Select Page
Weekly Alert  |  December 8, 2021

Underage Girl Sext Fraud Rises Again! — In 2016, we began to hear from a flood of victims targeted by one of the most brutal and emotionally gripping scams we’ve ever known, called the “underage girl sext scam.” During the last five years, more than 927 men have contacted us about this fraud. Also, very sadly, we know that two young men committed suicide as a result of being victimized. For some men, this scam was so frightening that victims couldn’t cope with what they thought were the consequences of this fraud. We’ve talked at least two dozen more men “off that ledge,” trying hard to convince them that this was a scam and they were truly going to be OK. 

In 2021, this scam had all but disappeared. Eight victims contacted us about this fraud in January, 2021. But between February and August the numbers of victims thankfully dwindled to about 2-3 per month, on average. And then, between September and November of this year, not a single victim contacted us! But last week we heard from our first victim in months. The story he told us about this scam leads us to believe that there may be a new team of scammers targeting men via dating apps. To protect his identity, we’ll call this victim “Kent.” Here is his recent experience…

Kent is 34 years old and was in South Carolina visiting family during Thanksgiving. He’s single and uses dating apps, as is common today.  While using Tinder he connected with a young woman named “Kayla” whose profile said she was about 23. (He doesn’t remember exactly but 20’s for sure. He said it definitely wasn’t age 18, the minimum age required by Tinder because he won’t date girls that young.) He recalls that Kayla quickly asked to switch the conversation from within the dating app to direct phone texting. This is common for this scam.

Kent tells us that Kayla was very flirtatious and sexually suggestive in their first conversations. So much so that he asked if she wanted to exchange nude photos (sexts) and she agreed. As is typically the case, once Kent sent his sext to Kayla, she stopped communicating. But the next day he got a phone call from a South Carolina Detective that felt like a punch in the gut.  Here’s how Kent describes it…

“The Detective called me around 2 pm randomly and proceeded with the scam.  Unfortunately I don’t remember his name. He said he was part of some task force and used some numerical reference to it. [The criminals will often say they are part of a “Child Safety Task Force.”] He told me that Kayla was 15 years old and the sexting that I encouraged meant that I had engaged in gathering child pornography and soliciting a minor. This detective also made the comment that since the conversation transferred to text messages, the Tinder Terms of Service did not cover me and that the facts were as they were, solicitation of images from a minor.  [An FBI agent told The Daily Scam in 2019 that a man cannot be held legally accountable in any court of law if he exchanges/requests sexts from a minor who poses as an adult on a site like Tinder (age 18 or older) AND she doesn’t reveal her real age to the man. But Kent was not likely texting a girl/young woman anyway. It was likely the male scammer pretending to be the girl.]

The Detective claimed I had until 3 pm (1 hour later) to “mediate” the situation with the father (named Julius) before he would process the papers to the “court”.  During the conversation the detective tried to calm me down by saying that I can write a letter of apology to the angry wife who was the real problem here and that I can get affidavits and that the court would send me a letter 5-10 days after we completed this “mediation”.  [The criminals often claim that it is the “angry wife” who wants the man in jail for exchanging sexts with their underage daughter. The Father is often more “understanding” that a man made such a mistake but now has to “make it right” by paying the family’s costs.]

At some point the Detective said that he would put the girl or the father in jail if they tried to break the result of the mediation (trying to reassure me that they would stick to our deal). He said that only the Supreme Court could overturn this process after that.  By this time I was starting to think that this was not legitimate. 

Julius, the father, called me separately. The father said that this whole ordeal would cost him about $1,800, because his daughter now needed to go to a mental institution for a week because of this. They also needed to cancel the phone line and that she broke her tablet when the “mother” walked in on her while she was making a sexual video for me. They got into a fight. He was working towards getting any payment out of me to fix this situation.  Now I was certain this was a scam. [HOW would the father know all these costs so quickly, especially about a “mental institution?”] The girl also never told me her “real” age, and the detective said that since it carried over to text that the Tinder “terms of policy” with age verification do not apply. This also seemed far-fetched. After the 3 pm deadline ended I got a text from the father stating that it is him and then things went silent.  I didn’t reply.” 

 

WHO IS LIKELY RESPONSIBLE FOR THIS SCAM?
Reports of this scam to TDS had decreased significantly in the last three years for at least two reasons. First, the FBI and the S. Carolina Police discovered and charged 15 individuals for being primarily responsible for this scam.  Most of them were already inmates and serving time in a S. Carolina jail for other crimes! They were perpetrating this scam using smuggled cell phones. (After sharing that with Kent, he figured that these scammers went silent at 3 pm because something at their jail prevented them from using their contraband phones.) The second reason for the decrease in this fraud has likely been the pandemic. It hit correctional institutions hard and, we wonder, did it sicken some of the people involved in this scam? Also, since the S. Carolina State’s Attorney Office is well aware of this scam and has been prosecuting individuals, we also suspect it has been harder to smuggle phones into the jail

We asked Kent if he could describe the voices of Julius (Dad) or the Detective, and provide all their phone numbers.  Here’s what he had to say in his words…

Scammer – Detective #: 864-492-1525

Scammer – “Julius” Father #: 864-535-6191

Scammer – “Kayla” #: 864-568-1079 (Texting only; Kent never had a voice call with Kayla)

“To be honest, both sounded like Black men. The detective was fairly charismatic and quick witted.  The father did sound a bit older and less polished.  The father kept repeating that he is a religious man, that he is a Deacon at his church and that this would bring shame to his family.  When he would swear he would apologize, and repeat that he is a religious man.  Secondly, they both kept saying that they could tell I’m a good person caught in a bad situation, or phrases along those lines.  The detective also instructed me that if I was to meet with the father that we cannot under any circumstance get into a physical altercation.  The father’s phone line actually did have strange background noises, but it was hard to tell if it was a jail cell or if he was in a house full of people.  There is a slight possibility that one of them is not in jail and may have been willing to actually meet up given the detectives initial instructions. One thing that clearly stood out is the pressure they use, as I started to question the detective and press him about the legitimacy of the situation. He point blank asked me if I wanted to end this mediation (and have the police charge me.)  The conviction in his voice was a bit chilling. The detective can definitely speak well, even if the things he would then say sounded absolutely nuts. (Like “only the Supreme Court can overturn our mediation results” and that “he can attach an affidavit to the file.”)”

Most victims who have contacted TDS said that they were pressured to make a decision in minutes to an hour or so.  The criminals running this scam know that the longer someone has to investigate the circumstances of what happened to them, the more likely they’ll discover it is a complete fraud.

We found Kent’s last message to us of special interest. He said The ‘biggest reason I didn’t go along with their plan came down to a sense of general anger & confusion that a detective was potentially running some cash payment scheme with a real potential child predator and that a father was willing to get some amount of cash while his child was in a mental institution!”

To learn more about this scam, including hearing the voices of some of the men who’ve perpetrated this scam, and see some of their faces, visit our most up-to-date article titled Plenty of Fish Has Plenty of Sharks.

A Laugh and a Collection of ClickbaitWe’re millionaires! That’s right! Last week we received an email into our TDS inbox telling us that we were selected as the “winner of the Euro millions International Global Sweepstake!” We’ve won two million five hundred thousand euros! We just have to provide some personal information to Mr. Fred Grussberg, the Chief Prize Officer, and pay a processing fee of 275 Euros. What a deal, right? We are asked to contact Mr. Grussberg using his email at the domain synnphony[.]com. This misspelled domain was registered anonymously in Great Britain about 3 weeks earlier. Should we be worried? Heck no!

Take a look at the inbox of just one of our honeypot email accounts! We collected some lovely clickbait. Each one is just as malicious as the other. They all contain links to malware bear-traps scattered across the Internet, designed to make money for criminal gangs and cause you a LOT of pain.  A glance at the text in the Sender’s name field, along with the subject line, provides easy markers that SCREAM OUT “I AM MALICIOUS!”  Notice the font used, the use of ALL CAPS, and multiple exclamation points!!! Also oddball characters. We love their cybercriminal creativity! 

WARNING: If you ever receive random email, texts, Whatsapp or other forms of contact from people you do not know, DO NOT RESPOND!  Cybercriminals often use this trick to confirm the recipient’s account, try to engage them in conversation or simply note that someone is gullible enough to respond! Take this lovely greeting of “hellloooooo?” from Alyssa. Or is it Jamie Wheeler? It’s hard to tell if you look at the FROM address.  But the TDS Reader who sent this to us noticed an oddball collection of white text against a white background underneath the sender’s greeting. He told us he gets these types of emails every week. Lunge for the delete key!

Comcast (Xfinity), AOL, COX, and Amazon!This week’s Phish Nets column contains some uncommon and unusual smelly phish, along with one of the most common phish we find nearly every week in the great sea of phishing scams.  Let’s start with the Comcast service called Xfinity. This telecommunications service is available in at least 21 states across the US (according to Wikipedia). One of our readers received this “device login alert.” However, it was sent from a Gmail email account! What made this phish stand out from others was that the criminals who sent it also knew the recipient’s full name and used it to address her. In today’s age of data mining, this is easy to do but most phishermen don’t go to the trouble. Imagine if you were told that someone had charged $1471 to your credit card for something you KNOW you didn’t buy. Would you have called the number provided? Apparently, many people have called 810-512-7101. You can read about some of these SAME scams that were reported on Telguarder.com but related to a similar phone number, 810-512-2141.

There isn’t a single consumer service that we know of that will automatically set your password to expire after a period of time.  And certainly NOT old-fashioned AOL! (America OnLine) The woman who sent this phish to us wasn’t fooled either.

Sometimes cybercriminals will copy and paste random text at the bottom of an email, color it white so you can’t see it, and hope the text helps them get the email through anti-spam servers. The criminals who sent this phishing email, disguised as a message to Cox Communications members, forgot to color the text white! The recipient saw the odd text and knew immediately the email was a fraud.  We discovered that the paragraph of text is an excerpt from the 1912 book “Tarzan of the Apes” by Edgar Rice Burroughs. (At least the criminals have interesting tastes for books!) The “secureaccount” link to Cox pointed to a Twitter-owned shortening service called t.co.  We unshortened that link to discover that visitors will be redirected to a well known malicious domain called preview-domain[.]com. Ouch!

Rarely does a week go by without seeing Amazon phishing scams! So here’s this week’s installment! It came from an email address at “agentofficeemail[.]com” instead of Amazon.com. LIke the email above, the link for “Check Now” pointed to another shortening service called me2[.]do.  Visitors will be redirected to a website called alfacart[.]com instead of Amazon.com! Deeeleeeete!

A REAL Coupon from EMS and Malicious Clickbait! – We have a surprise for readers! Here’s a REAL and legitimate email with a $10 discount instead of the usual malicious clickbait we post! This reward came from Eastern Mountain Sports, which uses the website ems.com.  You can clearly see that the email came from ems.com and the links point to ems.com. (The word “message” seen in the email address, AND “link” seen in the link at the bottom, are both sub-domains and not important. In a link, little after the first single forward slash / is important.) BY CONTRAST, check out the two cyberdeal emails below! Both were created by the infamous Hyphen-Poopy Gang!

      This malicious clickbait WANTS you to think it came from Eastbrook Goods but it didn’t.  Look at the domain found in both the FROM email address and link at the bottom.  They point to a crap domain called submittookahhall9[.]shop. It was registered in Iceland just hours before this email was sent!  “You’ve Been Chosen For -505 Off Today Only!”  Whaaat? -505 off? What does that even mean? Also the text in this clickbait says “Get organized with the pop-up closet & compact drying rack” and yet, the photo in the email is a bed and night table!  We know for certain that his clickbait was created by the Hyphen-Poopy Cybercriminal Gang because you will see two random hyphenated words in the link! (metric-leafy) This email was so poorly created that the Hyphen-Poopy gang must have assigned it to an inexperienced new recruit. Well, you have to start somewhere…

        This next email Ad about a “smart band” did NOT come from the well known Technology Editor named Eric Wall! This malicious clickbait also came from the Hyphen-Poopy gang of cybercriminals. This time, the two random hyphenated words (contumacious-ordained) can be found at the end of the link. The link points to the crap domain called rernhgaecently[.]cam.  This smelly domain was registered on December 2, just a day before this trap was layed.

        Request Removal From Adult Lists and Pending Messages on Server – One of our readers sent us this clickbait engineered to produce a knee jerk response from the recipient. “WHAT? I didn’t sign up for any adult lists! CLICK….”  The email came from a domain called recreases[.]com that Fortinet has identified as a phishing site. As for the destination domain, litzercord[.]us, though it was registered a year ago by someone named “Eldridge Engels,” the address Mr. Engels used doesn’t exist. In fact, a search for that exact address brought up several links that referred to scam emails! Deeeeleeeeete!

        The Daily Scam email inbox continues to get scam emails that are intent to capture our login credentials. GASP! Check out this email asking us to “AUTHENTICATE” so we can read some “pending messages.” The link points to a server in Columbia. Hmmmmm….. We’ll let those pending messages pend!

        Your Offer Has Been Approved and USAOneBank Verification – We love when random texts tell us we have money waiting for us! Here are two recent ones. A message from 202-967-1875 says that our offer has been approved! Yay! (Though we didn’t apply for any such offer.)  We’re asked to visit a domain, goclicksign[.]com, that at least 2 security services tell us is associated with phishing and malware. They can keep their money. We’re good.

        And then we heard from 201-252-4321 about a deposit for us at USAOneBank[.]com.  Interestingly, Google knows NOTHING about this American-sounding bank. Also, this bank domain usaonebank[.]com, was registered anonymously at the end of September. But their website says they are eager to provide “personal loans” to people.  Just apply by providing a lot of personal information through their website, including the last 4 digits of your social security number.  No need to talk to anyone!  Hmmmmm…..Scamadviser thinks that this U.S. Bank is risky. We agree!

        Until next week, surf safely!

        Copyright © 2021 The Daily Scam and Scamadviser. All rights reserved. You are receiving this email because you
        have subscribed to it via Scamadviser.com or thedailyscam.com

        Keurenplein 41, UNIT A6311  |  1069CD Amsterdam, The Netherlands

        Contact Webmaster