Weekly Alert  |  January 19, 2022

This is How You’ll Be Scammed Twice! — By every measure we can find, online fraud and cybercrime jumped in 2021 compared to previous years.  According to research reported on CNBC last June, online fraud attempts were already on the rise by 25% compared to the prior year. Last month, Globenewswire reported on a study by Transunion showing that online fraud had jumped 25% during the time between Thanksgiving and CyberMonday, 2021 when compared to the rest of the year! We recently asked a small random group of 20 adults in Massachusetts if anyone in their family had been successfully targeted by cybercriminals through a phone or the Internet. 40% of respondents said yes! Similarly, when we asked them if any of their friends had been successfully targeted, 40% again said yes and another 15% said “maybe.” Fourteen of these respondents told us that financial losses ranged from  a few hundred or few thousand dollars, to millions of dollars lost by one business owner through ransomware! Their responses included several stories of “near misses” when the fraud was uncovered and stopped in time.

We’ve learned that there are very few (if any) options for consumers who are victimized because these scams often cross international boundaries and criminals move money through untraceable means. Additionally, in our opinion, the FBI is completely overwhelmed by the sheer number of fraudulent events.  In 2018, we spoke to an FBI agent about a particular type of fraud that had targeted hundreds of men, costing many of them hundreds of dollars to several thousand dollars.  The FBI agent honestly told us that their priority had to be focused on fraudulent losses of millions of dollars and they simply didn’t have the resources to assist most consumers with the small losses we described.

These sad circumstances are leading many fraud victims to search the Internet for help. And that’s where they are likely to be defrauded again by bogus companies made to look like they will successfully retrieve your lost money! Look, for example, at a company called “Alliance Resolve – Top Notch Recovery Solution Expert.” Their domain is allianceresolve.tech. Their “About Us” page reports that they are “a foremost fraud investigative agency with a goal to provide premium services to all.”  They show very impressive numbers on their About Us page, such as “520+ Happy Clients” and “420+ Completed Cases!”

This is especially impressive if you consider that a WHOIS lookup for allianeresolve.tech shows us this website was registered anonymously a month before we found it!  It’s hosted on a server in Singapore.

    And then there is the very odd fact that their Client Reviews webpage contains 13 reviews, all written and posted BEFORE this website existed! Of course, none of the reviewers can be authenticated. How convenient.  In fact, that there is no named person associated with this website. NO ONE can be authenticated! NOT EVEN THEIR ADDRESS can be authenticated!

      AllianceResolve.tech lists their business address as 321 S. Boston Suite 300, Tulsa, OK 74103. But  according to MapQuest, the business located at suite 300 is called Corporate Talk. The Secretary of State website in Oklahoma has a search directory of all businesses registered in the state. None of the 36 businesses we found containing either the name “Alliance” or “Resolve” is this business “Alliance Resolve.”   This business is also not listed with the Better Business Bureau website, bbb.org.  Finally, a Google search for “Alliance Resolve” in Tulsa, OK turns up absolutely nothing!

      However, we did find something else that is eye-opening. By searching for unique sentences found on the Alliance Resolve website, we were also able to find eight more of these bogus websites!  Check them out and you’ll see they share several things in common, especially Iceland:

         Gamma Recoup Tech uses the domain gammarecoup.tech. It was registered anonymously in Iceland in March, 2021. They also have 71 comments on their website dating back to 2017, even though their domain was registered in 2021!

         Reimburse Solutions uses the domain reimbursesolutions.tech. It was registered anonymously in Iceland in January, 2021.  Their 91 comments are dated back to 2018.

         Bit Recovery uses the domain bitrecovery.tech. This domain was also registered anonymously in Iceland in March, 2021. They list an address on Hull Street in Richmond, VA where Google shows a small strip mall holding no such business! Fortunately, Scamadviser’s AI rates this website as 1 in 100 for trust.

         Forte Redux uses the domain forteredux.org. It was registered anonymously in Iceland in November, 2020. This company lists their business address on 7747 Middle Bay Way in Fountain, Colorado. Google shows this as a home residence.  This is especially an interesting location when you consider that their website says “Forte Redux has successfully helped thousands of companies and individuals in Europe, North America and worldwide to reclaim stolen money and property from cyber criminals and con artists.”  What? Out of their garage?

         Cyber Coin Recovery is using the domain cybercoinrecovery.com. It was registered anonymously in Iceland in February, 2021. It claims to be located in the UK but it’s website is nearly identical to that of Forte Redux!

         Vital Retrieve is using the domain vitalretrieve.com. It was registered anonymously in Iceland in late September, 2021.  They claim to have offices in London and Australia. Just like Forte Redux, they say “Vital Retrieve has successfully helped thousands of companies and individuals in Europe, North America and worldwide to reclaim stolen money and property from cyber criminals and con artists.”  This is pretty remarkable a statement to make considering that their website has existed for less than 4 months!

          Zenithesse is using the domain zenithesse.com. It was registered anonymously in Iceland in July, 2021. They list their address on a street in Sandy, Utah that is occupied by a Walgreens.

          Elavetant is using the domain elavetant.org. It was registered anonymously in Iceland in October, 2021.  And yet, their customer reviews were first posted on January 26, 2021!  Also, 11 of their 41 reviews were posted on December 30 and 31st, some just minutes apart.  What an odd coincidence, don’t you think?

      There seems to be no end to these bogus companies. None of them had the names of the founders or presidents on them when we did our research in mid-January.  The likely negative impact on consumers who have already been victimized cannot be overstated.  Imagine suffering serious financial losses and then you turn to one of these companies for help only to be victimized again!  We believe that is what is most likely to happen to people who turn to these suspicious businesses. They’ll be scammed a second time!

       

        AOL Password is Set to Expire Only one smelly phish to report from last week. But we loved how the email sender chose to emphasize the subject line and first line of the email with THREE exclamation points!!!  That’s a good way to draw attention to something, but not correct English. If you look closely at the FROM address you’ll see that the entire “AOL Mail Secure Team” is named “wjjaneygirl.Now that’s unique!  

        Did you know that passwords for email services like AOL don’t expire, though this phish leads you to think otherwise.  The bogus link connected to “Keep The Same Password” points to a phishing page set up on the free web service called Weebly.com.  Deeeeleeeete!

        Fake Consumer Product Websites In February, 2020, a reporter named Ganda Suthivarakom published an excellent article in the N.Y. Times titled “Welcome to the Era of Fake Products.” Scamadviser and The Daily Scam are often told about fake consumer websites. Sometimes, one fake consumer website can actually lead us to another because cybercriminals post the exact same website content under a different name! Such was the case recently when a reader sent us a link to this website called Joowoo.shop. You’ll see that it mostly sells home furnishings, along with several other home-related items, at extremely low prices!

        Featured on the Joowoo.shop top web page is this unnamed “Kitchen Appliances Fully Automatic Espresso With Lattego” for $57.98. We thought that the price was incredibly cheap and wondered who the manufacturer of this espresso machine was. The manufacturer isn’t listed in the product description and can’t be found in the photo.

        Take a CLOSE LOOK at this full photo below of the espresso machine found on the Joowoo.shop website.  Can you find a manufacturer’s name anywhere on it? Thankfully, Joowoo.shop had plenty of them because we put 5 of them in our cart and clicked to check out. Our total price would have been only $289.90! But then we had second thoughts and decided to do a reverse image search for that coffee machine. Unsurprisingly, we found that this espresso coffee maker is made by Phillips.  It is the 5400 series EP5441 coffee maker and can be found on the Amazon.co.uk website as “out of stock” as of January 16.  On Amazon, the price wasn’t listed but we found very similar models listed with a range of prices from $900 to $1400! Compare the screenshot below from the Amazon website and you’ll discover that Joowoo.shop actually REMOVED the Phillips name from their picture of the coffee maker!

        The fact that Joowoo.shop REMOVED the manufacturer’s name from the photo, listed it for 4 – 7% of the estimated price we found for similar Phillips coffee machines, AND that they have 5 available for purchase tells you EVERYTHING you need to know about Joowoo.shop!  But did we unfairly pick the one and only product that appears to be illegally posted?  Hell no!  Check out this featured product for a “Commuter Electric Bike Kbo Breeze” listed for $78.98 on Joowoo.shop.  We found that exact same model on the KBO manufacturer’s website for $1,499.00.  The ONLY difference we can see between the manufacturer’s bike and the one listed on Joowoo is the fact that Joowoo has again removed the manufacturer’s logo from the image!

        If we dig a little deeper to investigate Joowoo.shop we find several red flags that concern us…

        1.   A simple WHOIS lookup tells us that this consumer product website was registered anonymously on September 1, 2021 and the website is hosted on a server in Buenos Aires, Argentina.

        2. The website Joowoo.shop lists NO PHYSICAL ADDRESS but offers a personal email address for someone named “nashikawdvgjch” on Gmail.com.  A phone number is listed but begins with the +86 country code for China!

        3. Their “About Us” page says nothing at all about this company.  However, there is a lovely quote saying We take great pride in personalized electronics. We, like you, have always loved beautiful and unique products that set us apart. As we grow up, we realize how lucky we are to be able to do what we love.”  When we searched for that EXACT quote in Google, it showed us an identical consumer website called Heeha.shop.  This identical website contains similar odd contact information.

        Our point should be crystal clear!  If you find a consumer website that is not well known and recognizable, do your due diligence to verify, verify, verify!  And if the prices seem too good to be true, run!

        Also, please check out these two very informative articles on Scamadviser.com to learn how to better protect yourself from this kind of online fraud:

           Why Do Consumers Buy Fakes? – 2021 Report

           Fake Reviews and Brand Pimping – Who Wins and Who Loses?

        Finally, if you want to read about a woman’s experience after ordering two sample skin care products from a questionable website, read our article titled Anti-Aging Face and Skin Creams. Her purchase turned out to be a VERY deep rabbit hole!

        We’re Here for You – We want to thank our many readers who responded to the short survey questions included with newsletters during the last few weeks. In addition to hearing accolades for our effort to educate the public, we also received good feedback on how to make this newsletter better.  For example, you’ll notice that the black news box near the top of this email no longer contains red text against a black background. Several people told us it was very hard to read and so we’ve changed it. Also, many readers told us that they wished they could click a “READ MORE” button and be sent directly to that section of the newsletter, rather than always being sent to  the top of the newsletter.  Now you can! Clicking “READ MORE” will send you to a specific newsletter section. 

        We’re here to support you! And we’re grateful that readers share their experiences with us so that we can, in turn, share them with all of you to help everyone be smarter and safer online! 

        Last week we heard from a woman who wanted our opinion about a “work-from-home” job she interviewed for. The interview was entirely text-based and, supposedly, for a job with Trinity Health. However, the woman was contacted by the V.P. of Talent Acquisition who used the email address at trinity-health[.]careers.  Searching for Trinity Health online clearly shows their domain is trinity-health.org, which was registered in 1999! However, trinity-health[.]careers was registered anonymously in Iceland on January 4, 2022! (see screenshot below)  Like we said, we’re here for you!  Send us your suspicious emails, screenshots of texts and social media posts!  NOTE: If you continue reading today’s newsletter, you’re going to hear a LOT about Iceland! It’s a favorite place for cybercriminals to register domains, using NameCheap.

        Free Business Directory – Last week our Top Story was about a “Parade of Liars.”  That parade continued and here’s another Liar-Liar-Pants-on-Fire example.  We received this lovely invitation from Elva Everhart to submit our “new site” to a free business directory. (We’ve been around for almost ten years, but whatever. **eye roll**) But Elva’s email contained two red flags that grabbed our attention.

        1. Free business directory? But for what business? “Elva” sent her email from a personal Gmail account rather than any business email account.

        2. Elva’s link was shortened using the service at Bit.ly.  Why would she do that? Is it because the link she wished for us to click is S-U-P-E-R-L-O-N-G?  When we unshortened her bit.ly link, using Urlex.org, we discovered that Elva’s link points to another link that is no longer than her original link.  What’s more, her link redirects to an IP address and NOT any legitimate business we can see.  Hmmmm….

        …And so we didn’t click.  Did you know that the name “Elva” means “leader of the Elves” and is of Irish origin?  Some think that elves are mischievous.  We think so!

        Clickbait Disguised as AT&T Texts and Burn 40 lbs! –One of our readers tells us that she’s been receiving multiple texts disguised as messages from AT&T but all have come from different private phone numbers.  We’re convinced that each contains a link pointing to malware meant to infect her phone!  Here are two of them. Notice that the global top level domain (gTLD) in both links is DOT-xyz!  That is a crap gTLD used exclusively by cybercriminals!

        Another reader sent us this lovely text that came from an email address at “articlesmine[.]net.”  She was encouraged to lose 40 pounds by clicking a malicious link to a website in Columbia called ‘rextoro[.]co’  ‘Nuf said! Delete!

        Until next week, surf safely!

        Copyright © 2021 The Daily Scam and Scamadviser. All rights reserved. You are receiving this email because you
        have subscribed to it via Scamadviser.com or thedailyscam.com

        Keurenplein 41, UNIT A6311  |  1069CD Amsterdam, The Netherlands

        Contact Webmaster