Weekly Alert  |  January 12, 2022

Buying COVID Related Supplies? Do Your Due Diligence! — As the pandemic continues to rage across the globe with the dramatic spread of the Omicron variant, we see more and more of our friends and family turning to the Internet to purchase protection gear and rapid COVID tests.  We want to urge all our readers NOT to assume that all online sellers of masks, etc. are legitimate or are highly rated.  Take “Hope Health Supply” as an example of conflicting reports. A family member found an advertisement from them on Facebook about masks recently. Coincidentally, we also found ads for hopehealthsupply.com on a review page about this very company on Scampulse.com where there were 35 complaints posted! Many of these complaints had similar gripes about the company.

A Google search for reviews of the online store Hope Health Supply” shows lots of complaints.  As of January 8, 43% of the 212 reviews on TrustPilot.com were “poor” or “bad.” As mentioned, there are 35 complaints against Hope Health Supply on Scampulse.com.  When we visited their business website, several observations concerned us…

  1. We couldn’t find an “About Us” page on their website. Who exactly is this company?
  2. We found no phone number or address information for this business.
  3. Though the website shows a tiny American flag and the domain, hopehealthsupply.com, was registered in May, 2020 in the US and the site is hosted on a server in the US, we find several subtle grammatical errors on some of their web pages (such as their Refund Policy web page) that suggest the site was created by someone who is not a native English speaker.
  4. HopeHealthSupply.com has a blog listing three articles. Two of them were written by someone named “Aaron Hoover” but they have absolutely no content! One article implies that these masks are made in Alabama (“Fast shipping from Alabama”) The other empty article by Aaron is “Say no to price gouging.”

To their credit, you’ll find over 5700 reviews on the Hope Health Supply website itself, giving them an average rating of 5 stars! But while scrolling through a dozen reviews we found a few that seem very lame such as “shipping good” from Mary P. on January 7.  There is also  an article published February 17, 2021 on USAToday.com from someone on behalf of Hope Health Supply about the quality of face masks.  While this seems to support the quality of the products they sell, we also see that the link itself states that this article is a “sponsor story” and the bottom of the article includes the statement “Members of the editorial and news staff of the USA TODAY Network were not involved in the creation of this content.”  Finally, the Better Business Bureau just updated their rating of this company, giving them 1 star out of 5. Our point is simple… CAVEAT EMPTOR! (Let the buyer beware!) Check out reviews of companies before you make your purchase!

    Your Blockchain Transaction, Your New YouTube Subscription and Norton ProtectionOne of our longtime readers sent us this email he received just a few days ago.  The bogus email contained his full name and email address in three locations, as if that might help convince him that HE REALLY DID purchase blockchain currency for $897. But wait! There’s a phone number you can call to cancel your order! But you had better call now because your order will be processed the next day! This phish came from a personal Gmail address. (Big surprise, right?)

    We ABSOLUTELY LOVED the contents of this smelly phish that was sent from another personal Gmail account! There are so many English errors in it, including the beautifully written sentence “if you have any quarry regarding this feel free contact us.”  Read it, enjoy it, and then lunge for the delete key!

    Ahhhhhh, the creativity of scammers! This next Gmail “invoice” for Norton Protection tries to use a clever method of displaying the scammer’s phone number so that anti-spam servers can’t easily pick it out as a malicious number associated with fraud.  That’s OK!  His tricks make it easier for us to verify that it is indeed a scam! Deeeeleeeete!

    Your Money: Real Versus Fake Rewards! Malicious and legitimate emails offering consumer rewards FILL our inboxes! But how to tell them apart? REAL rewards typically come from the domains of the businesses they claim to represent! And their links point TO the businesses they claim to represent! For example, check out this legitimate email reward from JCrew to one of our readers.  Notice that the link points to jcrew.com AND that the next character in that link following “com” is a single forward slash.  This is important!  It means that the link hasn’t been manipulated to LOOK LIKE jcrew.com and actually point somewhere else.  Here, for example, would be a scam link: click.mail.jcrew.com.scammers-website[.]com/

    By contrast, check out this email pretending to be from Kohl’s Department Store.  It came from a domain in the United Kingdom called aareef[.org][.]uk.  The links point to an oddball domain called 4cloud[.]click.  Fortunately, two security services were able to spot the malware lying in wait on the website connected to that link!  Neither domain is kohls.com!

    Now apply your detective skills to this Costco Wholesale store $50 rewards survey!  It didn’t come from costco.com but instead came from weddingmanagement[.]net.  That makes a lot of sense, right?!  Equally insane is the fact that all links in this clickbait point to a website called homerenovationidea[.]org.  

    You know what to do!

    A Parade of Liars – It is remarkably easy to lie and try to deceive others online! And what a terrible shame that this is exactly what lots of people do, especially for their own personal financial gain! We call them leeches. The Justice Department calls them criminals. Sadly, there is little any of us can do to stop the lies and deceit. We can only learn how to recognize and avoid it, or try to mitigate or minimize its impact!  Below is a small parade of liars. They are deceitful leeches, intent on hurting people for their own personal gain.

    This first example was sent to us by an organization’s Director of Financial Operations (DFO). She received an email from one of the organization’s employees named Dave to request an update to his online banking information for his direct deposits. However, though the email correctly had Dave’s full name written in two locations, she recognized that the email address this request came from was not Dave’s email!  We’ve heard of this kind of spear-phishing several times from business office personnel over the last eight years. 

    A school employee recently received an email from an acquaintance named Mary, through her Comcast email account.  “Mary” wished the employee happy holidays and then asked if he ordered things from Amazon.  The employee thought this was odd.  However, the employee was also savvy enough to notice that the “reply-to” address set up in this email was for a different email service!  All replies are sent to Mary at Outlook.com, not Comcast.net!  We’ve seen this fraud many times before.  The few times that we’ve replied to lies like these, the criminal at the other end asks us to purchase a gift card on their behalf, because she/he is too busy to do that at the moment.  Of course, she/he tells us that we will be reimbursed.  Several times, we’ve managed to trick the criminals into clicking a link that is supposed to be a photo of the gift card numbers on the back of the card.  In each of these instances we learned that the scammer was in Nigeria!

      Anyone who owns/operates a website is inundated with bogus emails from liars all over the world.  Most often, the harm comes by tricking the recipient into visiting a website laden with malware. Sometimes the harm comes by tricking the recipient into purchasing bogus services or products.  Here are two examples that targeted TheDailyScam.com recently. 

      “Sven” used our online form to tell us about “the Most Comfortable Headphones in the World!”  We were invited to “Shop Here” by visiting a domain called “iheadphone[.]online.”  Of course we visited our favorite WHOIS tool instead to see how long Sven’s business had been operating. It told us that this online business was registered in China just 2 days ago!  Considering that, and the fact that Sven’s email came from a Yahoo account and not a business account at his own domain, informed us that this domain was very likely malicious! We get emails like this EVERY WEEK!  They are all similar and always contain a bogus commercial website that is newly registered.  Fortunately, the AI tool at Scamadviser.com also saw through this fraud and gave Sven’s site a low trust rating! (See screenshots below.)

      If someone claims to be an expert in marketing & promoting websites, wouldn’t you expect them to start with THEIR OWN website? We do! We recently received an offer from “David” to promote The Daily Scam. David represents a business called WebMarketingAssist[.]com and claims to have “10+ years on Digital Marketing.” So why is it that when we asked Google about this company, it found NOTHING at all, except a few references to spam from David. (We use the Firefox browser to search for website domain names. Do NOT search for websites in Chrome because Chrome will SEND you to that website instead of searching for it!) Again, we used our favorite WHOIS tool and learned that webmarketingassist[.]com was registered just 5 weeks earlier in India. These quick facts about a “marketing” company told us everything we needed to know about David’s email!

      Doug at The Daily Scam was informed a few days ago that a possible long, lost relative had died without any heirs. The possible relative shared Doug’s last name, according to an attorney named John Kearley Esq.  According to FindLaw.com, the “Esq” tells us that John Kearley is an attorney.  Or is he?  Again, we needn’t look any further than John’s email address to know that he is a liar!  His email didn’t come from any law firm and he didn’t include the name of any law firm in his email through which we could verify his license to practice law. Instead, John’s email came through an email service called Yandex.com.  Yandex.com is an internet service provider based in Russia. According to Wikipedia, Yandex is primarily used by Russian language speakers. Hmmmmmm…. Doug doesn’t believe he has any long lost relatives in that part of the world.  

      And so this version of an old children’s rhyme, which can be traced back to the 19th century, is the perfect ending for this story…

      Liar, liar, pants on fire!

      Hanging by a telephone wire.

      While you’re there,

      Cut your hair

      And stick it down your underwear!

      UPS Parcel Delivery Stopped and Security Alert! – One of our readers sent us this “UPS Customer Service” email telling him that his “parcel delivery was stopped.” He was asked to click a link to update his address information.  However, the email (which came from a website in Columbia) was full of English errors, identifying it as unsafe to click!  Sucuri.net confirmed our suspicions by finding malware at the end of that “Verify Now” link! 

      Did you know that the word “parcel” is most often used in British English, according to this article on StackExchange.com. Americans never say it but instead use the word “package.” This suggests that it is very likely this threat originated from the UK, or a country formerly administered by the Colonial British and where British English is still used today! There are many (including the US) but Colombia is not one of them.

      While researching the English usage of the word “parcel,” we visited a grammar website and were suddenly redirected to another website called “windows-protector[.]com” showing us a security alert!  The grammar website had been hacked and this redirect was inserted.  This type of manipulation is HIGHLY MALICIOUS and tries to trick people into believing there is a risk for getting a virus WHEN IN FACT the risk comes if you click the link!  The website windows-protector[.]com was registered in Iceland less than 3 weeks ago.  It most certainly hosts malware! Should you ever get a redirect or popup like this DO NOT CLICK ANYTHING!  Don’t click X or Close! Instead, close the window itself rather than clicking on the web page.  If you can’t close the window, quit the application. If the application does not quit, use the “force-quit” command:

      1. On an Apple computer, press these three keys together: Option, Command, and Esc (Escape). Then select the application in the Force Quit window and click Force Quit.
      2. On a Windows PC, press Control-Alt-Delete.  If that doesn’t work, try to press the ALT and F4 keys until the application closes.  And if that doesn’t work, launch Task Manager by right-clicking the Taskbar and selecting Task Manager. Find the application amongst the list of running apps. Right-click on the application and choose End Task. This should force shut the application.

      Once you’ve quit the web browser safely, we recommend clearing the browser’s cached files to remove any possible cookies or malicious files that **MAY** have been installed when you were hit by this threat. You’ll have to reopen your web browser and locate where you can “clear browsing data” or clear cookies and site data.

      Your Payment Has Been Confirmed –One of our readers sent us this text she received from 714-209-9993 confirming a payment that she knows she didn’t make!  Fortunately, she was smart enough to recognize the shortened Bit.ly link as a threat and didn’t click it!  We followed that threat down a rabbit hole and learned that she would have been redirected to a malicious subdomain on duckdns[.]org where a phishing scam was waiting for her.

      Until next week, surf safely!

      Copyright © 2021 The Daily Scam and Scamadviser. All rights reserved. You are receiving this email because you
      have subscribed to it via Scamadviser.com or thedailyscam.com

      Keurenplein 41, UNIT A6311  |  1069CD Amsterdam, The Netherlands

      Contact Webmaster