstly we want to apologize to our clients that had packages shipped from Sep/Oct , We had a system mix up that made packages go to the wrong destinations , We are doing everything within our Power to Sort our deliveries to the right locations , Please exercise some patience while our team is at work to resolve this issue .

          Note that packages are not lost , So there is no need to panic , We are going to give every customer affected by this free shipping next time they use our services locally .

          HOWEVER, soon after this apology she was told that she would have to pay another $563 for a “fully refundable insurance policy for shipping” in order to get her delivery! This is, of course, a complete fraud! VirusTotal shows us that 8 security services have identified the online liquor store, luxurywhiskies[.]com as VERY  malicious, including 5 services identifying malware on the site!)

          Understandably, Florence was shocked by this insurance demand from CoyotoExpress and it didn’t feel right.  She immediately contacted LuxuryWhiskies[.]com and sent them an angry email about this seemingly extortion-style demand.  Within an hour, she heard back from a woman who identified herself as Maria, saying Coyoto Express is a big company and does not practice any act of scams , Kindly talk with them and understand better before making conclusions.”  By now, Florence strongly suspected that this could be a scam, despite the fact that the bottom of this specialty liquor store website said that the site had a 5-star Google Trusted Score AND the site was “Safe and Secure” to use as noted by McAfee’s logo on the site.  (It is SO EASY to lie online!) It’s also important to note that this website claims to have stores in “UK, USA and SA” but doesn’t provide any addresses or phone numbers.  Only an email address.

          As for CoyotoExpress, Florence was targeted by the next layer of fraud perpetrated by fake online stores. It concerns the insurance for shipping their orders. Little is known about the shipping company, CoyotoExpress[.]com, though it has been around for 3 years.  What we did find is a complaint on TrustPilot. If you read it, the person posting it was also told that they had to use CoyotoExpress[.]com and pay massive insurance for a delivery that they never received. Check out https://www.trustpilot.com/review/calishoplife.org

          After this financial loss and terribly frustrating experience, Florence was still looking for some fine specialty liquors. Once again, Florence went looking for another store and found classicliquorshop[.]com.  On December 1, Florence placed a $435 liquor order with ClassicLiquorShop[.]com.  However, she wasn’t able to make her purchase by credit card and that made her suspicious.  She reached out to their website and received a reply from a free Gmail address called Classic Liquor Shop <classicliquorshop@gmail.com>.

          Their response was rather awkwardly stated… “Our credit card payment gateway is down at the money . So no credit card accepted.” Fortunately, Florence stopped there!  Paying by credit card offers a variety of protections to consumers.  She was right to stop.  That’s when she contacted us to ask what we thought about classicliquorshop[.]com.  A Google search shows LOTS of links from the website classicliquorshop[.]com and they included meta-tag information saying that they are “proud to be featured in ROLLING STONE, MEN’S JOURNAL, US WEEKLY, and others.  

          However, we used the “site” command in Google to conduct searches for this special liquor store in both RollingStone.com and MensJournal.com. Despite trying several different ways to frame our search, Google says that this business is NEVER mentioned on either website!  Also, classicliquorshop[.]com has a bad/poor reputation from various services, including our friends at Scamadviser.com and Scam-Detector.com

          https://www.scamadviser.com/check-website/classicliquorshop.com

          https://www.scam-detector.com/validator/classicliquorshop-com-review/

          These things, and the fact that Classic Liquor Shop shows no physical address and the contact email is a free Gmail account, leaves us extremely suspicious that this online store is a fraud! Also, let’s add that a Google search shows that their phone number is connected to several odd Nembutal selling services online!  We advised Florence to walk away from this deal!

          Violent Extortion Threat — Last week I was targeted by an exceptionally violent extortion threat. The email is below and it speaks for itself. It was accompanied by 4 images, 3 of which were graphic photos of beheaded men. These images can be found on several websites in articles associated with drug cartels, including an article on Breitbart News. (WARNING: the clear image shown on Breitbart is extremely graphic and violent.) These images have been circulating on the internet since at least 2016.  However, this threat was 100% a scam. This same scam had targeted another man in Salem, Massachusetts about 2 weeks earlier and I had responded, publicly, telling him and others that this extortion was a scam. No doubt, the people who sent him this threat saw my response and targeted me.  If you ever receive a threat like this, DO NOT RESPOND to it and DO NOT CALL the number given. Report this threat to your local police AND to the FBI via the IC3.gov website. Be sure to report the phone numbers and email addresses involved.

          There is an American chemical/gas company whose products are critical to us all in many ways. Several times each week, their employees are targeted by HIGHLY malicious emails with dangerous attached files that are designed to take over a web browser and give that control to cybercriminals.  We’ve shown these threats many times in the past and will continue to do so because these tricks are used to target lots of businesses across the world.  The 2 emails in the screenshot below pretend to be a “private confidential fax” and a “payment notification.” But they are threats, and both contain very dangerous html files! LUNGE for the delete key!

          The Daily Scam is also heavily targeted by cybercriminals who would like to shut us down.  Below is another example of the types of threats we receive.  It is a recent phishing scam disguised as an email from our email system telling us that there are 11 emails that cannot be delivered.  Nonsense!

          Random Text to 20 People — One of our readers shared this text with us that was sent to a random set of 20 recipients, including her.  It came from the free Gmail account called “alfonsocoummings681.” It said nothing other than a link to a VERY suspicious website called mydateupseex[.]site.  You know what to do!

          Until next week, surf safely!

          Copyright © 2023 The Daily Scam and Scamadviser. All rights reserved. You are receiving this email because you
          have subscribed to it via Scamadviser.com or thedailyscam.com

          Keurenplein 41, UNIT A6311  |  1069CD Amsterdam, The Netherlands

          Contact Webmaster