Too Bad These Jobs Are Scams! — The U.S. Bureau of Labor and Statistics announced last week that hiring was up by 517,000 jobs in January alone! That’s one of the highest hiring levels for one month and caused the unemployment rate to fall to 3.4%, the lowest since 1969! And yet, we’re still hearing from people who’ve applied for fake job offers, representing a variety of scams. These fraudulent offers do, however, have one thing in common. They are all “work from home” jobs! Here are 3 recent experiences. Each job offer comes with several “red flags” making that offer suspicious at best, or outright fraud if you know what to look for! Could YOU spot these as fraud? On February 1st a woman, whom we will call Christy, received this email from someone named Mike Bennett from the HR Department for Shipfast LLC. Let’s break down this exciting offer and point out the red flags that scream FRAUD!
The first odd thing that struck Christy about this email was the opening sentence…. “Thank you for your interest in our company.” Christy told us that she never applied, evaluated or even saw any job openings for a company called ShipFast. That’s a very important thing to consider because scammers will often open with a sentence like that. (We think they crawl legitimate job websites looking for people who are looking for work, but we don’t have any evidence to support this suspicion.)
Mike Bennett claims to represent SHIPFAST LLC in Florida and shows that their website is shipfastus.com. However, our search turned up several companies called Shipfast. One had a website shipfast.com that was registered in 2003. Another has an “F” rating on BBB.org and an address listed in Brooklyn, NY. (There’s another Ship Fast LLC company that was registered in New York as a new company, and at a different address, less than 2 weeks ago!) If you look carefully at Mike’s email, the websites included in his email are all shipfastUS.com. When we used a WHOIS tool to look up who registered this domain, we discovered that the domain, shipfastus.com, was registered in Russia less than 2 months ago! That is a HUGE RED FLAG!
We visited the shipfastus.com website to continue our exploration. In just minutes, we discovered that there are actually two phone numbers listed on their website: (407) 278-5752 and (954) 639-4343. This last phone number shows up on Scampulse.com as a job scam! Three people have described the same job scam in December, 2022 but for a company called “Logistics Support International” using the website logistsupport.com.
Scamdoc.com has given Shipfastus.com the lowest trust rating possible! Also, if you take the time to investigate the address that Mike Bennett lists in his email, you’ll discover that there is no business at that address! We are actually VERY familiar with this scam and have been writing about it for years. The perpetrators are native Russian speakers and they trick Americans into packing and shipping stolen merchandise, thereby turning them into “mules.” We’ve documented 66 fake shipping companies associated with this gang of cybercriminals, including the fact that they have used men and women in parts of Asia as their “Supervisors” to speak to new hires over the phone.
As Christy told us, “I never applied to this company. So I knew it was a SCAM. These fraudulent companies say, “Thank you for your interest in our company.” That is a tell-tell right there because you never applied.” A few days later, Christy also received the email below from Professor Mattew Armstrong of City University of New York…
We wondered why a University Professor would need to hire a “personal assistant” outside of the University? We’ve known lots of graduate students at universities who would be happy to take on some part-time employment for one of their professors! We suspected that the name “Matthew Armstrong” was real, but stolen because this “Matthew Armstrong” sent his email from a Gmail account rather than a University account. And yet, Professor Armstrong made such a fuss of identifying himself as a University Associate Professor! Well, it turns out that our Google search couldn’t find anyone named Matthew Armstrong who was an “Associate Professor of English and Digital Humanities” at City University of New York. And did you notice the small error in that LOOOOONG opening sentence of the second paragraph? “Agent” is missing. And have you EVER seen anyone end an email with their name, FOLLOWED by “Warm Regards?” Correct protocol should have them reversed!
Finally, we informed Christy of one other peculiarity about that email that was invisible to everyone, unless you knew how to peak into the code of the email…. The email contained a hidden tracking gif just underneath “Warm Regards.” Here is a screenshot that identifies it’s presence as a small broken graphic:
Tracking gifs (also called “tracking pixels” and “clear gifs”) are used to collect information about a sent email, such as whether or not it is opened, how many times it is opened, when it is opened, and even where in the world it was opened. Why would a University Professor include a tracking code? We told Christy that if she wanted proof that this was a fraud she should reply that she is interested in the job and wants to have a Zoom or Google video chat meeting to ask some questions about it. WE GUARANTEE that Matthew Armstrong will have lots of excuses why that isn’t possible! And then you know it is a scam! We believe this email was a form of advance-check scam. We’ve written about this “personal assistant” advance-check scam many times.
David from TDS was hired to do some digital design work for a man who said that David needed to acquire specific equipment for the job, including a new laptop, despite the fact that David has a good laptop. But not to worry, the man was sending David a check to cover the cost of the new equipment! Nice, right? The check may look legitimate and official but we guarantee it will bounce in about 5-7 days, long after David was asked to transfer his hard-earned real money to a man named Jamie Duckworth for the new equipment. (The Australian Tennis player?)
David kept trying to waste this scammer’s time by claiming he couldn’t get to the bank because of a nasty basement leak. Eventually, the scammer lost patience with David! Go Team! Check out this portion of their text exchange…
Long Time No See and How You Doing? — Last week we reported on a Craigslist ticket scam that had targeted a woman named Connie. We’re happy to say that she received an email on Friday from Venmo. Because she had managed to purchase the $100 Hamilton ticket through the “Goods and Services” feature in Venmo, they agreed to refund her $100. She told us that she is happy and relieved!
Our top story on January 25 was about “friends” to avoid online. Several readers have sent us several more samples of communications from “friendly” people that are very suspicious. Check out this lovely message and photo from an Asian woman using 707-300-3145 to a man who did NOT remember her at all. Long time no see, indeed!”
And then there was this sweet email from a “friend” asking about the person’s Amazon account. What immediately identified this email as a fraud is the fact that the REPLY-TO email address is different than the sender’s email address! The email came from lighthousesigns @ sbcglobal[.]net but your reply will go to lighthosesigns @ outlook[.]com. Delete! (Someone has spelling problems: light hose signs)
And then another one of our readers received this Google share link from a complete stranger named Mareev Avksenteva (at 3 AM), inviting her to withdraw funds from a bitcoin wallet. It turns out that the Google share link was malicious! So much for free money.
And finally, last week a Reddit user named Space-cadet3000 actually received an email that appears to be from his mom but he noticed that it wasn’t her known email account! As you can guess, it wasn’t his mother telling him that he “may recall the first 2 pictures.” This was malicious clickbait to a website set up just hours earlier! Com’on Mom!
We’ll leave you with one last crazy email, though not from a friend. Our friend, and Professional Scambaiter, Rob, received this very unexpected email claiming to represent Porn Hub and telling him that he only had one more step to complete the set up of his Porn Hub account. But Rob never set up a Porn Hub account and sent the email to us. We discovered that if he clicked either of the buttons in the email, his response would have been sent to 73 different email addresses around the world, and spread across at least 24 different countries! Check out some of the email accounts in the screenshot below and see if you can spot and figure out the 2-letter country codes in many of the emails!
Wells Fargo Bank, Paypal and Geeksquad — This first rotten phish wants you to think it is about your Wells Fargo Bank account but the email seems to have come from Zoom! The link to “restore your account access” certainly doesn’t point back to wellsfargo.com! We discovered that you’ll hit one website and then be redirected to another website called submit-services[.]us. This “US” website was registered in Canada just 44 days earlier and is hosted on a server in Amsterdam. Last time we checked, neither Canada nor Amsterdam were part of the U.S. Delete!
This next phishing fraud (which is, technically, redundant) came from the free email service at Windstream, not from Paypal. So no, you didn’t just purchase $889 worth of bitcoin. Your name, address or payment details can’t be seen anywhere in this lame trick so don’t bother picking up the phone and calling 877-245-4093 to cancel the charge!
YOU HAVE TO READ THIS NEXT EMAIL CAREFULLY! The English language is full of errors and, in our opinion, is hysterical. What legitimate company would ever tell you to “Talk to Desk” if you have any “further query?” We don’t make this stuff up, people! Read, laugh, delete!
Huge Savings on Your Electric Bill and Schedule Your Package Delivery — In case you hadn’t noticed, it’s winter for about half the planet across the northern hemisphere. We imagine that many folks are using space heaters and feeling the pain in their electric bills too. So this next email certainly got our attention when it claimed to offer HUGE savings on our electric bill! But then we saw that the email came from a bogus personal Gmail account and the links pointed to a crazy website called moroccancandles[.]com! Crazier again is the fact that this website appears to be hosted on a server in Russia, and not Morrocco!
Speaking of surprising destinations when you click a link, check out this email claiming that you have a package waiting for delivery. They even include a photo of your box! Surprise! This isn’t from Fedex! But if you were you to click that link to “schedule your delivery” you would head off to a server in Germany called synology-ds[.]de.
Notification of Your Account, Kindly See Attached — Now here’s a malicious link we’ve seen far too many times in the last few weeks! This “notification” that your account needs an update contained 7 instances of the recipients name or email! As if the more times the cybercriminals repeated it, the more likely you would be to believe this nonsense. The link points to a nasty malware surprise at fleek[.]ipfs[.]io. Run away!
Last week we showed our readers how Doug at TDS has personally been targeted by malicious emails containing attached files. The code in the file last week pointed to a shoe store website in Brazil that’s been hacked and hosting malware. Well, THEY’RE BAAAAACK! Check out this week’s lovely version titled “Kindly see attached.” Same “MO” – attached htm file with malicious instructions to visit the shoe store in Brazil. Does Doug need new shoes THAT BADLY?
Your Apple ID Has Been Locked — No, actually, it hasn’t. And that link provided in the text doesn’t come close to looking like apple.com!
Until next week, surf safely!
Copyright © 2021 The Daily Scam and Scamadviser. All rights reserved. You are receiving this email because you
have subscribed to it via Scamadviser.com or thedailyscam.com
Keurenplein 41, UNIT A6311 | 1069CD Amsterdam, The Netherlands