Select Page
Weekly Alert  |  January 10, 2023

Verizon Text Alerts Almost Result in Scamming a Man In late December we heard from a 62 year old gentleman who told us that he fell prey to a very clever scam that, very thankfully, resulted in no financial loss due to his very quick follow up and support help from his CitiBank credit card team. However, the tricks used by these scammers were, to put it simply, brilliant! To be honest, we have some mixed feelings about describing what happened to this fellow because we know that some scammers read our newsletters. But our mission is to educate the public and raise awareness of these scams so YOU can better protect yourselves! So we have described all the details of these tricks in this story. If you have a Verizon account of any kind, you’ll especially want to pay attention to this story! Verizon enables something that we believe they shouldn’t! Please turn up the dial on your “pay attention to details” meter before reading!

We’ve named our anonymous 62-year old “Cliff” because he nearly fell off one. His story began in mid-December when he received text alerts informing him that someone was trying to change his Verizon account password.  This was very likely the scammer setting up the scam that was about to target him. We hope you are familiar with this legitimate type of alert used by MANY companies. However, did you know that this alert is often used by scammers to manipulate us as well?  Here’s another very recent example of this type of manipulation. A woman recently reported to us that a scammer sent her this “Google Verification Code” in an effort to trick her to modify her Google account. Notice that the scammer sent her this verification code from a bogus phone number beginning with “833.” Legitimate services/companies send verification codes from Short codes! They will RARELY come from an email address or full phone number! (You can find the Google Verification short code “22000” on this list of short codes, along with hundreds of others.)

Cliff said that when he received the 2-step verification messages he had no idea why he was getting them since he hadn’t requested them. He told us that several of these short codes were sent repeatedly from the legitimate Verizon service over two days. What he didn’t realize at the time is that a scammer was using HIS phone number to gain access to his Verizon account!  Verizon (like many services) will send you a link from their short code via text to authorize access to your account. This link will be sent to the phone number or email account on file with your account. Here’s an example of one of these legitimate texts from Verizon. Notice that it comes from the short code 899000.

 

IMPORTANT NOTE: When working with Verizon Tech Support, you may be asked to grant the support agent access to your account and their request DOES COME FROM the short code 899000. HOWEVER, you may also receive a text with information about your Verizon service that is delivered from an email address and not a short code!  These texts always come from an email address ending in verizon.com, for example: verizon-notification@ecrm-mail.verizon.com.  If you ever receive a text while talking with a Verizon Agent and the domain (after the “@” symbol) DOES NOT end with verizon.com, then it is a fraud!

About a week after Cliff received the odd verification texts he got several calls from unknown numbers and he didn’t answer them. But a few days later he received another call from an unrecognized number and decided to answer it. (BIG MISTAKE, especially since he didn’t recall seeing any CallerID, though CallerIDs can also be “spoofed.”) The caller claimed to be with Verizon. The man asked Cliff if there was anything strange going on with his account.  Cliff told us “I immediately thought this was also a scam, but then I recalled the odd texts and said yes, as a matter of fact, I have received texts and that seemed strange.” (Cliff also said that the man just barely had an accent that sounded as if he was from India or that part of the world.)

This is exactly that part of our story where Cliff jumped off his namesake! He was now on the phone with a scammer and had been prepped to think that something strange was going on with his Verizon account.  The “agent” offered to look up his account and then “confirmed” that indeed someone had gained access to it.  The scammer, pretending to be a Verizon agent, said that someone had purchased an iPhone using Cliff’s account. (It is also important to note that Verizon, like many services, will send you a confirmation email when you make such a purchase.  Cliff had not received any such purchase notification from Verizon!) Cliff also told us this scammer tried to make him feel good by asking if he was happy with his Verizon services.  He also offered to send him a coupon because Cliff expressed some dissatisfaction with Verizon! (Our perspective: We don’t think Verizon could afford to offer such coupons due to the incredible volume of complaints we hear about them! The company would likely go broke!) 

Then the scammer told Cliff that in order to reverse that charge he needed to get his Verizon balance up to date and make sure there was a zero balance before the new charges could be removed. (This makes no sense but, in that moment, Cliff didn’t question it!) He was transferred to the “billing department” along with hold music that, he says, sounded legitimate. However, the billing person actually sounded like the same guy he had just been talking to. He asked Cliff to confirm his balance by asking if it was $67.78? This balance was exactly correct, which eased Cliff’s concerns and made him feel that he was was talking with the legitimate Verizon staff. BUT HE WASN’T! These scammers used a very clever trick that ANYONE can use to learn the balance of a Verizon bill!  Verizon allows their customers to make a one-time payment WITHOUT logging into their account!  All that is needed is a phone number and a customer zip code. We did an experiment by selecting the phone number of one of our friends and entering it into this one-time payment form. In so doing, we discovered that our friend’s phone number was indeed a Verizon number and the number associated with his account.  Below is his balance, due date and when his auto-pay is scheduled to pay his bill.  This very personal information should NEVER be made public because, as Cliff has discovered, it can be used by scammers to trick people into believing they are speaking with real Verizon staff.  (NOTE: It is exceptionally easy to find the address, and zip code, of people around the world.)

      The scammer asked Cliff for his credit card information so that he (the scammer disguised as a Verizon Agent) could pay Cliff’s bill. Once completed, the “Agent” said that he could reverse the new charge for the iPhone.  Cliff said he was skeptical, but so far, they seemed legitimate because…

      1. They knew he was having issues with someone trying to gain access to his account. (It was them doing it!)
      2. They knew his balance and payment date. (Because Verizon makes this information so easy for anyone to obtain!).


        Cliff was now in free-fall. He gave them his credit card information. Within a minute, he received a text and an email from Verizon thanking him for his payment.  These were both legitimate. His bill had been paid using the online method that didn’t require a login at Verizon. Cliff told us “This made me feel that this was 100% Verizon!”   THE SCAMMERS USED Cliff’s legitimate credit card to pay his real bill! THAT was also such a clever ruse to earn his trust and belief that this exchange was legitimate!

      Now for the real damage to Cliff… The next step, said the “Agent” was to reverse the charges that someone had supposedly made to his account by purchasing a new iPhone.  The scammer said Cliff would receive a text from his credit card company to confirm a charge of $721 for an iPhone 15. While this seems nonsensical in hindsight, the bogus agents explained that “He had to make a charge, in order to reverse a charge.”  Cliff then got a text from Citicard saying that someone was trying to purchase a phone for $721. ”Press 1 to approve” and he did!  But moments later, Citibank thankfully disapproved the payment because it noted that this purchase was a fraud! 

      The “agent” then asked Cliff to do it again, but this time for a less expensive phone costing $565.43.  The Scammer also told Cliff that he could use a Zelle account to make the payment.  It was at this point that Cliff suddenly became extremely suspicious.  Why should he be authorizing a phone purchase in the first place in order to remove a fraudulent purchase?  Why did Citibank cancel it due to fraud anyway? Why would a Verizon agent tell him that he could make a payment via Zelle?  Bells were going off in Cliff’s head!  This was his “denouement” and he suddenly opened his parachute by ending the call!  In all, this call took over an hour which is also very unusual for a legitimate call.  Not to be put off, The scammers immediately called him back, and after a brief discussion, he told them he was done and hung up…again.  Then Cliff landed on the ground and  immediately did the right thing by calling his credit card company AND Verizon to explain his perilous fall into the hands of scammers. Citibank canceled his card and issued a new one. Verizon had his account on high alert.

      Cliff said “What got me were the layers of this scam, and how it seemed to have some legitimacy, right from the start.” Cliff was also surprised to learn that you can go to MYVerizon online, enter a phone number and zip code and it will show you anyone’s balance WITHOUT logging into an account, in order to pay a bill. We were shocked by this as well! Verizon should remove this ability!  If you know anyone with a Verizon account, please share this article with them!

      Top Scams of the Week Have you seen these top scams of the week? Apple iCloud, MetaMask, and the FBI. Check out and protect yourself with this 100% FREE, all-in-one tool

      Malicious Friend Requests and LOTS of Fake Banks & Investment Firms — We have an update to share with you.  Last November 15, 2023 we posted a Top Story titled “Can a Friend Request Hurt You? Hell, Yes!”  We wrote about a friend request that had been sent to a man from a woman named Victoria Webb. We demonstrated that this request was linked to a malicious website. Coincidentally, one of our readers from New Zealand sent us an identical threat…. Errrr, we mean “friend request,” from Victoria Webb the very next day, on November 16. He has since received 3 more from Miss Webb, and each time they come from a different email address. Here is the latest one, received on January 2.  As with all prior emails from Victoria Web, the link to “CONTINUE” points to the link-shortening service at Bit.ly. When we unshortened it, we discovered that you’ll again be redirected to a newly registered and malicious website.  Please be careful about random friend requests you receive from people you don’t know!

      Not long ago our friend Rob sent us information about a fake bank being used in an advance-fee 419 scam. With the information he provided about that bogus bank website, we were able to reveal more than 20 other fake banks around the Internet used to scam people! Sometimes its that easy because scammers get lazy and simply copy and paste the same content into a new website, over and over. For example, we conducted a Google search for the exact phrase found on the scammer’s bank called Alister Trust Bank (alistertrust-bk[.]com“in fact, was created as a mobile application from an organization that is not a bank.” This led us to lots of other fake banks with nearly identical content!  You know they are lies, for example, when they say things like they’ve been in business for 20 years but their domain was only registered 6 months ago, or they have 30 branches in 3 countries but list no addresses or you cannot find any such branches when searching for the bank branch if they do give an address!  Do your due diligence if you are ever given the contact information for any bank or financial firm! And visit our list of nearly 150 fake banks and investment firms!

      Speaking of banking/investment scams, Rob also shared this BBC article with us uncovering a billion dollar investment fraud conducted by a team of international criminals!  This article gives us pause about answering the question “are you interested in making money!”

      We know a woman who has suffered deep emotional and financial harm from the Zimbabwe romance scammer whom we’ve written about many times in the last 5 years as victims have contacted us to share their stories. This particular woman tells us that she lost $650,000 to this scammer. We mention this because even though this woman first fell prey to this scammer over three years ago, he is STILL contacting her, trying to manipulate her emotionally to extract more money! She tells us that he reaches out through different email addresses and phone numbers, often leaving messages. He recently claimed in this 13 second voice message that he was dying. (He claimed in an email to have cancer. If ONLY it were true!) His fake name is “David Jones Sigurdsson” but he is CLEARLY a man with a slight African accent by our assessment!

      Unfortunately, the Zimbabwe romance scammer is not likely dying but he is getting sloppy in his work!  This scammer also sent the woman a photo of this incredible check made out to him last fall to “prove” that he has money and will reimburse her for all the money she gave to him! (And if you believe that, then we truly have land to sell you in Atlantis!)  However, the check is a scam and was poorly photoshopped. The yellow arrows indicate where the resolution is very different from the surrounding area of the check, showing where changes were made. The red arrow shows that when the scammer removed the real information that was on the check, he also removed letters from the word “Bank.” Details matter!

      Even the FTC Consumer Protection site recently published an article about romance scammers titled “No Love for Romance Scammers 2024” that’s worth a look!

      Some of our readers may be interested in an iPhone settings change that makes it harder for someone to steal your phone if they have possession of it.  This iPhone safety tip is well described in an Instagram post by  ThatBlondeAffiliate: https://www.instagram.com/reel/C0wtQhGgxVs/  And related to that post is this description on the Apple website discussion threads:  https://discussions.apple.com/thread/254671226?sortBy=best

        Amazon Prime, iCloud Account & Storage, Geek Squad One of our readers sent us this rotten phish that landed in his inbox on the first day of the new year and claimed to be about his Amazon Prime membership. It’s clever in that it claims your annual renewal, set for January 1st, has an invalid payment method. But this smelly carp came from the domain cadaanionline[.]com and NOT from amazon.com! (The Cadaani website appears to be a legitimate cosmetic site started in 2018 that is being misused.)  The links in this phish point to a website hosted in Kenya! (“.ke” = Kenya)

        Deeeeeleeeeeete!

        Phishermen have been heavily targeting iCloud account holders for many weeks and below are two examples. The first claims that both your Apple and iCloud accounts will be suspended because “we have received 30 complaints about your email account….” HOWEVER, their crazy phrasing and poor language actually makes this phishing scam hysterical! “In case of ignorance, your iCloud account will be permanently deleted.” Hmmmmm… in case of ignorance?  That could possibly mean that a lot of iCloud accounts are about to be closed!

        The next iCloud fraud came from a server in the UK and offered 50GB of iCloud storage space for free!  We’ve seen lots of this type of fraudulent email. The links in this one pointed to the misused services at GoogleAPIS.

        Deeeeeleeeete!

        Though the email below was received in mid-December, we wanted to remind our readers that emails with attached pdf files thanking you for a recent purchase are ALWAYS phishing scams if you simply look at the source of the email. This one claimed to represent Best Buy’s Geek Squad service but came from a free Gmail account with two different names associated with it! ‘Nuf said.  Please remember to report your smelly phish on this reporting site and share them with us! 

        https://safebrowsing.google.com/safebrowsing/report_phish/

        Southwest Airlines and New Eyeglass Frames! Who wouldn’t want to take a “short survey” and receive a $100 gift card as a thank you! If only it were true! This malicious clickbait is created and sent by the many thousands every month! Notice that this one didn’t come from Southwest Airlines and the links in it point to a hacked website selling house paints in Sweden!  (Perhaps they paint Southwest airplanes?) If you read this email carefully, starting with the subject line, you’ll also see that Southwest can’t decide whether they’ll give you $50 or $100 for your time. Hmmmmm…..maybe it depends on how nice of a review you give them?

          OK, here’s a big reveal…. Many of us older folks wear eyeglasses. True. So we were excited to see this amazing deal on eyeglass frames from Warby Parker (with our eyeglasses on) that one of our readers sent to us!  But imagine our disappointment when we noticed that this email didn’t come from WarbyParker.com!  It came from an unknown new website called bliss-keys[.]com that was registered last May.  The links in this eyeglass email also pointed to bliss-keys[.]com. The email claims to be sent by a “third party affiliate of Warby Parker” but don’t believe it!  We also discovered that this “affiliate” bliss-keys[.]com sent out malicious clickbait pretending to be from AmoLatinas[.]com.  (See second screenshot below. At least the Latina in the Ad is wearing eyeglasses! Could they be Warby Parker glasses? But before you get too excited to meet a lovely Latina, you’ld better read this recent lament on TrustPilot about this dating site.) Oh, and don’t confuse bliss-keys[.]com with blisskeys[.]com. The latter appears to be a legitimate business website registered early in 2019.

          What Do Diabetes, Credit Scores & Sirius Radio Have in Common? — What Do Diabetes, Credit Scores & Sirius Radio Have in Common? You can credit them all as having been misused by chronically sick cybercriminals to target you with serious malicious clickbait! Here’s the proof, beginning with clickbait about diabetes. This poopy-email claims to have the “secret to reversing your diabetes in front of your face in your kitchen.”  Why it says “in front of your face” and “in your kitchen” is bizarre but unimportant. This clickbait came from a crap domain and contains a shortened link that will send you to a well-known malicious website called osmosisman[.]com!

          The next malicious clickbait pretends to be from FreeScore360 about your credit score. These idiot scammers can’t tell the difference between 36 and 360 and the email came from a server in Peru! (“.pe” = Peru) VirusTotal had no problem telling us that several security services found the link to be malicious!

          Deeeeleeeete!

          And finally, we’re serious when we say how easy it is to lie online! Like this email pretending to be from SiriusXM radio.  Your account has expired! Oh no!  Except that this clickbait came from a heavily abused domain called tangismedia[.]net and the links don’t even point to a named website! They point to an IP Address! This is a SURE SIGN of fraud and malicious intent.  You know what to do!

          Until next week, surf safely!

          Copyright © 2023 The Daily Scam and Scamadviser. All rights reserved. You are receiving this email because you
          have subscribed to it via Scamadviser.com or thedailyscam.com

          Keurenplein 41, UNIT A6311  |  1069CD Amsterdam, The Netherlands

          Contact Webmaster