Select Page
Weekly Alert  |  January 25, 2023

Avoid These “Friends” During the last couple of months we’ve collected emails and a Facebook direct message that appear to come from a friend or someone you know, or from a stranger who casually strikes up a conversation. Some of these messages contain links. Some of these messages are very short, like a brief text. And ALL of these messages are a fraud, intending harm or to manipulate you in order to earn your trust for a scammer’s financial gain. Take a ride with us as we weave in and out of this dangerous traffic, starting with a friend’s direct message via Facebook…

One of our readers sent us this screenshot at the end of December. It came from someone he knows but found the message to be very suspicious and, thankfully, he didn’t click the link.  Through bogus or hacked social media accounts, cybercriminals often send messages referencing photos or videos because they are the perfect clickbait.  We GUARANTEE that the link pointing to the domain uoedercm[.]com points to dangerous malware! A simple WHOIS lookup of that domain shows us that this domain was registered in Iceland on the very day this message was sent. That is NEVER a good sign!

Another reader sent us this very malicious clickbait that we’ve seen many times before. Bob received a “salutation” from a woman he knows, named Linda. But the email address was NOT Linda’s usual email! The link in the email looks like it points to a Google search of Bob’s email. However, mousing-over the link shows the deceit in this message. The link points to a bizarre string of characters. Bob later told us that Linda’s email had once been hacked. The hackers stole her list of contacts and will use it to send malicious clickbait to those contacts for years! Back in 2014 we published an article called “From Hell” and detailed how 23 victims resulted from just one of these email tricks. That stolen contact list represents a pain that will keep on returning, year after year.

Doug at TDS gets one of these “Google search” emails from people he knows, but using unfamiliar email addresses, at least once every 2-3 weeks. Here’s one that came from a server in Japan a few weeks ago…

Here is another example of this type of “friend fraud.” Once again, the scammer mentions pictures as the treat to dangle in front of your eyes. Even though you’re tempted, DO NOT CLICK!  Can you figure out what country this email came from?  Bonne chance!

Next we have 2 different messages. The first one, from Uri marcos Quintero, had no subject line and simply contained the message “Hola” (hello in Spanish). The second contained no message at all but the subject line enthusiastically read “Hi! How are you.”  Never respond to messages like these with no content or context if they come from someone or some email address you don’t know or recognize!  They are meant to engage you in a conversation that will NOT be in your best interests!

And finally, here are two examples of emails from people who casually try to engage you with their services or business. However, they cannot be trusted!  The first email below is lame and, we believe, not too likely to get a response. All you get about your “Annual Plan” is “DEAR CLIENT.”  (Perhaps the scammer sent this email without attaching a file?)  The second email is much more engaging. However, as we often point out, the sender has NO CREDIBILITY because he/she uses multiple names!  Did it come from Li Fu or Richard R or KinFrederick?  We don’t care, lunge for the delete key!

Popular Fake Shopping Sites Check out the most popular fake shopping sites we’ve recently detected. Protect yourself with this FREE, all-in-one tool

T-Mobile Hacked Again, Scam Targeting an Artist, and Confirmation! There are many good reasons why it is important to protect yourself against identity theft and stay on your guard as more and more of your personal information is digitized and available on the Internet. Sooner or later, the odds increase that your personal information will be stolen. Such was the case recently for T-Mobile users, again!  This time, 37 million T-Mobile account holders had their personal details stolen, including names, addresses, emails and date-of-birth. You can read more about this breach at Cyberscoop.com. These hacks have successfully targeted T-Mobile several times in the last few years.  This doesn’t inspire confidence in T-Mobile to protect their consumer data very well. Ironically, as we write this paragraph, we received an promotional email from AAA offering a “$100 Welcome Reward” discount for people to switch from Verizon and AT&T over the T-Mobile! No thanks, we’re good right where we are.

To see if there is a known hack/breach across the Internet which included your personal information, visit HaveIbeenpwned.com and enter an email address or phone number. It is completely safe to do so AND a good idea to do this periodically!  If you see “Oh no!” then scroll down to read the details of what information has been found and act accordingly by changing passwords or notifying credit card companies, etc. Also, one of the most important and useful tricks to preventing identity theft using your personal information is to put a “credit freeze” on your name. NerdWallet.com offers a good article on how to do this.

Earlier in January we saw a Reddit post from an artist about a scam that we’ve only rarely heard of. It is a form of  an “advance-check” scam. The scammer’s trick is to create a pretense to send someone a check. However, the pretense must include a reason why the victim needs to send some portion of that income to the scammer by tricking him/her. The check will bounce, of course. But many of these bogus checks may take anywhere from 5 days to two weeks before they bounce! Sometimes those bogus checks are created using stolen information from legitimate businesses, such as a bank account number, etc. So a check may get through a bank until the business contacts the back to say it is a fraudulent check. To see this scammy pitch, check out this Reddit post from Dabi_Obsessed. He is an artist and was contacted by a scammer pretending to commission him for artwork and offering to pay him $400.

Finally, we wanted to show you a very common thread used as a lure for malicious clickbait by cybercriminals.  Check out the screenshot below taken from one of our honeypot email accounts.  This represents malicious emails targeting the account over a 3 day period! The criminals certainly love the word “Confirmation.” Other popular subject lines include “Please verify” and “Notifications.”  Also, emails were made to look like they came from Ace Hardware or Ace Rewards, Car or Auto Insurance, Burial Insurance, the USPS, Fidelity Life Insurance, ADT Security, and many, many more!

Amazon, Xfinity, Paypal, and McAfee Linkedin has its own link-shortening service (lnkd[.]in) and we’ve occasionally see it misused for malicious purposes, such as in this Amazon phishing scam. It was sent to more than 100 AT&T email addresses (We’ve cut out most to reduce the image size.) Of course it didn’t come from amazon.com. It appears to have come from a domain first registered in 2010 for a type of Visa card. By the way, despite what is said in this email, we’ve never heard of Amazon locking an account because “the billing information does not match the information on file.”  Utter nonsense!

Though we have no idea why, one particular group of cybercriminals has been heavily targeting Comcast (Xfinity) account holders!  Here’s another example that came from a domain called tezrail[.]com and the link points to a domain called LangsNotaryPlus[.]com. This domain was registered just 5 days before the victim received this email.  Eight days later a visit to it will get you forwarded to Google. That usually means that you’ve been hit with malware and then passed on to Google.  Hmmmmm…phishing or malware?  Just delete and dodge the bullet!

During the last 6 weeks or so, our readers have been sending us more and more of these Paypal phishing scam emails that actually come from the real, and legitimate, Paypal service!  However, the scam is in the NOTES field!  All the links are legitimate to Paypal which may fool people into thinking this is real, but it’s not.  The sender, NOT Paypal, offers a phone number in the notes field. Even if you have a Paypal account and log into it, you’ll see that note inside your account. But it is a note from the scammer, NOT from Paypal! Notice how oddly the scammer writes the phishing phone number!  That’s done to reduce the chances that anti-spam servers will recognize the phone number and block the email because the number is listed on fraud-reporting sites.  

This bogus McAfee order doesn’t contain your name, address or last four digits of your credit card used for the purchase because it’s BOGUS!  This email came from a free email service provider called Windstream. The phone number is a scammer’s number.  Big surprise, right?

Apartment/Home Rental Scams In this week’s column we wanted to bring attention to apartment and home rental scams. We’ve reported on these types of scams for many years and their “popularity” ebbs and flows with scammers.  Very recently, two of these scams were reported on Reddit. The goal of the scammer is to trick someone into believing that the scammer is the owner or real estate agent of an apartment or home that is available for rent. HOWEVER, the owner/agent (scammer) explains reasons why he/she is not able to show the apartment in person. They’ll tell you to look at the pictures. If you want to rent it you’ll have to send a deposit and first month’s rent. Scammers may send a lengthy contract to sign, which is meaningless and part of the scam. The scammer will promise to send the keys once a deposit is received. In every case we have ever explored, the scam listing is ALWAYS below typical market rates for an apartment/home in that area. 

Many of our readers may be shaking their heads, thinking why would anyone fall for this scam? However, keep in mind that there have been many times, locations, and circumstances when the apartment rental market was on fire! Finding an apartment was challenging. Scammers took full advantage of this, stole pictures and posted them on apartment-listing websites like Craigslist.com. 

Check out this long text sent to a Reddit user named Stefike. It was posted on January 17th. The scammer says he willl Fedex the keys and signed agreement once he has a deposit. Scammers will often say they are looking for a “God fearing tenant.” The scammer also plays the card “the security deposit payment is needed to show your commitment towards renting the apartment…” NEVER, EVER send a deposit to anyone without actually seeing inside the location in person and meeting the agent/owner. And NO, your money is NEVER refundable!  It will be irreversibly wired.

Deal done.

Unfortunately, another Reddit user was fooled and did pay a scammer, recently. So what did the scammer do after collecting on his fraud? He pushed a SECOND SCAM hoping to steal $850 more in round 2!  Accidentally, he says, there were 2 contract signings for the apartment BUT the scammer is willing to hand over the keys to YOU if YOU are willing to pay the 2nd month’s rent in advance!

Noooooo!

Here are a few links to some of our featured articles about this type of scam, including Airbnb scam rentals…

https://www.thedailyscam.com/craigslist-apartment-scam/

https://www.thedailyscam.com/home-rental/

https://www.thedailyscam.com/airbnb-scam-hits-user-for-2500/

Attached Paid Invoices, Purchase Orders and Confirm Email Account –Lately, we’ve seen many very dangerous emails disguised in a variety of ways.  Several claim to have attached pdf documents or Excel spreadsheets. HOWEVER, the “attachment” is just an image and that image is actually another type of dangerous document, or it is a link to a malicious website! Check out this first one claiming to have an attached paid invoice from someone named “Kendra Kelvin.” Kendra’s email came from a server in Chile (“.cl”) and the attached pdf file is actually a very dangerous htm file that will control your web browser!  If you double click that file, you LOSE!

Deeeeeleeeeete!

This next example specifically targeted Doug at TDS. The email appears to have come from a legitimate service and was sent to many email addresses, starting with info@thedailyscam.com.  Again, the sender claims to have attached an Excel file as a “revised final PO.” But mousing over that “file” shows that it is simply an image that is linked to a HIGHLY MALICIOUS website at ipfs[.]io. The link contains Doug’s email address.

Check out this bogus email sent to one of our readers from a server in Japan (“.jp”). You are asked to confirm your email account because they’ve upgraded the server and are deleting all inactive email accounts. The link, once again, points to the services at Amazon AWS. Don’t believe an email JUST BECAUSE it points to a known service!  The Amazon AWS service is often misused by cybercriminals!  Check out what we discovered below in the 2nd screenshot! FOUR security services found that Amazon AWS link to be malicious. 

You Are The Winner! – You are NOT the winner!  The criminals who sent this clickbait have been targeting our friend, Bobbie, for months!  They use a font type that is practically illegible! NEVER believe this crap! If you see a font that is like this, SWIPE TO DELETE!

Until next week, surf safely!

Copyright © 2022 The Daily Scam and Scamadviser. All rights reserved. You are receiving this email because you
have subscribed to it via Scamadviser.com or thedailyscam.com

Keurenplein 41, UNIT A6311  |  1069CD Amsterdam, The Netherlands

Contact Webmaster