Are You Funding a Multi-Million Dollar Fraud? Fake Postage Stamps — On January 4, an elderly gentleman, whom we’ll call Sherlock after the infamous fictional character “Sherlock Holmes,” told us that he found a link to purchase highly discounted postage stamps on a “USPS” website (United States Postal Service). He knew it wasn’t the real USPS.com. The domain of this bogus “USPS site” is webusps[.]com. Feeling reasonably certain that this was a scam, Sherlock made a stamp purchase for less than $20 anyway because he was both curious to see what would happen and because he has reported online scams to us for years now, and wanted to see where this might go. (Sherlock has helped to expose lots of fake shipping job scams! Read “Package Shipping Scams”) Sherlock was actually eager to collect more evidence about this fraud and share it with us. Think of it as two hours of entertainment cheaper than it would have cost him to buy a senior-discount movie ticket along with a small bag of popcorn! (And it saved him the unnecessary calories too!) His effort led us to uncover the most extensive fraud that we’ve ever seen in all 12 years of our existence…
Fake US stamps for sale!
On January 4, Sherlock said “I purchased a roll of 100 USPS Forever Stamps for $16.99. I got a thank you and a follow-up email from them saying they received the payment.” When he clicked the link in the email thanking him for his order, it took him to the fraudulent website webusps[.]com. He said it looked identical to the real USPS.com site. It even has a catalog to purchase the same stamps that you see on the real site, he told us. Sherlock also told us that if you buy 20 rolls of 100 forever stamps, you can get the stamps discounted for $0.12 each. This is, of course, an insane discount that the real USPS service does not and cannot possibly offer!
For some context here, the REAL USPS.com web site for of the United States Postal Service shows the cost of a roll of 100 Forever stamps at $66. (On January 24, the cost of a US Postage stamp is rising 2 cents from 66 cents to 68 cents each.) That means that webusps[.]com is offering this roll of stamps at a 74% discount! Remember the phrase “If it seems too good to be true, it is?” (According to the USPS FAQs webpage, It doesn’t matter what year these stamps were printed. As “Freedom” or “Forever” stamps, they are always usable. Also note that it is possible to find real US postal stamps issued in prior years on the real usps.com website. For example, here is a stamp first issued in 2017 on the real USPS website. So seeing stamps issued in prior years is not, of an by itself, fraud.)
However, in addition to the impossibly deep discount, what also wreaks of fraud is the poor grammar, punctuation errors and weird phrasing that we found on webusps[.]com. We were also curious about the odd and uniquely interesting sentence in the bottom left corner of their site. “We are an independent vendor of the USPS providing hot-selling stamps.”
When we conducted an exact Google search for most of this odd sentence, we were shocked by what we discovered. We didn’t just find another two or three bogus US stamp-selling websites. We discovered more than TWENTY bogus websites selling counterfeit US Stamps, including bizarre domain names hosted on servers in Germany, Poland and France. This connection to the same line of text found on webusps[.]com is a very strong indication that this fraud is being perpetrated multiple times by an international group of cybercriminals, and not likely by American criminals, since we also discovered that webusps[.]com was registered through a Registrar in Germany.
We conducted a Google search for more information about some of these stamp-selling websites and discovered many more signs of fraud related to them all. For example…
- Our friends at Scamadviser found webusps[.]com to be suspicious and they showed an old, and no longer available, stamp-selling site called stamp-onlinestore[.]com as untrustworthy! (Scam-detector also shows this latter site as unsafe.)
- Stampshop[.]shop was reported as a fraud on MalwareTips.com in August, 2023 and to be “avoided at all costs!”
- Stampshop[.]net has a low trust rating on scam-detector.com
- USPostPlus[.]com is a stamp-selling website whose domain was registered on 10/6/2022. This registration included the phone number “(626)662-0002” A search for this exact phone number led us to an “F” rating for USPostPlus[.]com on the Better Business Bureau website and for another bogus stamp-selling website called OneUPS[.]net, which was also associated with USPost[.]shop and ForeverUSPSPost[.]com!
- The BBB.org website also shows another “F” Rating for ForeverUSPSPost[.]shop and it also seems to be associated with yet another website called Kaortty[.]shop
Another bogus site that turned up in our search was POSupplies[.]org It was registered in Iceland through Namecheap on February 11, 2023, less than a year ago. Like many of these bogus stamp-selling sites, it is still online and available as of January 13, 2024. When we visited it and took a screenshot, we couldn’t help but notice grammatical and punctuation errors on the site again. But we also decided to investigate the address listed for this business at the bottom of their web page. The address is 1451 Coral Ridge Ave, Coralville, IA (Iowa). It turns out that this is the address for a shopping mall and the Coral Ridge shopping mall website does not list any business named POSupplies, or any business name close to it!
We began to suspect that the depth of this fraud surrounding the sale of counterfeit US postage stamps was far deeper than we had ever seen before! Every time we conducted a Google search, over multiple days, we would see more new suspicious websites posting highly discounted stamps for sale. Last week, on January 13, we decided to dig deeper with the top results of a Google search for “us postage stamps forever roll.” What we learned again shocked us! Check out these 8 Sponsored links that showed up at the top of our search. They all showed heavily discounted prices that we knew weren’t possible, according to prices dictated by the real US Postal service. In each of these 8 cases, we were able to show that the website was a fraud or that it was registered less than a year ago.
Amongst this “Sponsored” list of fraudulent websites were two that stood out…
BMFloorin[.]com is a suspicious home rug-selling store that Google cannot find in a search for the business name. The BMFloorin[.]com website shows a variety of home rugs and also US Stamps for sale! The site lists a street address of 51 Morgan Drive, Norwood, MA 02062. However, Google and Google Maps show us that the only floor covering store at this mall address is for a Sherwin Williams floor covering store at #9, 51 Morgan Drive in Norwood. There is no listing for BMFloorin. It appears to be a ghost!
MorrisCoinShop[.]com is a fireball of confusion. It turns out that there is a real Morris Coin Shop located on 302 Liberty Street in Morris, IL 60450. Through Google searches, we found a phone number listed for this business as (815) 942-1046, but Google can’t seem to find any website associated with this business! And yet, the MorrisCoinShop[.]com website exists and sells US postage stamps at incredibly discounted prices. The website also shows the same address for their coin shop in Morris, IL, BUT with a different phone number: +(1)(779) 241-6748. (Notice that the website writes the phone number in an unusual manner, starting it with the international calling code for the US… “+1.”) Both our friends at Scamadviser, and Bfore AI Precrime security service, list the morriscoinshop[.]com website as “suspicious.” We called the real business, Morris Coin Shop at 815-942-1046, and spoke to an employee. He said “we don’t have a website.” When we told him about MorrisCoinShop[.]com, he said it was a scam site using their name and said they have reported it many times to the police!
A few links below the bogus list of “sponsored” websites on Google, we also saw another collection of businesses selling US postage stamps. What was interesting about this display was that it included 3 legitimate and well-known US businesses. They were selling rolls of Forever stamps at the known postal rate of about $66/roll (or higher). But we also saw 3 more links to websites selling heavily discounted rolls of Forever stamps. We were able to uncover that two of these 3 were scams and the third was registered less than 7 weeks ago and is therefore very likely a scam site.
The amount of fraud that we were able to uncover in a few hours was both shocking and seemed to be immeasurable! In total, we easily found more than 25 suspicious or fraudulent websites selling US Postage stamps. It should not surprise anyone that Google has been completely and uncontrollably manipulated to deliver fraudulent websites to the public, even calling some “Sponsored.” (Last month, VerifyThis.com published an article titled Yes, Scammers Can Use Google Search Ads to Redirect to Scam Websites.) Here are a few more of the many websites we found through Google to be selling US Postage stamps at impossibly discounted prices…
- RealWorldStamp[.]com (Registered 9/26/2022) – Reported as a possible scam to Scamadviser
- USPostPlus[.]com – Scam-Detector has a warning about this website
- Us-StampStore[.]com – Reported as a possible scam to Scamadviser
- Quickusps[.]com – Scamadviser reported this site as a likely scam
- Stamponlinestore[.]com (This site was listed on a scammy Facebook account called “Stamp Independent Vendor” that used the Maltese language; the account also includes a review saying it is a scam account.)
- Stamp-onlinestore[.]com – Scamadviser reported this site as a likely scam
- Uspsstoreonline[.]com (Registered 11/11/2023 – 44 days ago)
- FirstClassStamp[.]com (Registered 8/28/2023)
- FlagStampShop[.]com (Registered 7/23/2023)
- RichStampStore[.]com (Registered 2/20/2023)
- PostalStampHaven[.]com (Registered 7/20/2023)
People using social media should also be very careful about the ads and posts they might see on services like Facebook, Instagram, Pinterest and others. For example, here is an offer that appeared on a Pinterest account that was also selling counterfeit stamps! Obviously, someone reported the linked website because when we attempted to visit it, it had already been taken down.
In addition to fraud we exposed, we found multiple WARNINGS from many sources around the US about the sale of counterfeit US Postage stamps, including….
- WGAL News station in August, 2022 from Lancaster, PA:
- From VerifyThis.com posted on December, 2022 and updated in November, 2023:
- Linn’s Stamp News: Quality of Counterfeit U.S. Stamps Keeps Improving (August, 2019)
- Reddit user telling a story about his mother buying fake stamps from ForeverUSPSPost. This was followed by multiple responses from other people, including someone revealing 6 more fake stamp websites!
Besides the obvious fraud that comes from buying/using COUNTERFEIT U.S. STAMPS, there is a deeper more insidious consequence of this widespread fraud that is hurting all US citizens and our government. The U.S. Government Accountability Office published an article in August, 2023 about the financial state of the U.S. Postal Service. In case you hadn’t heard, the financial stability of the US Postal Service is not good. According to the article, the U.S. Postal Service has not covered its expenses and debt for 15 years. However, no where in this article, or many other articles we looked at on this subject, did anyone talk about the many millions of dollars that are stolen annually from the US Postal Service as a result of the sale of counterfeit stamps on the Internet. And yet, the U.S. Postal Service itself is clearly well aware of the massive amount of fake stamps being sold. In February, 2023 they published this article titled USPS Warns the Public About Surge in Use of Counterfeit Postage. There is also a consequence for consumers who use counterfeit stamps, knowingly or not. It is spelled out in this article on the USPS Postal Service website.
We recently visited our local US Post Office in a small town to speak with the one person sitting behind the desk. When we asked what she thought about the existence of so much fraud targeting the Postal Service, she was completely unaware that this was a problem. She told us that she’s never seen or heard about fake stamps in her local office. At the very least, it seems like the US Postal Service should do a better job of raising awareness with both the public and their employees in their own postal service outlets!
Remember, our exploration began when a reader we called “Sherlock” decided to purchase cheap stamps from an online store he had stumbled upon. Believe it or not, he got his stamps, though they are likely very counterfeit, and not real. Sherlock even took his roll of stamps to his local post office and asked them if they thought the stamps were fake. The clerk said that they looked real to him! We think they are very likely counterfeit because of a simple clue on the shipping package. Sherlock sent us this photo below, showing that his stamps were delivered from 1401 West Front Street, Florence, New Jersey. According to our searches of this address (including county records at CountyOffice.org), this address is an empty lot! (This address was also reported as a scam address on this Reddit post related to products sold on Tik Tok.)
Given the breadth and depth of fraud we were able to uncover in just a few hours of investigation in mid-January, we strongly suspect that the financial losses suffered by the United States Postal Service are enormous, in the many millions of dollars per year! We also uncovered a few interesting breadcrumbs in our investigation that suggest to us that the cybercriminal gangs behind most of this fraud are in foreign countries. Quite frankly, we’re amazed that this fraud isn’t more front-and-center in the news and on US Government websites too. This problem seems to be getting worse, not better and all Americans pay for these losses through higher postage costs to offset these losses.
Is Facebook Offering You a Subsidy? — Wondering if the $6400 subsidy on Facebook is legit? check out on this scam and protect yourself with this 100% FREE, all-in-one tool
New Monthly Podcasts, Andy Cohen is a Victim, and Creative Scammers — We’re thrilled to announce that The Daily Scam has partnered with SecureWon, a national technology services company, to create a monthly podcast series presented by Doug Fodeman of The Daily Scam. On the 15th of each month, SecureWon will post a 12-18 minute podcast on the SecureWon website, covering a variety of topics related to online fraud. In the first half of the podcast, Doug reveals some of the fraud in detail, while in the second half he interviews someone who has expertise or a story to tell related to this type of fraud. The first Episode, just posted, is titled Threats Attached to Some Emails and the Risks They Can Cause. Our very special guest is Dolly Ryan, Director of Education, with SecureWon. Dolly and Doug have an interesting connection going back many years. Late one Friday, Dolly arrived like the cavalry to help Doug recover from a serious computer network hack that had attacked his school. The attack likely began with a malicious email to a teacher.
Are you familiar with the show called “Good Morning, America?” On January 10, Andy Cohen, a radio/tv show host and presenter, was interviewed about an awful scam that had successfully targeted him. (Posted on YouTube) Like Cliff discovered in last week’s Top Story about a Verizon scam, Andy said to trust no one!
The information age is often described as that time in our recent history when the monetary value of information has significantly impacted societies, businesses and the average person’s life in many ways. Some are unexpected and result in financial nightmares for people, while cybercriminals profit tremendously. CNN.com recently reported that the US Securities and Exchange Commission (SEC) had its social media account hacked. What did the hackers do once they had access? They released a post on X (formerly known as Twitter) that the SEC was approving Bitcoin as a legitimate form of currency. Can you guess what happened to Bitcoin’s stock? If the FBI and SEC wonders who was likely behind this hack and release of disinformation, they just need to see who purchased bitcoin in the hours or days before this fake post and then immediately sold it in the 15 minutes that followed! (The fake social media post was taken down within 20 minutes of release.) Perhaps most shocking was that this hack revealed that our own SEC didn’t have 2-factor authentication turned on for it’s social media account!
As most of you know, our teams at Scamadviser and The Daily Scam get dozens of offers, pitches and business solicitations every week in our collective inboxes! An overwhelming majority of these are fraud. Recently, we compared two emails received by Doug and David just minutes apart in their inboxes at TDS. We find them very interesting and wanted to know what you think! Are these pitches legitimate or fraud? (You can already guess what we think.)
As educators against online fraud, it’s always important for us to give our readers opportunities to look at fraud in different ways. For example, below is a typical phishing email scam sent from a free Gmail account, thanking the recipient for a $596 purchase that she never made. Of course, this trick is intended to manipulate the recipient into calling the phone number. Look at this email critically and carefully. We count 8 errors/oddities in this invoice that make it feel suspicious! How many can you find?
Another clever trick cybercriminals often use to get your attention is to send you an email that appears to come from YOU! Check out this malicious clickbait below. In the text field of the FROM address was the recipient’s full name and so it appeared to come from himself. Of course, it didn’t. It came from a domain called nichiha[.]com. (A reminder that it is not safe to click “unsubscribe” links in suspicious/malicious emails.)
And finally this week, in the category of “Don’t believe everything you read,” is this email from our friend Rob about a man who was caught with cases of money. Apparently, the money was intended for Rob but had been stolen! **Dramatic Gasp!!** As you’ll read, the Attorney who contacted Rob told him a crazy story that we’re still shaking our heads over. However, as Rob showed us, there was one small, but important, detail from Attorney Simon Janssen Esquire that made this whole message a funny piece of fiction. The photo of the man who was arrested was actually stolen from an article on TheGuardian.com about a right-wing group who attempted to overthrow the German government. Oh well, we guess you can’t believe everything you read.
We leave you with a couple of interesting articles about fraud, including this article on TheAthletic.com about the recent scandal exposed by reporters about ESPN. The reporters showed that the sports station ESPN used fake names to secure Emmy Awards so they could etch new names on the name plates of the awards and distribute them to some of their staff. Fraud is sometimes revealed in surprisingly unexpected ways!
AARP Mailbox Phish and Many Netflix Phish! — An elderly woman told us that she had received this card (photo below) in the mail from the US Post Office. However, she was suspicious about the offer and reached out to the American Associate of Retired People (AARP) to inquire. They informed her that this mailed card was actually a phishing scam! It feels a bit scary to think that these scams can also drop into our physical mailboxes. We found reports online that also showed this offer to be a phishing scam:
We know how popular the Netflix streaming service is and so do cybercriminals! Our readers have sent us lots of phishing scams disguised as Netflix.com emails recently. Check out the three below…
- Your auto-pay didn’t go through. Oh, no! The link in this clickbait pointed to a phishing page that looked identical to the real Netflix login page, but it was on the website renaissance2230[.]com!
2. This next smelly carp came from a nonsensical crap domain name and the links pointed to an IP address, rather than the name of a website. That’s almost always a sign of fraud!
3. Spelling counts. And clearly many scammers cannot spell as evidenced above in example #1 by “Netflixx” and here in example #3 by “Netfliix.” They also messed up their coding in the creation of this fraud because you are greeted by “Dear [Name].” No matter. You know how to spell D-E-L-E-T-E!
Report your smelly phish!
Costco and We’re Giving Away Money! — Millions of Americans are familiar with the retail store called Costco and are members. Imagine getting this clickbait telling you that your account has expired! But wait, click the button and you can get another 3 months membership for free! Nooooooooo! The link doesn’t point to Costco.com and will send you to a website with a redirect. Ultimately, you’ll be thrown into the dangerous jaws of Kinetinsands[.]com where malware awaits! Step away from this precipice!
One of our readers has been sharing malicious clickbait with us for weeks no that have the same theme. Someone is trying to give this man money! $100, $500, $1000 and lots of other denominations. They claim to represent a variety of things, from Casinos to CashApp to bank transfers and deposits. And they are all malicious clickbait. Unfortunately, he gets about 10 -15 of these malicious clickbait every week. Fortunately for him, he’s smart enough to know they aren’t real, but are actually dangerous!
Confidential Fax, Docusign Malware — As we stated in The Week in Review, we’re now posting monthly podcasts and the first one concerns highly malicious email attachments that can result in massive network infections at a company, organization, or school. Here’s a perfect recent example, disguised as a “New Confidential Private Fax.” The attached html file contained code that would have directed the person’s web browser to a website in Russia! Yikes, Comrad!
One of our readers received this very malicious clickbait in her work email. It came from a “parked” domain that has no site content on it, and called bfginc[.]org. It claimed to be from Docusign, requesting that she click to see the secure document and sign it. But the link didn’t point to docusign.com. It pointed to a service at R20[.]rs6[.]net. This service has been identified as being used to deliver malware to people! Check out this article on Gridinsoft.com about this danger. We used Sucuri.net to confirm that malware was waiting for this woman’s click. It’s another example why it is so important to look before you leap!
Until next week, surf safely!
Copyright © 2023 The Daily Scam and Scamadviser. All rights reserved. You are receiving this email because you
have subscribed to it via Scamadviser.com or thedailyscam.com
Keurenplein 41, UNIT A6311 | 1069CD Amsterdam, The Netherlands