

Victim of a Scam Shares Her Story — Just a few days ago, we heard from a 61-year old woman whom we’ll call “Melinda” to protect her identity. Sadly, she told us a story about her new employer that we’ve heard more than three dozen times since 2018. Melinda was hired on December 2, 2022 to work for a shipping company called Lienz-Logistic. As a new employee, she was told that her first month was a probationary period, after which she would be paid in full at the rate of $100/hour for a total of $3100/month. Unexpectedly, after 4 weeks she was given a promotion, or so she thought. However, 5 weeks after being hired, she still had not been paid. She discovered that the “company” used her stolen personal information to open a new business in HER NAME and never paid her a penny. When she confronted them about this, they ghosted her and shut down her work account. Here is her story in her words…
We believe Lienz Logistic LLC is at least the 51st fake business created by Russian-speaking scammers that we first started reporting in 2018. You can find many more detailed descriptions of these scam companies by visiting our full article on Package Shipping Scams. This is “Melinda’s” story about her recent employment with this fake company called Lienz-Logistic…
On 12/2/2022, I accepted part-time employment as Supply Operations Manager at Lienz-Logistic. I had completed an application and w-4 with my social security number for them and also provided a copy of my driver’s license for employment purposes only. The alleged HR Manager is Kelly Thomas, phone number 646-797-3141, email: k.thomas@lienz-logistic.com. This is the only contact person and number that I have. I have never met anyone in person, but I’ve spoken to Kelly Thomas 6-7 times during my few weeks of employment. I accepted this position because I wanted part-time work at home. I believed it to be an honest company because they do have a website http://lienz-logistic.com on the Internet, and it appears legit.
[NOTE: We asked Melinda to tell us about her conversations with Kelly Thomas. She told us that Ms. Thomas’ calls always sounded muffled, as if from a long distance. Melinda also said that Kelly Thomas sounded like she had an Asian accent. When we asked her why she thought so, she said that she speaks to Asian people often and can identify an Asian accent. We have had other victims of this scam tell us that they thought their “supervisors” had accents as though they were from Malaysia. In one conversation, Melinda told us that Kelly Thomas asked Melinda to find a link for an engagement ring and to send it to her. Melinda thought this was very odd.]
Lienz-Logistic will ship packages to me and then I inspect the packages for damages. I only received three packages though… tennis shoes and two shirts during the entire month of December. Once I inspected the packages, I had to message them in their control panel whether or not the package was damaged, take a picture of the invoice, and if no invoice, take a picture of the item itself, and then upload it into their control portal. The control panel has a dashboard, messages to/from the Supervisors, packages, and shipping labels. A shipping label is uploaded to the control portal for me to download and print. The label is then taped to the package and I take it to UPS to be re-shipped. I then obtain a receipt for the package at UPS and then upload the receipt to the control portal to show that it was shipped.
Once I was employed by Lienz-Logistic, I got a link to sign onto their portal, along with an email and a password. However, immediately after I logged into their control portal I logged out and my password was no longer valid. I sent a “forgot password” message and Kelly Thomas emailed a new password to me. I should have suspected that this was a SCAM website when I couldn’t reset the password by using the feature to reset my password. Unbeknownst to me, I honestly thought I had a legitimate part-time job working from home.
The job entails receiving packages of clothing/shoes, checking items for any damages, receiving a shipping label, and mailing them off in a timely manner. Nothing seemed odd about this job. But on December 20, 2022, the company sent me a message through their website portal and informed me that I had been promoted to Order Management Specialist. I had no idea this would require using my personally identifiable information to obtain a business in my name and an IRS EIN for a business account. I received PDF documents through the Lienz Logistic portal for an LLC Annex A-C “job description” to sign. I signed it, but NOTHING in the paperwork that I understood stated they would use my personally identifiable information to obtain a business in my name in the State of New York or get an IRS EIN for a business account. And then Kelly Thomas sent me PDF documents that included:
- State of New York, Department of State, Certificate of Status
- Letter from IRS Department of Treasure EIN assigned to ASCK LLC, including my home address
- Articles of Organization of ASCK LLC Under Section 203 of the Limited Liability Company Law
- State of New York, Department of State, ASCK LLC, File Number [NUMBER REDACTED] indicated that it has been compared with the original document in the custody of the Secretary of State and that the copy is true and a copy of the said original
- Filing Receipt – New York State Department of State Division of Corporations, State Records and Uniform Communication.
I am a victim of an employment scam AND Identity theft! I did not authorize anyone to open a business in my name in the State of New York or anywhere! I have just recently filed an affidavit with the IRS, stating that I did not authorize this filing, and I’ve also filed a report with the Better Business Bureau too. At the start of this week I also contacted the FBI and filed a police report.
FOOTNOTE 1: We also advised Melinda to implement several safeguards to her personal identity and credit monitoring since she had completed a W-4 that provided the scammers with her full name, address and social security number, as well as giving them a copy of her driver’s license. That information can be used to open credit cards or take out a loan in her name and run other scams. We recommended that Melinda put a “freeze” on her Credit with all 3 major credit reporting agencies (Equifax, Transunion, and Experian) to best protect against this type of fraud. Below are several excellent articles about how to respond if your SS# is stolen and to protect yourself:
https://www.ssa.gov/pubs/EN-05-10064.pdf
https://www.tomsguide.com/us/what-to-do-ssn-stolen,news-18742.html
For the record, “freezing your credit history” will always be a pain if/when you want to take out a new credit card, apply for a loan, or take advantage of certain credit card offers. You will have to suspend the credit freeze in order to do these things and then turn the freeze back on. However, while the credit freeze is turned on, NO ONE can open loans or accounts in your name! WE ALWAYS have a credit freeze on for our names and that of our spouses! It’s good protection.
FOOTNOTE 2: Russian-speaking scammers are responsible for ALL of these scams based on a variety of bread-crumbs we routinely find during our investigations. Using clues from Lienz-Logistic.com, it took us just 15 minutes to find twelve more identical scam websites, created by these same Russian-speaking cybercriminals. ALL of these websites were registered in Iceland, through Namecheap and use Nameservers located in RUSSIA. An email address for a “K.thomas” is found on each of these websites. The list of bogus shipping companies using Americans as “mules” has now risen to 62…
- Allecotte Cargo // Allecotte-Cargo.com (Registered on 10/25/2022)
- Astin Cargo // Astin-Cargo.com (Registered on 10/13/2022)
- Fortune Logist // fortune-logist.com (site not functional now) (Registered on 4/4/2022)
- Laticka Cargo // Laticka-Cargo.com (Registered on 8/10/2022)
- Margo Logistic // Margo-Logistic.com (Registered on 5/12/2022)
- Minas Cargo // Minas-Cargo.com (Registered on 3/18/2022)
- Nelany Cargo // NelanyCargo.com (Registered on 1/13/2022)
- Nienor Logistic // NienorLogistic.com (Registered on 1/13/2022)
- Seven Cargo // Seven-Cargo.com (Registered on 1/25/2022)
- Torezar Logistic // Torezar-Logistic.com (Registered on 7/31/2022)
- Train Logistic // Traun-Logistic.com (Registered on 10/24/2022)
- Vortex Cargo // Vortex-Cargo.com (Registered on 9/28/2022)


How to Better Protect Your Privacy – Last week we wrote about “dark patterns” used by legitimate companies to manipulate consumers. On the very day we published that top story, we learned that Meta (Owner of Facebook, Instagram & Whatsapp) was fined more than $400 million dollars in Europe for forcing users into a targeted advertising program without consent. To us, this is but one more example how companies like Meta cannot be trusted with our data or to treat their consumers fairly. Read:
- https://www.cyberscoop.com/meta-facebook-fine-european-regulators/
- https://www.dataprotection.ie/en/news-media/data-protection-commission-announces-conclusion-two-inquiries-meta-ireland
We STRONGLY recommend that consumers carefully review the privacy protections that may be offered to them in various accounts. For example, if you have a Gmail/GSuite account, did you know that EVERYTHING you do in Google and Youtube is monitored and stored? In fact, your web & App activity are monitored, captured and saved by Google UNLESS you turn off this monitoring!
According to Google… “Web & App Activity is a setting that lets you save to your Google Account the things you do on Google sites, apps, and services, including your searches and associated information, like location and language. It can also give you more personalized experiences across Google, like faster searches and better recommendations.” We recommend turning off all monitoring to better protect your privacy. If you want to turn off Web & App Activity, review and delete your activity, or turn on auto-delete, visit My Activity. For step-by-step instructions, visit the Web & App Activity Help Center.
Visit: https://myactivity.google.com/activitycontrols
Also last week, we told readers that we had baited a phishing scammer who pretended to be the Head of a school, trying to trick the employee into buying gift cards to send him. After publishing our conversation last week, we decided to reach out to this scammer once more from an empathetic perspective to ask why he felt it was necessary to try to scam people. Remarkably, he replied! We moved the email conversation over to Google Chat and spent an hour talking to him. He claims to be a 22-year old young man from Nigeria whose parents are no longer alive. He managed to get into the Nigerian Naval Academy. He sent us several photos and a TikTok video of himself and classmates when we asked for some proof that he wasn’t just trying to scam us again. And he gave us his name. However, as the conversation went on, it became clearer and clearer that he was asking us for money to “sponsor” his education at the Naval Academy. When we turned him down he asked us why. Our reason was a reflection of the lack of trust we had because of his initial behavior (e.g. He changed the name on his email account 3 times during the 2-day email exchange with him.) and because, we explained, there was tremendous need for financial support in the communities around us locally. We explained that most Americans are not rich, though he may have thought otherwise. And then the conversation ended. Here is a photo of the young man. We’ve blurred his face and will not publish his name because we believe that people can change and we’re hopeful that he completes his education at the Maritime Academy and finds a real job!
Last week our scam-baiting friend Rob received a call targeting Veterans who were effected by water quality at Camp Lejeune. He turned on one of his AI bots and answered! The scammers finally realized that that they were being scammed and hung up after about 1 minute and 40 seconds! Enjoy!
Camp LeJeune scam call 2023-01-02


Citizens Bank, Fifth Third Bank and Comcast – Check out this phishing text sent to one of our readers. It is a “suspicious activity alert” from a phone number claiming to be from Citizens Bank. But the link in the text points to a website called Valerie Pepe DOT-com!
Deeeeleeete!
Technically, this next scam is an advance-fee scam. But when we saw the name of the bank represented in the email we thought it was pure fiction and we were wrong! Fifth Third Bank? It turns out that the Fifth Third Bank is a legitimate bank in Ohio, opened in 1858! (Source: Wikipedia) However, this email came from an email server in Germany (“.de” = Deutschland = Germany) This scammer used a little trick of sending this scam email TO the legitimate bank domain. The purpose is that they hope people will see the legitimate domain and think that it means the email must be legitimate. But it isn’t!
This “account notice” about your monthly bill certainly didn’t come from Comcast or Xfinity! The bogus domain used in this phishing scam, walesgerbils[.]com, was registered just one day earlier by someone named “Deswanti Wahyuni.” You know what to do!


Netflix Membership and Ace Hardware – Oh, no! Your Netflix membership has been canceled! “We’re sorry to say goodbye” says this email from a crazy, unpronounceable (we dare you to try) domain name! But if you click to login and settle your outstanding unpaid invoice, they’ll be happy to steal your information! In addition to the bogus login, the bottom of the email included a phone number for “Netflix” that is also a lie. We discovered that this phone number had been identified on several websites as a fraud by more than 50 people since 2020! This is a PERFECT example showing how there is no logical internet-wide system for consumer protection that works concerning malicious phone numbers! Why is this phone number still up and in use after so many people have called it a fraud for 3 years? And especially when Google Browsing has identified this email as a phishing scam! (See screenshot below.)
“A day without a Survey email with malicious link, is like a day without a tornado!” Isn’t that how the expression goes? The business called Ace Hardware has been getting hammered lately by malicious emails claiming to represent it. Want a brand new, battery operated Milwaukee Power Drill? Well DON’T click the link in this email to get it or you’ll end up landing on a malware trap! This email was sent from the small country in Western Africa called Mali. (“.ml” = 2-letter country code for Mali).
Deeeeeleeeete!


PNC Bank and You May Recognize These Photos! – At first, we thought this alert from PNC Bank was just another phishing scam. But WOW, were we wrong! Clicking the link to “Verify Now” will send you to a link-shortening service called TinyURL. That automatically means that you’ll be redirected somewhere else on the Internet. We went down that rabbit hole and discovered that you’ll be redirected to a website called aluzdasestrelas[.]org where a malware trap lies in wait. Yikes! Delete!
Social engineering tricks abound online and through our smartphones! One of the most clever tricks is when scammers hack people’s email or social media accounts and then send out messages with malicious links to all your contacts! You are more trusting of messages that come from people you know BUT YOU SHOULD ALWAYS BE SUSPICIOUS because people get hacked all the time! Check out this email that came from a server in Chile. The woman who shared it with us said that “Roni” is a cousin who’s email account had been hacked 2 years ago! The woman KNEW that Roni had not sent this message from Chile. It turns out that the domain used in that malicious link, orfiuph[.]com, had been registered just 3 hours prior to the email’s arrival! There are no photographs to view, just malware to infect!
RUN AWAY!


PayPal Login –Another one of our readers sent us this bogus “Paypal” text about his account. Except that he DOESN’T HAVE a Paypal account! The malicious link in this text doesn’t point to paypal.com. It points to eb4[.]us. This domain was supposedly registered to the “Infolink Global Corporation” which has registered at least 26 other suspicious/oddball domain names. Hmmmmm…..
DELETE!
Until next week, surf safely!

Copyright © 2022 The Daily Scam and Scamadviser. All rights reserved. You are receiving this email because you
have subscribed to it via Scamadviser.com or thedailyscam.com
Keurenplein 41, UNIT A6311 | 1069CD Amsterdam, The Netherlands