Weekly Alert | July 12, 2023
Enjoy a Laugh at Scammers! — Low-life scammers cause so much financial harm (many BILLIONS of dollars per year) and they often cause a great deal of emotional pain for the victims they target. Over the last decade, we’ve heard from many victims who’ve suffered terribly by these sub-human sleaze-bags as they hurt others just to earn money! And, as we’ve said before, we learned of 3 young men who committed suicide because they believed a scam targeting them was real. And so we wanted to just take a moment this week to enjoy a smile and perhaps a laugh, at some scams that didn’t go quite as the scammers had wanted. Enjoy the good feelings these may bring…
TheDailyScam.com clearly has a problem with it’s email system! We get emails almost every week telling us about the various problems that our accounts have, such as this recent email telling us that our email system has “logs waring!!!” We tried to imagine waring logs after seeing that subject line, and before opening this email, in order to prepare ourselves for what might come next! Sadly, we couldn’t. We thought this email was likely another not-so-clever phishing scam but it turned out to be a malware trap! Check out the details in the screenshot below….
First of all, the link to “please sign in” in the above email did NOT point to thedailyscam.com! It pointed to a very malicious website that was found to have malware lying in wait, like a bear trap! And oddly, after landing on that bear trap, we were to be redirected to a National Institute of Mental Health government website in Vietnam! Hmmm….that sounds like the joke was supposed to be on us! So we were very happy to turn this scam upside down. No doubt, you noticed that the email above was not sent to us from thedailyscam.com. It was sent from the generic email service at customerservice[.]com. This domain has a single webpage on it that says “Coming Soon.” This is hysterical to us because we discovered that customerservice[.]com was registered back in the Pleistocene Ages of the Internet…..in 1998! And their website STILL isn’t done!! However, this fact does feel kind of like many calls we’ve had to consumer customer services. You know, the ones where you’re on hold and the auto–message says that your wait-time is one hour and 45 minutes!
This next helpful email had us leaping to our feet! But instead of panicking, we launched into an old man’s version of The Macarena! You know, like this guy or this other guy (who will appear 25 seconds into this video). The email was an “Account Cancellation Request” concerning our very important account called “feedback.” What made THIS particular fraud so shocking were two very clever tricks used by the scammers who sent it. For the first trick, the email actually appeared to come from our website at thedailyscam.com. This is called “Email Spoofing” and requires a skilled scammer to pull it off.( Learn more about email spoofing at Cybernews.com!) Hmmm…obviously the feedback we received from this email was less than stellar. We were now faced with a request to CANCEL our feedback email account!
Oh dear, what to do! We did notice, however, that when we moused-over the red link to cancel this request, it pointed to a well known malicious website at dweb[.]link, and not to our site. When we used Screenshotmachine.com to take a picture of “our” login, we discovered clever trick #2. The phishing website looks at the domain found in your email address buried in the link and takes it picture of it. The phishing website then pastes that picture on their website and presents you with a login screen! It therefore looks like you could be logging into YOUR WEBSITE!
This was some very clever coding! We decided to have a little fun with it, AND use it in more appropriate ways. So we changed the email address from feedback @ TDS, to….
I-am-a-scammer@ cat-bounce[.]com (Yes, “cat bounce” is a real website. Go ahead and waste your time.)
and
I-am-a-lowlife @ papertoilet[.]com (“toilet paper” is EXACTLY what is needed to apply to $%ity people like scammers!)
In both instances, the coding at dweb[.]link gave us a screenshot and login window that was fake and funny!
And finally, to close out this week’s Top Story, we wanted to leave all men over 40 with an important lesson about their health. According to this informative email sent to us in mid-June by a reader, and from “Prostate Solutions,” you could have a “ticking time bomb in your pants.” That’s right. A ticking time bomb! If you read the content of this email, we’re sure that you’ll agree with us… The sender should do stand-up comedy and stay out of medical alerts. But never mind that judgment, look at the link that appeared when we moused over it…
The link in the above clickbait pointed to the link-shortening service at Twitter. Although, we’re a bit confused about this point because when we conducted a Google search using Firefox for the domain t.co, Google told us two things that make no sense (take a look at the screenshot!)
- Twitter uses the t.co domain “to protect users from harmful activity.” NOW THAT’S FUNNY!
- Why does Google display the word “Facebook” above the actual link, and next to the logo for Twitter? Although, given Elon Musks behavior since buying Twitter, anything should be expected! (Enjoy these best jokes about Elon Musk.)
Of course we used Sucuri.net’s security tool to evaluate the risks associated with that Twitter link. And that result gave us the punch line for this week’s Top Story! You see, we learned that, had we clicked that link to learn more about the “ticking time bomb” between our legs, we would have been forwarded to a VERY malicious website with malware, krakens, demons, werewolves and a goblin or two, lying in wait. And, you ask, what is the name of this VERY dangerous website? It is called “Flow Like A Gorilla DOT-com.” (We don’t make this stuff up, people!)
Top Scams of the Week — Weekly scams of the week: Amazon, USPS, Costco, FedEx, and buyKOREA. Can you spot all these scams? Check out and protect yourself with this 100% FREE, all-in-one tool.
On July 7, a woman posted on a neighborhood site in Nextdoor.com….”Scammer!! Yesterday I read a post on here. A women was asking for money via a gofundme page. She stated her dog needed emergency surgery. I did see that several people donated. I asked if she would give the Vet’s name or show a receipt or invoice. I looked for the post today and it has been deleted. I couldn’t find the gofundme page either today. I feel bad for those who gave to this scammer. As it clearly was a scam. Mean people suck. It ruins it for people who have a legit reason for a gofundme page. Please ask questions, ask for invoices etc… Please people due diligence before just handing over your hard earned cash.” Though we do not have the original GoFundMe post made by the woman who claimed to own a dog in need of surgery, we think that this July 7 post makes a very valid point. It is so easy to deceive others online and over the phone, especially now that scammers are making greater use of AI tools and deep fake images/videos. And so we ask readers to please do your DUE DILIGENCE to ask questions and evaluate nonprofits and people, BEFORE you make a donation to any cause!
This recent article on CNN concerns “fake reviews.” The FTC wants to make it harder for scammers AND even legitimate marketers from “gaming” product reviews in their favor. Did you know that Amazon reviews cannot always be trusted? We wrote about this fact, and a unique website used to expose suspicious reviews, in our June 15, 2022 newsletter. (Top Story, “Reason #2”)
Sextortion scams were a popular method of operation used by cybercriminals for several years, mostly from about 2016 – 2021. Thankfully, these types of scams have dropped off significantly. (Perhaps early COVID killed off many of the scammers who specialized in this fraud? One can only hope.) However, we want to remind our readers that these scams are still used to target people. In the last two weeks we saw two different samples. A few days ago we received the following report from a young man. These are his words, and yes, this was 100% a scam which we’ve documented nearly a 950 times before! The “MO” was classic for this scam…
“I regularly drive through a variety of states for work. I was in Louisville, Kentucky when I matched with a guy on Tinder (his profile asserted his age was 20). The guy with the name “Zach” (843-427-0454) exchanged a few messages with me on Tinder before suggesting we continue the conversation via text, which I thought was odd since most people tend to want to pivot to SnapChat. I also found it odd that his Tinder profile did not display his distance from me (which is usually a feature of premium members of the dating service, but those members are usually identified as Tinder gold members on their profiles). Nonetheless, I complied and provided my phone number. We chatted via text for a bit before the conversation became very sexual in nature. He eventually sent an explicit picture of himself and requested a in-kind response. Like a fool, I did. Considering I was traveling and would never actually be able to meet this person, I figured what’s the harm? He then asked me what kind of video he should send me in response; I told him no video was necessary. There was radio silence until then next morning after I had left the state. I received 3 rapid phone calls from a random number with a Louisville area code (502-483-4991). [TDS NOTE: Oddly, this number shows up in Google as belonging to a Louisville female ‘escort’] My phone is set to automatically reject calls from numbers not in my contacts. So I never answered any of the phone calls and no voicemails were left, but then received a text message from this number. The messaged read “ [My full name] this is Sgt. David Matthews with the Louisville Police Department. Please give me a call back here. Thank you.” Naturally, I became quite anxious and began researching. I found no “David Matthews” in the Louisville Metro Police Department. The phone number did not match closely with any phone numbers on the department directory. I looked into the phone number itself and found that it was from Eminence KY. I thought to myself I guess it’s possible that a detective lived in the suburbs of Louisville and was using his cell phone to contact me, but this is usually not how police operate. Hours later, I received a phone call from a different number (803-229-0625) which was automatically rejected (no VM) and then a text. [TDS NOTE: Google shows this number as belonging to a man’s name with an arrest record! We hope FBI/Police read our newsletter!] The texter identified himself as the “Father” and the text read “I’m going to suggest you call me and explain what in the hell is going on between you and my 16 year old son Zachary.” The person “Zach” did state on his profile that he moved to Louisville, Kentucky from South Carolina, but I found it strange that his area code was different from that of the “Father” considering he would likely be on the same plan as his father. But then I figured it was possible they obtained their phone numbers at different locations within South Carolina. I never interacted with the “officer” nor the “father,” instead I blocked all of the numbers and operated under the assumption that only time would tell if this was really happening and the police would be at my door soon if I had in fact done something wrong. Of course, I was a nervous wreck the rest of the day and did a deep dive on Google. I found your website and it provided some relief from the fear that was weighing on me. Though my story had a different sequence of events, it sounds very similar. I just wanted to share my story to let people know that this nearly decade old scam is still alive and well in 2023. Be careful out there.”
Be careful, indeed! The second scam targeted us! There was a time when we were getting these multiple times per week, for months! We know this form of extortion is complete nonsense, but there are some people who think these criminals really DO POSSESS embarrassing videos/photos of you! Don’t believe this junk! There is NO PROOF! If it were true, why not just send a photo to prove it? Yeah, like we said….
Scamadvisor did some great collaborations with PissedConsumer.com recently, and we wanted to share these with our readers. PissedConsumer.com is a consumer advocacy website and a good resource to check out! Read…
- “The Power of Consumer Voice – Why Your Feedback Matters”
- “From Victim to Victor: 10 Expert Strategies When You’ve Been Scammed”
And last, but by no means least…. Please check out this excellent interview with the Head of ScamAdviser, our friend and collaborator, Jorij! He talks about the latest scams to watch out for!
Amazon Payment, U.S. Bank, and Geek Squad Again! — This email certainly didn’t come from Amazon.com and the link points to a crap domain called clothies[.]store. That tells you everything you need to know about this smelly carp. However, when we followed the link to the phishing site, we saw a well crafted login that looked exactly like the login window at Amazon.
Members of U.S. Bank are being targeted by phishermen. What a surprise? It’s pretty darn easy to predict, as well as look up in Google, that the REAL U.S. Bank website is USBank.com. Check out this lovely wolf in sheep’s clothing that came from a server in South Korea! (Look at the 2-letter country code at the end of the email address and then look it up on this Wikipedia table.) This is NOT a US Bank email!
Deeeeeleeeete!
We feel badly for Geek Squad. Our readers have been HAMMERED by lots of phishing emails disguised as invoices for Geek Squad services. You’re told that the cost will be taken out of your account for “auto-renewal” in the next 24 hours…. Unless, of course, you call them to stop the charge. NEVER call these scam numbers! UNLESS, you have your noise-canceling headphones on and your Air Horn can at the ready!
Fake Websites That Don’t Deserve Your Money! — There are many people who think that every website they see online is real and legitimate. Many types of fraudsters depend on it! It is so easy to purchase a domain name, a website design and hosting service and then POW! A few hours later, you’ve got a whole robust website that looks real! Here are a few lovely examples we’ve seen, starting with one that made us do a double-take. It is a website for a company called Baxtravet Agric – a leading provider of innovative and high-quality agricultural veterinary medicines. We loved the fact that its been in business for 14 years, though it’s domain was registered less than 2 months ago. Oh, that and the fact that Frank Sinatra is the Manager. It’s nice to see his memory lives on…. online.
And we’re guessing that you won’t be surprised when we tell you that the address this Veterinary Medicine company lists in their contact information shows NO LISTING for this company in a Google search. Or that their phone number turns up 2 other FAKE websites: AmazonVetAgric[.]com and BaxtraVetAgric[.]com. Our good friends at Scamadviser show these other sites as untrustworthy or suspicious!
Another wonderful website is GlobalXBusiness[.]com. Their website says they’ve been in business since 1987. Why is it, then, that their website was registered in Brazil in March, 2019? Scamadviser says they are very suspicious. We agree! They came to our attention when a company recently reported this email to us as a fraud. The “DocuSign” link did NOT point to docusign.com. In fact, the link contained a hidden redirect to a file buried on GlobalXBusiness[.]com! We do NOT recommend visiting this global business website! Other online services are also calling it a very suspicious website and not to be trusted.
Our final website is the Fairway Trust Corporation, self-described as a “World Class Finance and Investment Company.” Found at fairwaytrustcorporation[.]com. This is pretty impressive for a company just registered in March of this year! But that aside, check out how expert their English grammar is on this content found on their “About” page. Also take a look at the very happy faces of the 3 investors listed as references on the same “About” page!
Pictures to You… — One of our readers sent us the screenshot below of an email that appeared to have come from her relative named “Roni.” Apparently, Roni’s email contact list had been hacked and all of her friends and relatives have been getting VERY malicious clickbait emails in her name. This one actually came from an email address using a public university account in Mexico called: aldamamarco21 “@” comunidad.unam.mx
The link in this email points to a domain, wettln[.]com, that was registered just hours earlier in Iceland, using the Registrar called Namecheap. We ALL KNOW what that means! Lunge for the delete key!
I’ll See You Tomorrow and Bitcoin Account Set Up Codes — Last week, Doug at TDS received a lovely text message accidentally sent to him by a 36-year old woman named Cindy. Cindy was quick to point out that, after he claimed to be 45 years old (a lie), their age difference would not “affect our friendships.” However, the conversation ended very quickly once Doug told Cindy what he did for his professional work! Enjoy!
BitMart is another cryptocurrency exchange site. Imagine how disturbing it could be if you had an account with this site and, at about 3 AM, your phone received 2 verification codes as if someone were trying to get into your account?! But the TDS reader who got these, and sent them to us, didn’t have any cryptocurrency account with BitMart, or anywhere else! Moreover, a quick search for the 2 different phone numbers these texts came from show no connection whatsoever to BitMart! Hmmmm….best to block the numbers and delete!
Until next week, surf safely!
Copyright © 2023 The Daily Scam and Scamadviser. All rights reserved. You are receiving this email because you
have subscribed to it via Scamadviser.com or thedailyscam.com
Keurenplein 41, UNIT A6311 | 1069CD Amsterdam, The Netherlands