Weekly Alert  |  February 2, 2022

How Observant Are YOU at Spotting Suspicious Red Flags? — Doug recently taught a unit called “Truth From Fiction Online” to a group of Seventh grade students.  After just a few classes, these young students had become Super-Sleuth Online Detectives, able to see through lots of online fraud! They would make Sherlock Holmes proud! How good are YOUR powers of observation and how well can you identify suspicious “red flags?”  Here’s one email example of what we mean.  This email, with the subject line “EARN PASSIVE INCOME AT EASE,” came from Joseph Craven, a self-described Financial Expert. Mr. Craven hosts a website called “JosephPatrickCraven[.]com.” Mr. Craven is offering us “endless opportunities of earning passive income from the comfort of your home.”  How lovely! We would like some passive income!

However, when we take a more critical look, we see suspcious red flags…

  1. Oddly, Mr. Craven’s email came from “joseph-craven @ consultant[.]com”  Did you know that “Consultant.com” is a free email service that scammers love to use because it gives them a sense of authenticity?  But there is nothing authentic about email coming from consultant[.]com. In fact, quite the opposite is true!
  2. Look closely and you’ll see that a reply to Mr. Craven’s email will go to joseph.craven instead of joseph-craven.  Why this difference?  A bit odd, don’t you think?
  3. Mr. Craven’s web site was registered anonymously about a month before we received his email.  That’s still very new, making it suspicious!  Also, if a website is in your OWN NAME, and includes a PHOTO OF YOU, why register it anonymously? This is also odd.
  4. Mr. Craven’s email contains a few subtle expressions and grammar that seemed odd to us. For example… “Thanks for giving me audience” and “MENTOR with huge opportunity…”

When we visited his website on January 18, we were greeted by a lovely smiling face of the great Financial Adviser himself, Mr. Craven!  Unfortunately, that image has since been replaced and the NAME on the front page of the website now reads as “Patrick J Craven” instead of “Joseph Patrick Craven.”  These are all serious red flags!

    These red flags prompted us to dig deeper and learn that ScamAdviser.com scored Mr. Craven’s website as “Suspicious” and Sucuri.net tells us his website is blacklisted by McAfee!  Oh Dear!  Let’s move on…

    We also received a very sorrowful request from a gentleman in great need, named Peter Emmanuel.  Peter sent us a plea to help his family as they are in trouble, facing pain and hunger.  Most unfortunately, Peter lost both his legs and arms in a “motor accident” and then his wife left him, literally adding “insult to injury.” These are horrific tragedies for sure!  But are there any red flags to Peter’s request that might suggest his email is a fraud? HELL YES!  There are two clues that scream of fraud…

    1. Peter identifies himself as “Peter Emmanuel.” So why does he use an email account by the name of “Mohamed Anees?”
    2. Peter’s reply-to email address is different from his sending email address!  It uses a Gmail account called “officeme47.”  This is CLASSIC Nigerian 419 scam behavior.

    We won’t be making a donation but we’ll keep Peter in our thoughts and prayers.

      Now it is your turn!  Here are  three recent fraudulent emails we’ve received.  How many suspicious red flags can you identify in each?  We’ll tell you our number and then list them below.  Email us to let us know if you identify any red flags that we missed!

      Paid Guest Post from Martin William. (We spot 5 red flags!)

        Dear Applicant, we found your contact. (We spot 4 red flags!) (Note: Mr. James posted such a LONG list of job opportunities that we had to copy and paste a bunch on the right side to shorten the length of his email.)

          Can you come by my apartment. This last email was provided by the young man whom we wrote about in our Top Story on January 5 titled “A Young Man’s Female Friends.”  Apparently, he is still getting emails from strange women! (We spot 4 red flags!)

            Now for our list of suspicious red flags for each of the 3 emails above….

            Paid Guest Post from Mr. Martin

              1. Mr. Martin’s email came from a website in Pakistan. Did you notice the 2-letter country code “.pk” at the end of globexitsolutions[.]com[.]pk

              2. Mr. Martin lists his website as globexoutreach[.]com. Why is this domain different from his email address domain?  A whois lookup tells us that the GlobexOutreach[.]com domain was also registered in Pakistan. A Google search for this firm tells us that they are located in New York, near the Empire State Building. This struck us as odd. A look at their Facebook community post page turns up several unkind posts from 2017 – 2020, followed by no posts at all, for more than a year.
              3. If you read Mr. Martin’s email carefully, it doesn’t address anyone at The Daily Scam by name. In fact, it is written in such a way that it could apply to any one of THOUSANDS of websites!  There is NOTHING that he says that is specific about our content or mission!

              4. Mr. Martin says that he’s working on an article that would be “great for our website” but doesn’t mention the article topic or content.

              5. Mr. Martin says that we’ll have the “backing of my readers and my social reach as well” but includes no numbers or reason for us to believe he has more than his wife and mother backing him!  If Mr. Martin truly hopes for “a long term relationship” with us, he’s got to do a LOT better than this email!

            FOOTNOTE: Did you notice the broken graphic underneath the last words “Best regards?” That broken graphic was a tracking beacon that our email service automatically shut down and prevented from operating. It means that the sender of this email was tracking whether or not we opened the email, the time of day we opened it and how many times we opened it! (Some trackers are also able to provide a general location where an email is opened.)

            Dear Applicant we found your contact. This exciting email came from one of our readers who was invited to send his resume to apply for any one of 54 different job openings!  Wow! 

              1. Let’s start with the fact that Mr. William C. James, the HR Director, didn’t even post a link to his Global Oil Company. In today’s digital age, that’s odd, especially since he gave the company name.

              2. Mr. James also didn’t include a subject line or a signature in his email.  Tsk, tsk! Such poor behavior for the Director of Human Resources, don’t you think?

              3. There are several capitalization errors, including two sentences that don’t begin with capital letters.  What does this say about Mr. James’ professionalism?

              4. MOST importantly, and wreaking of fraud, is the fact that Mr. James asks the recipient to reply to a personal Gmail account called auditing797 instead of an email at the business domain.

            Can you come to my apartment

              1. If you look carefully at the email from “Layla Rose” you’ll see that she actually uses an email account that goes by the name of janenolan083.  Why the 2 different names? This behavior is VERY common for scammers!

              2. Layla dropped 3 email addresses into the subject line without noticing?!  Rather odd, don’t you think?  Unless one is spitting out dozens of these emails over and over as scams. 

              3. We don’t think “Layla” lives close to any of the recipients!  She says “please replay me fast” which is certainly not correct English!  As a result, we suspect that Layla, or whomever she is, more likely lives in a country where English is not the native language. We know that the young man who provided this is an American citizen. 

              4. MOST importantly, Layla’s message was NOT written into the body of the email. It was saved as a signature in her Gmail account.  This is evident by the gray text UNDERNEATH the 2 gray dashes!  This tells us that this message was crafted so it can be knocked out easily, over and over to send to potential victims! The sender need only click “Compose,” drop in a few email addresses and hit send.  Sounds like a scam factory to us!

            How did you do?  If you noticed any red flags we didn’t consider, please let us know! Email us at red-flags@thedailyscam.com!

            Think Your Social Media Use is Safe From Fraud? Think Again! Several reports from different companies and studies all agree that online fraud has risen significantly during these last two pandemic years.  However, a new report recently released by the U.S. Federal Trade Commission has identified Social Media as a primary source for targeting victims! According to the FTC report… More than one in four people who reported losing money to fraud in 2021 said it started on social media with an ad, a post, or a message.” Notice that even if your social media account is locked down tightly and strangers are not able to contact you, you can still see fraudulent ads in your account if they make it through the social media’s filters.  And many bogus ads do pass through!

            This fraud is not insignificant!  The FTC report goes on to say that about 95,000 people reported 770 Million dollars in losses that began on social media!  Facebook and Instagram are the platforms where most of the fraud originates but users of TikTok and YouTube have also been victimized.  This Cyperscoop.com article does a nice job of summarizing these findings too.

            We are very excited to let our readers know that ScamAdviser has launched a new Chatbot feature on ScamAdviser.com. The new feature helps us to help you avoid scams!  Please check it out!

            WebRoot, McAfee and Paypal Readers sent us a number of phishing tales such as this email that was sent last week from another personal Gmail account. It claimed to represent Webroot cybersecurity and charged the victim $690 for something she didn’t purchase. As we all know, the victim would be TRULY VICTIMIZED by calling the scammer’s phone number 877-413-0306.  Lunge for the delete key!

            Another reader sent us this tiny email with an attached McAfee invoice.  Just like so many of these phishing scams, this one also came from a personal Gmail account.  A screenshot of the pdf file is also shown below and it may reveal something personal about the cybercriminal who created it.  Notice that in the final price written in the next to last sentence, the scammer has accidentally swapped the 7 and 9, writing 197.99 instead of 179.99!  Perhaps he has dyslexia, resulting in swapping characters without realizing it? No worries! According to the Dyslexia Help center at the University of Michigan, 5% to 17% of a population can have some form of Dyslexia. We invite this scammer to check out the UMichigan website for some help to diagnose these issues and work on improving his skills. Then we invite him to try and send us a new scam so we can applaud his improvements!

            Hmmmmm….If you’re going to tell someone that their Paypal account has been logged into from different devices and locations, you ought to do it with perfect English.  This phishing scam is thankfully lame! It also came from a truly crap domain called okauoiyasda[.]com

            Prepare for Tax Season Scams! – Just like we can all expect to see an increase in scams related to Valentine’s Day, so too can we expect to see scams related to tax season here in the United States during the next 2 months.  These seasonal scams are as routine as winter’s snow and summer’s heat. What makes this one most unusual is the fact that it arrived as a phone call to one man’s voicemail by someone identifying himself as “Jacob from the Tax Settlement Department.”  Tax Settlement Department?  From what company? What government agency? Also, Jacob sounds 100% American with no discernible accent, making this threat very likely “home grown.”

            Listen to the audio as Jacob says in the phone message “your case got flagged. Your tax is eligible for some significant relief.”  He goes on to tell the recipient to call him at 949-867-7810 because “it is very important.”  One might almost think that this could be legitimate, right?  However, as of January 29 at 6 pm, Robokiller.com states that “Jacob” has made at least 1820 such calls from another phone number that have all been reported as scams.  Check out their webpage to see the total number of reports

            Another reader sent us this text message last week offering her “relief Opportunity for taxpayers” through a “Fresh Start Program.” The link in this clickbait points to a domain that was registered on the day the text was sent.  Moreover, this dashing website st-ir-sn[.]us is being hosted on a server in Singapore! Deeeeleeeete!

            New Apple Login from Armenia and Accept Your WHO’S WHO Nomination! – One of our readers sent us the obvious scam disguised as an Apple email saying that someone tried to log into her account from Armenia. The email came from the crap domain meuxjwkooo[.]top.  At first we assumed it was another smelly phish.  We were wrong!  It turned out to be malicious clickbait pointing to malware! The link “Verify Now” points to a monstrously evil domain called lingtangsi20[.]monster.  You’ll get hit by malware and then forwarded on to Google as if nothing happened.  Ouch!

            Speaking of malicious clickbait, Joseph Malerba from The Daily Scam received this hand grenade in his inbox disguised as an invitation to accept a glorious nomination for the Marquis Who’s Who directory!  Such an honor! The problem is that there is NO SUCH PERSON at The Daily Scam.  Never has been.  There has never been anyone, ever, named Joseph. But that’s OK! We’re really happy for him anyway!  Unfortunately, the security service Webroot has identified the link in this clickbait as malicious. We’ll let Joseph know, just as soon as we locate him.

            Vehicle Department and You Are Qualified –If ONLY our insurance companies would send us texts like this one to say that we’re getting money back for “having zero issues reported.” But that’s not how it goes, unless you’re a scammer sending malicious clickbait. The domain, flowaewl[.]com, was registered in Iceland through Namecheap on the same day this text was received.  Hmmmm…. Sound familiar?

            One of our readers sent us this lovely text she received from “Chelsey.”  Apparently, the young man was qualified for a work from home position, which is interesting since he had a job and wasn’t looking for a new one!  He was invited to claim his first $500 by clicking a link to a website that was registered in the Netherlands just a few hours earlier.  Gee, sounds legit, right? 

            Until next week, surf safely!

            Copyright © 2021 The Daily Scam and Scamadviser. All rights reserved. You are receiving this email because you
            have subscribed to it via Scamadviser.com or thedailyscam.com

            Keurenplein 41, UNIT A6311  |  1069CD Amsterdam, The Netherlands

            Contact Webmaster