Select Page

We would love to hear your feedback

THE DAILY SCAM NEWSLETTER  |  JULY 3, 2024

Co-Founder/Content: Doug Fodeman  |  Co-Founder/Creative: David Deutsch  |  V04N21

Deceptive Online Clothing Stores Are Successful!

A couple of weeks ago we heard from a woman who had purchased clothing from an online women’s clothing store called VivienneDuvall.com. On May 15 this woman saw an advertisement for the online Vivienne Duvall store on her Facebook feed and liked what she saw. She clicked the link to visit the store and found a pair of pants that she liked, in several colors and for a great price. She picked out two pair of pants and submitted her credit card for payment. Soon after, she received a confirmation email from the site that included a statement that orders can take 10 – 15 days to ship. She also received a tracking code and link to track her order.  Our investigation took a while and we also enlisted the help of a Javascript coding expert named Louis to help us figure out if this site is legitimate or not. After all we’ve discovered, we’re sure this site is 100% deceptive! And, this bogus site led us to nine other very suspicious online women’s clothing stores as well. You may be surprised by some of the fraud we uncovered and the tricks they use to manipulate you, especially their star review system! We were surprised by how clever this deception is!

Below is a very busy graphic made from several screenshots. For example, it shows that the 10-15 day shipping policy is confirmed in their shipping policy web page.  As of June 27, it has been more than 5 weeks (40 days) and the woman still has not received her order! She has emailed the company at least twice and received replies. In their first reply they asked her to “be patient” and that it is “on the way.”  At first, we were very suspicious of this site for several reasons. For example, their domain, vivienneduvall.com, was registered only 6 months before the woman contacted us, and just 5 months before she made her purchase. That’s very young for any business. Also, the Refund Policy web page had a couple of oddities that got our attention. For example, in their refund instructions there is a random “.com” text within it.  And they claim that “customers located outside of Europe are responsible for shipping costs.”  And yet, they don’t tell you where you will be expected to return your order! In fact, they NEVER identify their location at all anywhere on their website!  

We found a number of other suspicious things on their website, in addition to the fact that everything was listed as 50% off. For example…..

    1. Their Contact page only contains an online form to fill in. There is no phone number or address for this company anywhere on the contact page, or anywhere on their website! That’s a big red flag!
    2. Under their “Help” menu they offer a link to “Tracking Order.” The link simply points to their Contact page. This is a seriously egregious error that any real company would spot and fix.
    3. On June 22 we checked their entire catalog and found only 9 items for sale! https://vivienneduvall.com/collections/all
    4. It appears that one of the images of their products listed on the VivienneDuvall.com website was found on a clothing website called Arolora.com. Arolora.com was registered in 2016, more than 8 years ago. Visit this page on Arolora about “Solid Crew Neck Long Sleeve Top” and scroll to the 4th image listed to see the same image. (See our note at the end of this article about the legitimacy of Arolora.com)

As if that wasn’t enough, we found something else that was very peculiar on one their product pages. For the product called “Asymmetric Draped Jumper” they show 864 reviews, which is an unbelievable number for a new online clothing store that sells 9 items. Moreover, we also saw “dark patterns” on the page that are intended to pressure visitors into making quick decisions to buy their products. They included statements like “selling out fast” and “sale is ending today.” And yet, we checked that product page for 7 days and each day it continued to say “sale is ending today.

     But where the craziness truly begins is when we looked at some of those 864 reviews! (Only 5 reviews display per page.) As we scrolled through page after page of reviews, we saw that the OVERWHELMING majority of these reviews are 5-star! Oddly, several of these 5-star reviews are also customer complaints!  Some of these 5-star reviews even called this website a scam! Clearly this contradictory evidence suggested that something was very suspicious about these reviews. We tried to peak under the hood and into the code that created this web page in order to learn more about these reviews but we couldn’t find the code for the reviews! It was as if the code used to create these reviews were somehow hidden or pulled in from another site. Clearly, the code that created this website was beyond our understanding. And so we contacted a very skilled man named Louis who has a degree in website coding, and specifically, expertise in Javascript. He agreed to investigate the code used to create the reviews on the VivienneDuvall.com website and what he uncovered was definitive proof that this site is a fraud!

    Here, for example, are five 5-star reviews that all say “Verified purchase.” They only show a person’s first name. Louis showed us that the code for these reviews actually comes through a website called Trustoo.io which is then posted to Shopify and subseqently pushed onto the VivienneDuvall.com website. (Trustoo.io says that they are “the best choice for shopify product reviews.” They are a legitimate business that collects and manages reviews. HOWEVER, do they use any form of oversight to prevent bulk fake reviews from being uploaded to their site and then distributed through Shopify? We think not! We can show you that most of these reviews aren’t real! Check out the code Louis found on Trustoo.io and connected to Vivienne Duval via Javascript in the screenshot below. It show’s an author “John” with an email address of “example@example.com.”  That seems suspicious, doesn’t it?

    When Louis showed us that John’s 5-star, verified review, which included some text, listed the author email as example@example.com, we were suspicious and asked Louis to find us all author reviews with that email address.  He found hundreds of them! Louis was able to backtrack from the Vivienne Duvall website to the source of these reviews on Trustoo.io. Check out the screenshot below showing the code behind more than 20 of these 5-star reviews. They all have the same email address, are 5-stars and are marked as “verified.” Supporting our contention that these are fake reviews is the fact that hundreds of them were posted on the same date, May 14, 2023. This is also interesting because the domain VivienneDuvall.com was registered on January 12, 2024! This suggests that these fake reviews posted on May 14, 2023 were uploaded and posted on other websites, then subsequently posted on Vivienne Duvall after that business was created!

    What also makes these many 5-star reviews so untrustworthy is the fact that some of them clearly show people who are unhappy with their products or the delivery of their products. Look carefully at the next screenshot below showing five 5-star reviews. A 5-star review from Robyn calls the website a scam and tells people not to buy products from it!  Our investigator Louis found that Robyn’s email was a real email address and not example@example.com.  We’ve blurred it to protect her identity.

    In fact, when Louis used his skills to search behind the scenes for the Vivienne Duvall reviews that did not have an email address of example@example.com, we found a small bunch of VERY negative reviews submitted by real people and all of them appeared to give a 5-star review along with their criticism!

    So how is it possible that VivienneDuvall.com shows HUNDREDS of 5-star, verified, bogus reviews? It appears that these reviews should be collected on Shopify and then delivered to Vivienne Duvall from the business site Trustoo.io. But Trustoo.io also shows their business customers how easy it is to import reviews on their own! (https://help.trustoo.io/detail/4)  It seems as though, the scammers who built Vivienne Duvall used this trick to import many hundreds of fake 5-star reviews AND set up their Shopify review process to assign 5-stars to all incoming subsequent reviews!

    If you would like to continue to read the ending of this story, including how we found 9 more related deceptive clothing stores, visit our new feature article about this fraud…

       https://www.thedailyscam.com/fake-online-clothing-stores/

    IMPORTANT FOOTNOTE: The woman who placed the order for 2 pair of pants at VivienneDuvall.com actually received her pants 45 days after she ordered them,  and days after filing her complaint with American Express! We still strongly believe that this company deceives consumers even though she received her order. For example, she tells us that she didn’t like the material used to make the pants, or the fit, and wants to send them back! We doubt that will be possible! She emailed the company to ask about returning it and has had no reply in the 48 hours since she sent her email. Also, oddly, her package label doesn’t show the name Vivienne Duvall. The label says that her package was shipped from Meng Zhao, 735 S. Figueroa St, Los Angeles, California 90017.  When we conducted a Google search for this name and business, we found this record on the Better Business Bureau website. It begins with an Alert stating “BBB learned this company is located in Lativa.”  This is followed by 35 Customer Reviews giving this business a 1 star rating out of 5 stars and also 63 written complaints in the last 3 years, including 9 posted this past May and June.  Reddit members have also posted some disparaging things about Meng Zhao company, including “toxic goods” that were never ordered. On SafetyHQ.com, someone posted that they ordered a wig from a site called Luvme (using this same address) and received the wrong order. Many other people are reporting incorrect items ordered and shipped, including this other post on SafetyHQ.com. Plenty of people are calling the Meng Zhao business a scam! The exact address of Meng Zhao has also been listed as the address for another website for wigs called 1DayWigs.com. The BBB gives this wig creation business an F rating! 

    The fact that we’ve now been able to connect the Vivienne Duvall business to at least 12 other shady businesses simply supports our contention that these are all likely deceptive knockoff products at best, and a form of fraud at worst! 

    Messages From FBI Director Christopher Wray, and More…

    Professional Scambaiter Rob gets hundreds of scammer’s emails every month. Surprisingly, lots of these bogus emails come from criminals pretending to be the current Director of the FBI, Christopher Wray. Rob sent us a list of 25 of their make-believe email addresses. Notice that NONE OF THEM come from the United States Government domain, fbi.gov. (ALL legitimate US Government domains end with DOT-gov) All  of these fake emails come from free email services and most use Gmail.com.  But our favorite is the last one in which the text name field says “THE REAL CHRISTOPHER A WRAY” because we’re sure that saying “REAL” will convince everyone that it’s real! However, recently one of these scammers did something we’ve never, ever seen before! In an effort to convince Rob that he was getting an email from the REALLY SUPER-REAL FBI Director. The scammer sent Rob a very short video of the Director identifying himself!  Trust us, you’re going to love it! (See below.)

    Sometimes scam artists reveal more than they intend to reveal. Such as in this wonderful email to Rob from Mr. James Scott. The email concerns properties given by “Late Mr Con Edison.”  He’s got that right! He’s a Con man, alright!

    We love celebrating those moments of idiocy when scammers make very stupid mistakes that immediately reveal their fraud! But the “reveal” is also dependent on people noticing those mistakes! Check out this screenshot of a fake bank found at the domain fgmb[.]blog. This absurd domain pretends to be the Federal Reserve Bank but look how the scammers spelled Federal! The ridiculous domain used for this fraud, fgmb[.]blog, was registered May 27, 2024! By contrast, the REAL Federal Reserve Bank uses FederalReserve.gov and it was registered in 1998!

    Here’s yet another reminder how low scammers will go in their effort to steal your money. The scammer who sent this bogus story stole photos posted online, including one from a woman who had just completed major TMJ surgery. Check out this post on Pinterest from a woman named Piper Lucio. It appears that scammers stole her photo, and another photo as well. They then claimed to be on death’s doorstep, disguised as a woman named Rose Morgan. Apparently, poor Rose is looking for someone to manage her bank accounts and give away money. Of course, under these terrible circumstances, Rose decides to randomly select some stranger across the Internet to help her with these financial decisions. That makes total sense, right? (Although, it is a bit odd that Rose appears to have two different faces in those 2 photos.)

    Just a few days ago one of our readers shared an article with us that we strongly recommend to all business owners. Scammers can be very clever! A woman didn’t notice that a businessman she worked with in India suddenly had his email address changed by a single character. Missing that tiny change cost her dearly!

    Read: A small business in Great Barringtom, Massachusetts was recently defrauded out of nearly $40K.

    Remember to check out our monthly podcast series!

    https://www.securewon.com/resources/podcasts/

    Robinhood Financial Services

    Just about 2 weeks ago we were contacted by a Mom concerning an email her young adult son received. The mother asked us if we were aware of this type of phishing fraud. Quite honestly, we had never even heard of the service called “Robinhood.” Apparently, Robinhood Market Services is an online investment service. The woman’s son had opened an account a long time ago but never used it, according to the mother. She did mention that a friend of her son’s has an “active account.” So when her son got the email below, both he and the friend looked carefully at it to determine if it was legitimate or not. They concluded it was a phishing fraud! We hope you would come to that same conclusion!

    The link in this phishing fraud actually points to a service registered in Germany (“.de” = Deutschland) that generates QR codes and has a very bad reputation. QRCO[.]de has been found to be connected to malware and phishing threats often. Trustpilot gives this service a 1.4 rating out of 5 stars…

       https://www.ipqualityscore.com/domain-reputation/qrco.de

       https://www.trustpilot.com/review/qrco.de

    Remember to report your smelly phish to us and Google! https://safebrowsing.google.com/safebrowsing/report_phish/

    Energy Savings!

    There is a cybercriminal gang, whom we believe is based in India, and responsible for this malicious clickbait. These criminals routinely steal the logos and information from real companies and create these deadly bear traps. This email claims to be from the service Energy Bill Cruncher but was sent from a domain that has no content and was registered in Iceland through Namecheap about seven months ago and called neglectnetwork[.]com.  The links in this clickbait, including lots of “white space,” point to a website called wholetirestumble[.]com. But that’s not your final destination! You’ll be forwarded on to the real website energybillcruncher.com. Our experience has taught us that this means you’ll be hit with malware at wholetirestumble[.]com before being sent to the website you expect to visit.

      We want to raise awareness with our readers that some cybercriminals are relying heavily on known link-shortening services to hide their malicious destinations in clickbait.  The two services we’ve seen misused most often are Bit.ly and TinyURL.com. Below are two recent examples. The first concerns weight loss and the second pretends to be a rewards survey from Mariott Hotels. Both emails redirect visitors to websites connected to the European Union but using Cloudflare hosting services.

      Court Order to be Signed

      One of our longtime readers received the email below claiming to require his signature for a court ordered document. But the email came from a server in Japan! The attached pdf file had a QR code in it and was extremely dangerous to scan! We determined that the QR code was designed to send your web browser to  malware sitting on a newly registered website called fit-session[.]xyz! (After being hit with malware, that site will redirect you to Google, where you’ll scratch your head and wonder what happened.) Never, ever, scan QR codes that arrive in unsolicited emails with attached pdf files! Especially if those emails come from suspicious email sources.

      Beware of Texts Disguised as Various Toll/Parking Services and Package Delivery Problems

      There has been a sudden appearance of random texts sent to people in different states that are disguised as various toll services, parking services and other related systems that cities and states use to bill residents for auto travel and parking. On May 1, we reported this fraud targeting residents of Florida and Ohio. On May 8, we even reported it for residents in New Zealand. Last week we heard from a friend in New York who got the bogus text below claiming to represent New York City. The text contained a link to nycitypay[.]com. This fake domain was registered a few days ago on June 27, and is hosted on a server in Burgas, Bulgaria! The REAL New York City website used to pay parking tolls is on nyc.gov: ​​https://www.nyc.gov/site/finance/pay-now/pay.page !

      Also, on June 23, a Reddit member named “Ace1047” posted this bogus text that he received about the San Francisco Bay Area Fast Track Services. It is NO coincidence that this fraudulent domain, bayareafastrackservices.com, was registered on June 22 and is also hosted on a server in Burgas, Bulgaria! The same cybercriminal group is likely sending both of these malicious texts, and perhaps the others as well.  The REAL Bay Area Fast Track Service uses the domain bayareafastrak.org and on their website they have posted a warning saying “Fastrack does not request payment by text with a link to a website.”

      In the second half of 2023, texts disguised as problems with package deliveries had exploded onto the phones of tens of thousands of people! In early 2024 they practically disappeared, but now they may be coming back again. Beware of these bogus texts! The United States Postal Service uses the website usps.com and doesn’t send you texts from a free Gmail account!

      Until next week, surf safely!

      Copyright © 2024 The Daily Scam. All rights reserved.
      You are receiving this email because you have subscribed to thedailyscam.com

      Marblehead, MA 01945

      Contact Webmaster