Select Page
Weekly Alert  |  January 4, 2023

How Legitimate Companies Can Scam You: Dark Patterns The world is filled with cybercriminals who try to commit fraud in hundreds of different ways at our expense.  But what about legitimate companies and services? Can we always trust them to “do right” by consumers? The obvious answer is no, we can’t. Many of these businesses and services use “dark patterns” to trick us into buying things we may not buy otherwise, or keep us paying for services that we would prefer to discontinue, or keep us engaged in unhealthy activities by making them addictive or harder to disengage, or by intentionally tricking people to sign up for things that they might otherwise not wish to sign up for. As Wikipedia, simply states “dark patterns” (also called “deceptive design patterns”) are user interfaces that are carefully crafted to trick users into doing things. As we discovered last week, a dark pattern can also be user interfaces that make it harder for consumers to stop doing things, like unsubscribing from a free promotional service that is about to start charging you! Let’s dig into some examples and our experience may surprise you…

In last week’s newsletter, we reported that Epic Games, maker of Fortnite, had just been fined $520 Million dollars by the FTC. $245 Million of that fine was for egregious dark patterns that tricked their players into needlessly spending money. And, according to the FTC, when some players complained about these undesirable practices/purchases, they were even locked out of their accounts! Here are just a few examples of these dark patterns employed by Epic Games:

  • Players were asked to purchase in-game currency, making it harder to keep track of the actual cost of items they purchased because they were made through the fictitious currency.
  • Credit card data was automatically saved for player’s accounts and one-click was all that was needed to make a purchase. Keep in mind that many players were children using parents’ credit cards in their accounts. Purchases could therefore be made without a parent’s consent or knowledge.
  • The button to preview merchandise was placed very close to the button to purchase merchandise. Gaming on small devices like smartphones meant that a tap to preview often became a tap to purchase.

You can read about Fortnite “dark patterns,” as submitted by players themselves, on this blog called Dark Pattern Games.

Even legitimate and well-known services used by millions use dark patterns. This author recently experienced just such a dark pattern when I tried to cancel a free subscription that was about to expire, resulting in automatic monthly charges of $17/month. The company is Verizon and the services were with Fios Internet. In early January, 2022, I discovered that if I paired my Verizon Wireless plan with the purchase of a Fios Internet plan, I would also receive a one-year free enrollment in both Disney Plus and AMC Plus. I was informed, at that time, that these services would auto-renew at the current rate unless I canceled them with Verizon beforehand. ($7.99 and $8.99 per month at that time.) My household barely used these services and we decided to cancel them last week, before they renewed. The first mistake was logging into my Disney Plus account to cancel it. After about 5 minutes, I found information saying that I needed to cancel through Verizon.

Next I visited our Verizon Wireless account which turned out to be a mistake! (Perhaps, I should take responsibility for that mistake.) Suffice to say, I spent about 25 minutes searching the account, and clicking links down dark rabbit holes. For example, there were account areas called “My Add-Ons & Apps” as well as “Entertainment” but I couldn’t find evidence of any streaming services connected to my account. Finally, I turned to the chat service for help.  The representative at the other end took more than 15 minutes to tell me that I had to be transferred to a Verizon Fios representative instead of a Verizon Wireless representative. 

While waiting for the new Verizon Fios representative to come online in the chat service, I logged into my Verizon Fios account. (Please remember that these rewards were offered when we combined our plans into one, but they remained as two separate logins.) I am now nearly 50 minutes into my effort to drop these free services. Once in Fios, I found the account details in 3 clicks confirming that I did, indeed, have these services in use! However, I could not find where or how to cancel them!  Surprisingly, clicking “Modify Plan” did NOT provide me with a cancellation button for Disney+ or AMC+.

And so I waited for the new representative to reply via the chat window, which didn’t take long.  However, I had to go through the authentication process again and prove I was the account holder, even though I was logged into the account and had already done that with the first Verizon representative. (Security is important, afterall!) After proving for the second time who I was through account information and 2-factor authentication, I explained again what I wanted to cancel and why. The representative told me I could use the My Verizon App on my phone to do that. I told him that I didn’t have the app installed, and didn’t want it installed! I should be able to do this via my account through their website but could not find where or how to cancel those services! (By now, I was annoyed, to say the least.)

The Rep finally gave me the question I needed… I had to click a cancellation button and was told that if I cancel, Disney+ can NEVER be added again to our account! (Doesn’t THAT terminal message sound a bit intimidating? Like another “dark pattern”?

    But then, all of a sudden, the chat service stopped working, my account froze and I had to jump onto another computer, log into my account and go through the entire thing again with a new chat representative! Arggghhhhhh! 

    To add insult to injury, the third rep told me that an “Agreement” had to be sent to the email account on record. I had to open that Agreement, read through the details and click AGREE to cancel these free services. Fortunately, this last step took only about 10 minutes. Though the rep told me “I am right here to assist you” and “let me know once you are done” I discovered that the moment I clicked “AGREE” to cancel, the online chat representative simply ghosted me!

    Altogether, I spent about an hour an 20 minutes of my day just to cancel our free Disney Plus and AMC Plus streaming services. What makes this experience even more distasteful is my guess that if I had wanted to ADD a streaming service to our account (and credit card), I could probably do that in less than 5 minutes with a few clicks. Dark pattern, indeed!

    For a LOT more information and examples of dark patterns employed across many services and businesses, check out these articles…

    Harry Brignull’s excellent website: (Check out his Wall of Shame!)

    My Conversation with a Scammer Last week, a school received an obvious phishing email sent to employees to try and trick them into purchasing gift cards to send to the scammer.  However, the scammer was pretending to be the President of a school in Iowa and didn’t change the name of his email as he tried to connect with employees at a Massachusetts school. We got hold of his request and responded with a manipulative fraud of our own! Check out the conversation…

    On Mon, Dec 26, 2022 at 2:29 PM President Nikhil Wagle <> wrote:

    Hello,do you have a moment ?

    On Mon, Dec 26, 2022 at 11:44 AM Doug wrote:

    Yes, what’s up?

    On Mon, Dec 26, 2022 at 2:48 PM President Nikhil Wagle <> wrote:

    Thanks for your response ! Here is what I want you to do for me because I am a little busy right now.  I have been working on incentive and I aimed at surprising some of our diligent staff with gift cards this week.  This should be confidential until they all have the gift card as it is a surprise and you will keep one for yourself too.Can you get this done- and how soon?

    On Mon, Dec 26, 2022 at 11:51 AM Doug wrote:

    That’s such a wonderful idea!  How much should I spend on each gift card?  And how many do you want me get in total?

    On Mon, Dec 26, 2022 at 2:58 PM President Nikhil Wagle <> wrote:

    I need 10qty of Amazon gift card $100 value on each (total $1,000) you should get them at any store  around you or online.After you get them scratch the back and take a clear pictures of each card and send to me on here.Please keep the physical cards and receipt for reference purpose.Thanks.

    On Mon, Dec 26, 2022 at 12:03 PM Doug wrote:

    This is a wonderful holiday gift idea!  I’m happy to help and will pick them up when I go out in a little while to run a few errands. Who will the gifts be going to?  I was planning to get some new year’s gifts too but perhaps we can team up and not duplicate gifts.

    On Mon, Dec 26, 2022 at 3:09 PM President Nikhil Wagle <> wrote:

    I will be glad if you can help me get them today. After you get them scratch the back and take a clear pictures of each card and send to me on here you also keep one for yourself and send the rest here so i can send them to rest diligent staff i wish to surprise.Please keep the physical cards and receipt for reference purpose

    On Mon, Dec 26, 2022 at 12:12 PM Doug wrote:

    Sure thing! Will be back in about 30-40 min. You can check in with me at that time.  Talk soon!

    On Mon, Dec 26, 2022 at 3:14 PM President Nikhil Wagle <> wrote:

    Sounds good, thanks! 

    On Mon, Dec 26, 2022 at 1:10 PM Doug wrote:

    Hello Dr. Wagle, I was only able to get you 5 gift cards to start. I’ll be headed out again later for more errands and hope to get the remainder. My 5 year old had fun scratching off the number covers!  Here are 4 of them. One more to go! Best wishes! [Doug sent him 4 images of gift cards with numbers showing that he found on the Internet, meaning that they had already been used and were worthless.]

    On Mon, Dec 26, 2022 at 4:14 PM President Nikhil Wagle <> wrote:

    Awesome, thanks! 

    On Mon, Dec 26, 2022 at 4:18 PM Doug wrote:

    Last one is attached for now. 

    [NOTE: Look carefully at the last image we sent this scammer. Can you figure out the message we delivered? This was followed by a big change in the email thread… see below.]

    On Mon, Dec 26, 2022 at 1:30 PM Doug wrote:

    I was wondering why you think it is ok to cheat and lie and scam people.

    Do you really think that your actions don’t cause people pain?  YOU are responsible for hurting other people who don’t deserve the pain you cause.

    On Mon, Dec 26, 2022 at 4:42 PM President Nikhil Wagle <> wrote:

    well i dont mean to but i need some money to pay my bills tbh because i lost already

    On Tue, Dec 27, 2022 at 1:21 PM Doug wrote:

    Why don’t you find legitimate work where you live, rather than trying to make money by hurting people through scams? Is it so hard to find work in the country you live in?

    [NOTICE in this next email that the scammer changed the NAME used in the text field!]

    On Wed, Dec 28 at 6:45 PM Principal Mrs. Cynthia Donovan <> wrote:

    yes its very hard 


    When we noticed the changed name, we looked up “Principal Mrs. Cynthia Donovan” via Google and found her to be a Principal at another school in Massachusetts.  We contacted her to say that her employees were likely going to be targeted (or had just been targeted) by this scammer!  Sadly, she informed us that her email account had been hacked.  We continued our conversation with this scammer and he told us that he lives in Nigeria and doesn’t have a job. We told him that this doesn’t make it OK to steal from people and that his actions cause pain to real people!

    We came across a couple of articles recently that felt important to share with our readers, especially the first one! Many people use a password manager app/software called LastPass. It was announced last week that LastPass suffered a serous data breach on December 12 that could impact the security of many of their user’s confidential information!  Check out this article on about this breach.  If you have used Last Pass, our recommendation is that you immediately modify every password you’ve used in LastPass and do NOT enter them into the app. Complete password changes are not likely necessary if you are clever about your modification. For example, add the word “h@cked” to your Last Pass passwords!

    Also, here is an excellent article from Sontiq on Credential Stuffing attacks. What are “credential stuffing attacks, you ask? Read the article!

    Last week’s Top Story was another installment of people with serious credibility problems.  We could not resist another such person.  This time the person in question is Mr. Raymond Nand, the Purchase/Import Manager for a company called Global Imports & Exports EST.  But Mr. Nand’s email was spoofed to make it look like it came from the very business that received it!  Also, real businesses don’t use AOL as their business emails! Except, of course, for AOL itself! Even thinking about AOL reminds us of the days when we actually had to dial-up a modem to connect to the WWW. (Dial-up Internet access was phased out in the early 2000’s. Here’s what it used to sound like to connect via phone line. Those were the days!)

      Amazon, of course! And Xfinity It shouldn’t surprise anyone that as we look back over the last month of scams, phishing emails disguised as Amazon often littered people’s inboxes!  Here are two recent examples, starting with an email that appears to have come from the Boston public radio station called We believe that email address was spoofed and not hacked.  This rotten phish was sent to exactly 100 AT&T email account holders. We know this because the scammers didn’t even bother using the BCC field to hide those email addresses! The link to “Check Now” points to a website called pxlme[.]me. Six security services identified that link as malicious.


      Break out your fog horn cans that use compressed air to let out a SUPER LOUD blast!  It’s time to spread that loud cheer by calling the scammers who want you to believe that your Apple iPhone 13 delivery is on it’s way to someone in Kansas!  Just put on your sound-silencing headphones, call these scammers at 888-809-9669, position the fog horn appropriately and push the button as soon as you hear the cheerful representative answer the phone! 

      Check out this email claiming to represent the Internet service provider, Xfinity.  The scammers misspelled the service name in the email address as “Xtinify.” The email came from a domain registered on December 11 and called munarohh[.]com and is where the fake login is located!  Lunge for the delete key!

      Order Confirmation and Surprise in Your Inbox? Noooooooo! Don’t believe these lies! What follows is malicious clickbait designed to trick YOU into infecting your device with malware.  Let’s first look at this “‘lovely” congratulatory email about your new Keurig Coffee Maker.  Except it’s not. The email appears to have come from a Community College account in Michigan and the malicious links point to a short, though not sweet, domain called antvir[.]me. According to the Zulu URL Risk Analyzer, guess what friendly, loving, cordial and caring country this malicious domain appears to be hosted in?  We’ll give you a hint… you may have to brush up on your Eastern Slavic language skills. (Answer is below.)

      Our second lovey surprise supposedly came from Kohl’s, but didn’t. You’re invited to take ANOTHER 5 minute survey about a purchase and delivery that you never received!  The links point to a crazy long malicious domain called Alkali Sere Letterman Tell One DOT-com. But hold onto your hats because you’ll immediately be redirected to another website called refforalupop[.]com that has been found to be VERY MALICIOUS! Security services say that the second website has been used for phishing scams and hosts malware on it.  Lovely.

      Fat Digits Will Harm You and Everything is About to Expire! – This email may appear to be from Amazon about your order shipped to the wrong address but this email came from a free email account at Earthlink. And the link may invite you to download the invoice but you’ll actually get plastered by nasty malware when you land on the website called phatdigits[.]com. Ouch, but yes, Homer Simpson does have phat digits!

      Apparently, everything we have is about to expire or be deactivated!  Oh, no!  Our email accounts and our passwords!  It’s a dark day, unless of course, we click those lovely links to ipfs[.]io. What the hell… we say let ‘em expire! We’re on vacation anyway!

      Package Delivery, Venmo Notice, Home Depot, Paypal, and a Winner! – So, so many bogus delivery notices! Check out this first text claiming that your package can’t be delivered “due to incorrect house number.”  The link is to the link-shortening service called Tiny URL. We used to unshorten that link and discovered that you’ll be forwarded to a malicious site called cbansjye[.]us.  It’s been our experience that 99% of websites ending with the 2-letter country code “.us”( for United States) were registered by criminals in other countries.  Swipe left!

      OK, your Venmo account has NOT been suspended but if you click that link you WILL take a journey to a server in Brazil!  (“.br” = Brazil) We love their misguided effort to speak English correctly!  Enjoy….

      Enjoy the remainder of these nasty hand grenades that landed in our reader’s smartphones. And remember, every computer device on the planet is susceptible to malware infections, including iPhones and iPads! 

      Until next week, surf safely!

      Copyright © 2022 The Daily Scam and Scamadviser. All rights reserved. You are receiving this email because you
      have subscribed to it via or

      Keurenplein 41, UNIT A6311  |  1069CD Amsterdam, The Netherlands

      Contact Webmaster